ATENTIONβΌ New - CVE-2016-0750
π Read
via "National Vulnerability Database".
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.π Read
via "National Vulnerability Database".
π Why higher education is one of the worst industries at handling cyberattacks π
π Read
via "Security on TechRepublic".
Some 73% of institutions took three or more days to apply patches for cyberthreats, according to a recent EfficientIP report.π Read
via "Security on TechRepublic".
TechRepublic
Why higher education is one of the worst industries at handling cyberattacks
Some 73% of institutions took three or more days to apply patches for cyberthreats, according to a recent EfficientIP report.
β’ Online security 101: Tips for protecting your privacy from hackers and spies β’
π Read
via "Latest topics for ZDNet in Security".
This simple advice will help to protect you against hackers and government surveillance.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Cybersecurity 101: Protect your privacy from hackers, spies, and the government | ZDNet
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
β Adobe Patches Six Critical Flaws in ColdFusion β
π Read
via "The first stop for security news | Threatpost ".
Adobe issued fixes for versions of its ColdFusion web development platform - including six critical flaws.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Adobe Patches Six Critical Flaws in ColdFusion
Adobe issued fixes for versions of its ColdFusion web development platform - including six critical flaws.
π΄ 4 Practical Measures to Improve Election Security Now π΄
π Read
via "Dark Reading: ".
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.π Read
via "Dark Reading: ".
Darkreading
4 Practical Measures to Improve Election Security Now
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
β’ First IoT security bill reaches governor's desk in California β’
π Read
via "Latest topics for ZDNet in Security".
California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."π Read
via "Latest topics for ZDNet in Security".
ZDNet
First IoT security bill reaches governor's desk in California | ZDNet
California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."
π΄ British Airways Breach Linked to Ticketmaster Breach Attackers π΄
π Read
via "Dark Reading: ".
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.π Read
via "Dark Reading: ".
Dark Reading
British Airways Breach Linked to Ticketmaster Breach Attackers
Magecart attackers hit airline with the same digital skimmers they used on the entertainment company in June, researchers say.
ATENTIONβΌ New - CVE-2016-7066
π Read
via "National Vulnerability Database".
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitary operations.π Read
via "National Vulnerability Database".
β Drive away a Tesla today (even if it isnβt yours) β
π Read
via "Naked Security".
Raspberry Pi's processing power versus Tesla's Model X cryptography - victory for the little guy!π Read
via "Naked Security".
Naked Security
Drive away a Tesla today (even if it isnβt yours)
Raspberry Piβs processing power versus Teslaβs Model S cryptography β victory for the little guy!
ATENTIONβΌ New - CVE-2016-0715
π Read
via "National Vulnerability Database".
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.π Read
via "National Vulnerability Database".
π΄ The Key to Stealing a Tesla Model S π΄
π Read
via "Dark Reading: ".
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.π Read
via "Dark Reading: ".
Dark Reading
The Key to Stealing a Tesla Model S
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
β Millions of Records Exposed in Veeam Misconfigured Server β
π Read
via "The first stop for security news | Threatpost ".
Exposed data included names, emails addresses and IP addresses.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Millions of Records Exposed in Veeam Misconfigured Server
Exposed data included names, emails addresses and IP addresses.
β Bad Actors Sizing Up Systems Via Lightweight Recon Malware β
π Read
via "The first stop for security news | Threatpost ".
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Bad Actors Sizing Up Systems Via Lightweight Recon Malware
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.
π Here's what happens during a social engineering cyber-attack π
π Read
via "Security on TechRepublic".
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.π Read
via "Security on TechRepublic".
TechRepublic
Here's what happens during a social engineering cyber-attack
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.
β’ Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates β’
π Read
via "Latest topics for ZDNet in Security".
Microsoft engineers patch 62 vulnerabilities, including 17 rated 'Critical'π Read
via "Latest topics for ZDNet in Security".
ZDNET
Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates
Microsoft engineers patch 62 vulnerabilities, including 17 rated 'Critical'
π΄ Mirai, Gafgyt Botnets Resurface with New Tricks π΄
π Read
via "Dark Reading: ".
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.π Read
via "Dark Reading: ".
Darkreading
Mirai, Gafgyt Botnets Resurface with New Tricks
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
β Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday β
π Read
via "The first stop for security news | Threatpost ".
Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
Microsoftβs September Patch Tuesday release tackles a vulnerability actively being exploited in the wild.
π΄ Microsoft Patches 61 Vulns, One Under Active Attack π΄
π Read
via "Dark Reading: ".
CVE-2018-8440, which was publicly disclosed on Twitter in August, has already been used in a malware campaign.π Read
via "Dark Reading: ".
β Threatlist: Email Attacks Surge, Targeting Execs β
π Read
via "The first stop for security news | Threatpost ".
Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Threatlist: Email Attacks Surge, Targeting Execs
Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.
β’ Judge rules cryptocurrency ICO scam case falls under securities law β’
π Read
via "Latest topics for ZDNet in Security".
Judge rules that initial coin offerings are "securities" and SEC can go after ICO scammers for securities fraud under US securities laws.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Judge rules cryptocurrency ICO scam case falls under securities law | ZDNet
Judge rules that initial coin offerings are "securities" and SEC can go after ICO scammers for securities fraud under US securities laws.
β’ Australia's Consumer Data Right rules to be shaped around banking β’
π Read
via "Latest topics for ZDNet in Security".
With banking the first sector to be overhauled under the impending Consumer Data Right, the ACCC will be shaping its rules framework on the new data-sharing requirements of financial sector.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Australia's Consumer Data Right rules to be shaped around banking
With banking the first sector to be overhauled under the impending Consumer Data Right, the ACCC will be shaping its rules framework on the new data-sharing requirements of financial sector.