π΄ Facebook Announces Formal Vulnerability Disclosure Policy for Third-Party Bugs π΄
π Read
via "Dark Reading: ".
The social media giant has also launched a new website for sharing information on WhatsApp security.π Read
via "Dark Reading: ".
Dark Reading
Facebook Announces Formal Vulnerability Disclosure Policy for Third-Party Bugs
The social media giant has also launched a new website for sharing information on WhatsApp security.
π How project managers can help companies better navigate security risks from COVID-19 π
π Read
via "Security on TechRepublic".
Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.π Read
via "Security on TechRepublic".
TechRepublic
How project managers can help companies better navigate security risks from COVID-19
Social distancing and remote working during COVID-19 have increased cybersecurity risks for companies worldwide, increasing the need for project managers to work on more security-related efforts.
ATENTIONβΌ New - CVE-2019-11928
π Read
via "National Vulnerability Database".
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.π Read
via "National Vulnerability Database".
π΄ The Hidden Costs of Losing Security Talent π΄
π Read
via "Dark Reading: ".
One person's exit can set off a chain of costly events.π Read
via "Dark Reading: ".
Dark Reading
The Hidden Costs of Losing Security Talent
One person's exit can set off a chain of costly events.
β India Blocks High-Profile Chinese Apps on Political, Privacy Concerns β
π Read
via "Threatpost".
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.π Read
via "Threatpost".
Threat Post
India Blocks High-Profile Chinese Apps on Political, Privacy Concerns
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
ATENTIONβΌ New - CVE-2020-12248
π Read
via "National Vulnerability Database".
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12247
π Read
via "National Vulnerability Database".
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11493
π Read
via "National Vulnerability Database".
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.π Read
via "National Vulnerability Database".
β WhatsApp Discloses 6 Bugs via Dedicated Security Site β
π Read
via "Threatpost".
The company also committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.π Read
via "Threatpost".
Threat Post
WhatsApp Discloses 6 Bugs via Dedicated Security Site
The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
π Friday Five 9/4 π
π Read
via "Subscriber Blog RSS Feed ".
Owning an "OG" email account, lessons from the Garmin ransomware attack, and Emotet's new 'Red Dawn' attachment - catch up on the weekβs news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 9/4
Owning an "OG" email account, lessons from the Garmin ransomware attack, and Emotet's new 'Red Dawn' attachment - catch up on the weekβs news with the Friday Five.
β Phishing tricks β the Top Ten Treacheries of 2020 β
π Read
via "Naked Security".
Here's the Top Ten - or perhaps we mean The Worst Ten. How many would you fall for?π Read
via "Naked Security".
Naked Security
Phishing tricks β the Top Ten Treacheries of 2020
Hereβs the Top Ten β or perhaps we mean The Worst Ten. How many would you fall for?
π΄ The Hidden Security Risks of Business Applications π΄
π Read
via "Dark Reading: ".
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.π Read
via "Dark Reading: ".
Dark Reading
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
π Phishing attack baits victims by promising access to quarantined emails π
π Read
via "Security on TechRepublic".
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.π Read
via "Security on TechRepublic".
TechRepublic
Phishing attack baits victims by promising access to quarantined emails
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.
ATENTIONβΌ New - CVE-2019-3881
π Read
via "National Vulnerability Database".
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.π Read
via "National Vulnerability Database".
β Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites β
π Read
via "Threatpost".
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.π Read
via "Threatpost".
Threat Post
Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
π΄ Strategic Cyber Warfare Heats Up π΄
π Read
via "Dark Reading: ".
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.π Read
via "Dark Reading: ".
Dark Reading
Strategic Cyber Warfare Heats Up
It's anything goes, according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
π New Python-based trojan targets financial tech firms to steal sensitive data π
π Read
via "Security on TechRepublic".
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.π Read
via "Security on TechRepublic".
TechRepublic
New Python-based trojan targets financial tech firms to steal sensitive data
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
β Facebook Debuts Third-Party Vulnerability Disclosure Policy β
π Read
via "Threatpost".
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.π Read
via "Threatpost".
Threat Post
Facebook Debuts Third-Party Vulnerability Disclosure Policy
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
β Vulnerability Disclosure: Ethical Hackers Seek Best Practices β
π Read
via "Threatpost".
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.π Read
via "Threatpost".
Threat Post
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
π΄ Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook π΄
π Read
via "Dark Reading: ".
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.π Read
via "Dark Reading: ".
Dark Reading
Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
π΄ Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests π΄
π Read
via "Dark Reading: ".
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.π Read
via "Dark Reading: ".
Dark Reading
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.