🛡 Cybersecurity & Privacy 🛡 - News

Vulnerabilities & Threats recent news | Dark Reading

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

224 views22:34

🕴 Cyber-Risks Explode With Move to Telehealth Services 🕴

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

📖 Read

via "Dark Reading: ".

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

267 views22:34

ATENTION‼ New - CVE-2014-1420

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.

📖 Read

via "National Vulnerability Database".

275 views05:55

🕴 Fraud Prevention During the Pandemic 🕴

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

📖 Read

via "Dark Reading: ".

Fraud Prevention During the Pandemic

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

279 views14:34

Initial access brokers, scam domain names, and Brazil's new data protection law - catch up on the week's news with the Friday Five.

🔏 Friday Five 9/11 🔏

Initial access brokers, scam domain names, and Brazil's new data protection law - catch up on the week's news with the Friday Five.

📖 Read

via "Subscriber Blog RSS Feed ".

Digital Guardian

Friday Five 9/11

260 views15:47

Serious Security: Hacking Windows passwords via your wallpaper

⚠ Serious Security: Hacking Windows passwords via your wallpaper ⚠

Themes and wallpapers - how dangerous can they really be?

📖 Read

via "Naked Security".

Naked Security

Themes and wallpapers – how dangerous can they really be?

240 views16:33

🕴 Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time 🕴

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.

📖 Read

via "Dark Reading: ".

Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.

207 views16:34

ATENTION‼ New - CVE-2018-19948

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

📖 Read

via "National Vulnerability Database".

198 views16:55

ATENTION‼ New - CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

📖 Read

via "National Vulnerability Database".

198 views16:55

ATENTION‼ New - CVE-2018-19946

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

📖 Read

via "National Vulnerability Database".

197 views16:55

WordPress Plugin Flaw Allows Attackers to Forge Emails

❌ WordPress Plugin Flaw Allows Attackers to Forge Emails ❌

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

📖 Read

via "Threatpost".

Threat Post

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

202 views17:09

🔐 Microsoft detects wave of cyberattacks two months before US presidential election 🔐

Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.

📖 Read

via "Security on TechRepublic".

203 views17:49

🔐 How to limit file upload size on NGINX to mitigate DoS attacks 🔐

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.

📖 Read

via "Security on TechRepublic".

How to limit file upload size on NGINX to mitigate DoS attacks

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.

187 views18:49

🔐 How to patch CentOS against BootHole 🔐

If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.

📖 Read

via "Security on TechRepublic".

How to patch CentOS against BootHole

If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.

188 views18:49

🔐 How to hide files from any file manager on the Linux desktop 🔐

Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.

📖 Read

via "Security on TechRepublic".

How to hide files from any file manager on the Linux desktop

Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.

190 views18:49

🔐 22 cybersecurity courses for aspiring and in-demand IT security pros 🔐

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

📖 Read

via "Security on TechRepublic".

22 cybersecurity courses for aspiring and in-demand IT security pros

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

213 views19:49

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

❌ It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure ❌

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.

📖 Read

via "Threatpost".

Threat Post

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.

194 views20:09

🕴 Ransomware Hits US District Court in Louisiana 🕴

The ransomware attack has exposed internal documents from the court and knocked its website offline.

📖 Read

via "Dark Reading: ".

Ransomware Hits US District Court in Louisiana

The ransomware attack has exposed internal documents from the court and knocked its website offline.

196 views20:34

🕴 APT Groups Set Sights on Linux Targets: Inside the Trend 🕴

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.

📖 Read

via "Dark Reading: ".

APT Groups Set Sights on Linux Targets: Inside the Trend

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.

202 views20:34

🕴 3 Secure Moments: A Tranquil Trio of Security Haiku 🕴

Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.)

📖 Read

via "Dark Reading: ".

3 Secure Moments: A Tranquil Trio of Security Haiku

Placid poems to quiet the infosec pros harried mind. (Or placid, by infosec standards.)

208 views20:34