π¦Ώ Windows 10: Microsoft's key new security feature helps to protect your information π¦Ώ
π Read
via "Tech Republic".
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.π Read
via "Tech Republic".
TechRepublic
Windows 10: Microsoft's key new security feature helps to protect your information
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.
π Friday Five 10/16 π
π Read
via "Digital Guardian".
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/16
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!
β TikTok Launches Bug Bounty Program Amid Security Snafus β
π Read
via "Threat Post".
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.π Read
via "Threat Post".
Threat Post
TikTok Launches Bug Bounty Program Amid Security SNAFUs
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
β US Department of Justice reignites the Battle to Break Encryption β
π Read
via "Naked Security".
How strong is too strong?π Read
via "Naked Security".
Naked Security
US Department of Justice reignites the Battle to Break Encryption
How strong is too strong?
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
π¦Ώ Barnes & Noble restores Nook services after notifying customers about cyberattack π¦Ώ
π Read
via "Tech Republic".
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.π Read
via "Tech Republic".
TechRepublic
Barnes & Noble restores Nook services after notifying customers about cyberattack
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
βΌ CVE-2019-18796 βΌ
π Read
via "National Vulnerability Database".
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26893 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.π Read
via "National Vulnerability Database".
π¦Ώ 5 ways to manage computers securely (and remotely) using PowerShell π¦Ώ
π Read
via "Tech Republic".
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.π Read
via "Tech Republic".
TechRepublic
5 ways to manage computers securely and remotely using PowerShell
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.
β S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast β
π Read
via "Naked Security".
Listen to the latest episode of the Naked Security Podcastπ Read
via "Naked Security".
Naked Security
S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast
Listen to the latest episode of the Naked Security Podcast
π΄ Academia Adopts Mitre ATT&CK Framework π΄
π Read
via "Dark Reading".
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.π Read
via "Dark Reading".
Dark Reading
Academia Adopts Mitre ATT&CK Framework
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
β Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash β
π Read
via "Threat Post".
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.π Read
via "Threat Post".
Threat Post
Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
βΌ CVE-2020-26682 βΌ
π Read
via "National Vulnerability Database".
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15867 βΌ
π Read
via "National Vulnerability Database".
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14299 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.π Read
via "National Vulnerability Database".
π¦Ώ Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley π¦Ώ
π Read
via "Tech Republic".
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.π Read
via "Tech Republic".
TechRepublic
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.
βΌ CVE-2020-9878 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9885 βΌ
π Read
via "National Vulnerability Database".
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.π Read
via "National Vulnerability Database".
π¦Ώ How to view website trackers in mobile Safari π¦Ώ
π Read
via "Tech Republic".
Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad.π Read
via "Tech Republic".
TechRepublic
How to view website trackers in mobile Safari from your iPhone or iPad
Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad.
π¦Ώ How to recover deleted files in Linux with testdisk π¦Ώ
π Read
via "Tech Republic".
If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.π Read
via "Tech Republic".
TechRepublic
How to recover deleted files in Linux with testdisk
If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.