ATENTIONβΌ New - CVE-2020-11493
π Read
via "National Vulnerability Database".
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.π Read
via "National Vulnerability Database".
β WhatsApp Discloses 6 Bugs via Dedicated Security Site β
π Read
via "Threatpost".
The company also committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.π Read
via "Threatpost".
Threat Post
WhatsApp Discloses 6 Bugs via Dedicated Security Site
The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
π Friday Five 9/4 π
π Read
via "Subscriber Blog RSS Feed ".
Owning an "OG" email account, lessons from the Garmin ransomware attack, and Emotet's new 'Red Dawn' attachment - catch up on the weekβs news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 9/4
Owning an "OG" email account, lessons from the Garmin ransomware attack, and Emotet's new 'Red Dawn' attachment - catch up on the weekβs news with the Friday Five.
β Phishing tricks β the Top Ten Treacheries of 2020 β
π Read
via "Naked Security".
Here's the Top Ten - or perhaps we mean The Worst Ten. How many would you fall for?π Read
via "Naked Security".
Naked Security
Phishing tricks β the Top Ten Treacheries of 2020
Hereβs the Top Ten β or perhaps we mean The Worst Ten. How many would you fall for?
π΄ The Hidden Security Risks of Business Applications π΄
π Read
via "Dark Reading: ".
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.π Read
via "Dark Reading: ".
Dark Reading
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
π Phishing attack baits victims by promising access to quarantined emails π
π Read
via "Security on TechRepublic".
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.π Read
via "Security on TechRepublic".
TechRepublic
Phishing attack baits victims by promising access to quarantined emails
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.
ATENTIONβΌ New - CVE-2019-3881
π Read
via "National Vulnerability Database".
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.π Read
via "National Vulnerability Database".
β Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites β
π Read
via "Threatpost".
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.π Read
via "Threatpost".
Threat Post
Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
π΄ Strategic Cyber Warfare Heats Up π΄
π Read
via "Dark Reading: ".
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.π Read
via "Dark Reading: ".
Dark Reading
Strategic Cyber Warfare Heats Up
It's anything goes, according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
π New Python-based trojan targets financial tech firms to steal sensitive data π
π Read
via "Security on TechRepublic".
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.π Read
via "Security on TechRepublic".
TechRepublic
New Python-based trojan targets financial tech firms to steal sensitive data
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
β Facebook Debuts Third-Party Vulnerability Disclosure Policy β
π Read
via "Threatpost".
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.π Read
via "Threatpost".
Threat Post
Facebook Debuts Third-Party Vulnerability Disclosure Policy
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
β Vulnerability Disclosure: Ethical Hackers Seek Best Practices β
π Read
via "Threatpost".
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.π Read
via "Threatpost".
Threat Post
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
π΄ Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook π΄
π Read
via "Dark Reading: ".
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.π Read
via "Dark Reading: ".
Dark Reading
Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
π΄ Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests π΄
π Read
via "Dark Reading: ".
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.π Read
via "Dark Reading: ".
Dark Reading
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
β Social Media: Thwarting The Phishing-Data Goldmine β
π Read
via "Threatpost".
Cybercriminals can use social media in many ways in order to trick employees.π Read
via "Threatpost".
Threat Post
Social Media: Thwarting The Phishing-Data Goldmine
Cybercriminals can use social media in many ways in order to trick employees.
π΄ Warner Music Group Admits Breach π΄
π Read
via "Dark Reading: ".
The months-long breach hit financial details for customers.π Read
via "Dark Reading: ".
Dark Reading
Warner Music Group Admits Breach
The months-long breach hit financial details for customers.
π Qualcomm unveils new Snapdragon processor to power 5G computers π
π Read
via "Security on TechRepublic".
The Snapdragon 8cx Gen 2 5G chip is designed to bring 5G to commercial and consumer Always On, Always Connected PCs. The processor supports Wi-Fi 6 and offers productivity and security benefits.π Read
via "Security on TechRepublic".
TechRepublic
Qualcomm unveils new Snapdragon processor to power 5G computers
The Snapdragon 8cx Gen 2 5G chip is designed to bring 5G to commercial and consumer Always On, Always Connected PCs. The processor supports Wi-Fi 6 and offers productivity and security benefits.
π What SMBs and startups can learn from securing a presidential campaign π
π Read
via "Security on TechRepublic".
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.π Read
via "Security on TechRepublic".
TechRepublic
What SMBs and startups can learn from securing a presidential campaign
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
π What SMBs and startups can learn from securing a presidential campaign π
π Read
via "Security on TechRepublic".
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.π Read
via "Security on TechRepublic".
TechRepublic
What SMBs and startups can learn from securing a presidential campaign
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
π΄ Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook π΄
π Read
via "Dark Reading: ".
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.π Read
via "Dark Reading: ".
Dark Reading
Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
π How to move Google Authenticator from one iPhone or Android device to another π
π Read
via "Security on TechRepublic".
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.π Read
via "Security on TechRepublic".
TechRepublic
How to move Google Authenticator from one iPhone or Android device to another
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.