🛡 Cybersecurity & Privacy 🛡 - News

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.

230 views13:23

S3 Ep1: Ransomware – is it really OK to pay? [Podcast]

⚠ S3 Ep1: Ransomware – is it really OK to pay? – Naked Security Podcast ⚠

The Naked Security Podcast is back for Series 3 - here's Episode 1!

📖 Read

via "Naked Security".

Naked Security

Our podcast is back for Series 3 – here’s Episode 1!

198 views14:18

🕴 Why MSPs Are Hacker Targets, and What To Do About It 🕴

Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.

📖 Read

via "Dark Reading".

Why MSPs Are Hacker Targets, and What To Do About It

Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.

189 views14:26

‼ CVE-2020-9105 ‼

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.

📖 Read

via "National Vulnerability Database".

198 views14:33

‼ CVE-2020-13955 ‼

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.

📖 Read

via "National Vulnerability Database".

201 views14:33

❌ Facebook Debuts Bug-Bounty ‘Loyalty Program’ ❌

Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports -- which will dictate new bonus percentages.

📖 Read

via "Threat Post".

Facebook Debuts Bug-Bounty ‘Loyalty Program’

Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports — which will dictate new bonus percentages.

210 views14:53

Ring Always Home Cam: A security disaster in the making

🦿 The new Ring Always Home Camera is a security disaster in the making 🦿

Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.

📖 Read

via "Tech Republic".

TechRepublic

Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.

215 views15:12

🦿 Could Microsoft be en route to dumping Windows in favor of Linux? 🦿

Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. He explains why this would be a win-win for Microsoft, IT pros, users, and the Linux community.

📖 Read

via "Tech Republic".

206 views16:42

❌ Sophisticated Android Ransomware Executes with the Home Button ❌

The malware also has a unique machine-learning module.

📖 Read

via "Threat Post".

Sophisticated Android Ransomware Executes with the Home Button

The malware also has a unique machine-learning module.

200 views17:53

🕴 CISOs Planning on Bigger Budgets: Report 🕴

Budgets are on the rise, even in a time of revenue worries across the industry.

📖 Read

via "Dark Reading".

CISOs Planning on Bigger Budgets: Report

Budgets are on the rise, even in a time of revenue worries across the industry.

196 views17:56

How to secure your open source supply chain

🦿 How to secure your open source supply chain 🦿

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. Two experts weigh in.

📖 Read

via "Tech Republic".

TechRepublic

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. Two experts weigh in.

193 views18:12

How the enterprise can shut down cyber criminals and protect a remote staff

🦿 How the enterprise can shut down cyber criminals and protect a remote staff 🦿

Hackers accidentally allowed into company software by security noncompliant employees cost businesses millions annually; we asked experts to weigh in on best safety practices.

📖 Read

via "Tech Republic".

TechRepublic

Hackers accidentally allowed into company software by security noncompliant employees cost businesses millions annually; we asked experts to weigh in on best safety practices.

204 views18:12

🕴 Critical Zerologon Flaw Exploited in TA505 Attacks 🕴

Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.

📖 Read

via "Dark Reading".

Vulnerabilities & Threats recent news | Dark Reading

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

215 views18:26

Antitrust reforms, biometic data collection, and DHS malware warnings - catch up on all the week's news with the Friday Five!

🔏 10/9 Friday Five 🔏

Antitrust reforms, biometic data collection, and DHS malware warnings - catch up on all the week's news with the Friday Five!

📖 Read

via "Digital Guardian".

Digital Guardian

10/9 Friday Five

238 views19:16

❌ Fitbit Spyware Steals Personal Data via Watch Face ❌

Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.

📖 Read

via "Threat Post".

Fitbit Spyware Steals Personal Data via Watch Face

Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.

275 views19:23

🕴 Apple Pays Bug Bounty to Enterprise Network Researchers 🕴

So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.

📖 Read

via "Dark Reading".

Apple Pays Bug Bounty to Enterprise Network Researchers

So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.

336 views20:26

Latest Version of MalLocker Android Ransomware Packs New Tricks

🕴 Latest Version of MalLocker Android Ransomware Packs New Tricks 🕴

Like most such mobile malware, the new one doesn't encrypt data but attempts to make an infected system impossible to use, Microsoft says.

📖 Read

via "Dark Reading".

Darkreading

Like most such mobile malware, the new one doesn't encrypt data but attempts to make an infected system impossible to use, Microsoft says.

353 views20:56

‼ CVE-2020-26935 ‼

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

📖 Read

via "National Vulnerability Database".

382 views20:35

‼ CVE-2020-26947 ‼

monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.

📖 Read

via "National Vulnerability Database".

401 views22:35

‼ CVE-2020-26948 ‼

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.

📖 Read

via "National Vulnerability Database".

410 views22:35