π What is HIPAA Compliance? π
π Read
via "Digital Guardian".
Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.π Read
via "Digital Guardian".
Digitalguardian
What is HIPAA Compliance?
Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.
π¦Ώ Cloud and remote work support strengthened US market performance π¦Ώ
π Read
via "Tech Republic".
The IT outlook for 2021, top trends and guidance as the enterprise prepares for "the next normal," according to a new report from IDC.π Read
via "Tech Republic".
TechRepublic
Cloud and remote work support strengthened US market performance
The IT outlook for 2021, top trends and guidance as the enterprise prepares for "the next normal," according to a new report from IDC.
β RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims β
π Read
via "Threat Post".
Collectively, 240 fraudulent Android apps -- masquerading as retro game emulators -- account for 14 million installs.π Read
via "Threat Post".
Threat Post
RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
Collectively, 240 fraudulent Android apps β masquerading as retro game emulators β account for 14 million installs.
βΌ CVE-2020-9048 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.π Read
via "National Vulnerability Database".
π΄ Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce π΄
π Read
via "Dark Reading".
Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.π Read
via "Dark Reading".
Dark Reading
Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce
Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.
βΌ CVE-2020-15241 βΌ
π Read
via "National Vulnerability Database".
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).π Read
via "National Vulnerability Database".
βΌ CVE-2020-15242 βΌ
π Read
via "National Vulnerability Database".
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.π Read
via "National Vulnerability Database".
π¦Ώ COVID-19 budgets, data security, and automation are concerns of IT leaders and staff π¦Ώ
π Read
via "Tech Republic".
Dueling surveys from Kaseya showed that IT department leaders share their underlings' worries about security and productivity.π Read
via "Tech Republic".
TechRepublic
COVID-19 budgets, data security, and automation are concerns of IT leaders and staff
Dueling surveys from Kaseya showed that IT department leaders share their underlings' worries about security and productivity.
π¦Ώ Password managers: A cheat sheet for professionals π¦Ώ
π Read
via "Tech Republic".
The sheer number of passwords the average person has can lead to confusion and tons of password retrieval emails. Simplify and secure your digital life by learning about password managers.π Read
via "Tech Republic".
TechRepublic
Password Manager Cheat Sheet: What Is a Password Manager?
This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.
βΌ CVE-2020-15243 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26162 βΌ
π Read
via "National Vulnerability Database".
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26921 βΌ
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.π Read
via "National Vulnerability Database".
π΄ Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective π΄
π Read
via "Dark Reading".
In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.π Read
via "Dark Reading".
Dark Reading
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.
β Wormable Apple iCloud Bug Allows Automatic Photo Theft β
π Read
via "Threat Post".
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.π Read
via "Threat Post".
Threat Post
Wormable Apple iCloud Bug Allows Automatic Photo Theft
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.
β S3 Ep1: Ransomware β is it really OK to pay? β Naked Security Podcast β
π Read
via "Naked Security".
The Naked Security Podcast is back for Series 3 - here's Episode 1!π Read
via "Naked Security".
Naked Security
S3 Ep1: Ransomware β is it really OK to pay? [Podcast]
Our podcast is back for Series 3 β hereβs Episode 1!
π΄ Why MSPs Are Hacker Targets, and What To Do About It π΄
π Read
via "Dark Reading".
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.π Read
via "Dark Reading".
Dark Reading
Why MSPs Are Hacker Targets, and What To Do About It
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
βΌ CVE-2020-9105 βΌ
π Read
via "National Vulnerability Database".
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13955 βΌ
π Read
via "National Vulnerability Database".
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.π Read
via "National Vulnerability Database".
β Facebook Debuts Bug-Bounty βLoyalty Programβ β
π Read
via "Threat Post".
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports -- which will dictate new bonus percentages.π Read
via "Threat Post".
Threat Post
Facebook Debuts Bug-Bounty βLoyalty Programβ
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports β which will dictate new bonus percentages.
π¦Ώ The new Ring Always Home Camera is a security disaster in the making π¦Ώ
π Read
via "Tech Republic".
Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.π Read
via "Tech Republic".
TechRepublic
Ring Always Home Cam: A security disaster in the making
Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.
π¦Ώ Could Microsoft be en route to dumping Windows in favor of Linux? π¦Ώ
π Read
via "Tech Republic".
Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. He explains why this would be a win-win for Microsoft, IT pros, users, and the Linux community.π Read
via "Tech Republic".