🛡 Cybersecurity & Privacy 🛡 - News

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.

198 views13:12

🕴 COVID-19: Latest Security News & Commentary 🕴

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

📖 Read

via "Dark Reading".

COVID-19: Latest Security News & Commentary

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

184 views14:23

❌ Majority of Microsoft 365 Admins Don’t Enable MFA ❌

Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.

📖 Read

via "Threat Post".

Majority of Microsoft 365 Admins Don’t Enable MFA

Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.

175 views15:12

🦿 How foreign actors are trying to undermine the US presidential election 🦿

Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.

📖 Read

via "Tech Republic".

How foreign actors are trying to undermine the US presidential election

Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.

169 views15:26

🦿 FBI: Hotel Wi-Fi is not safe 🦿

While hotel Wi-Fi is convenient, security is not the priority, federal government says.

📖 Read

via "Tech Republic".

FBI: Hotel Wi-Fi is not safe

While hotel Wi-Fi is convenient, security is not the priority, federal government says.

181 views15:26

❌ LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes ❌

Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.

📖 Read

via "Threat Post".

Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes

191 views16:12

‼ CVE-2020-6023 ‼

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

📖 Read

via "National Vulnerability Database".

177 views16:30

‼ CVE-2020-10256 ‼

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.

📖 Read

via "National Vulnerability Database".

163 views16:30

🕴 Employees Aware of Emailed Threats Open Suspicious Messages 🕴

A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.

📖 Read

via "Dark Reading".

Employees Aware of Emailed Threats Open Suspicious Messages

A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.

159 views16:53

🦿 Going passwordless might be safer for organizations 🦿

Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.

📖 Read

via "Tech Republic".

Going passwordless might be safer for organizations

Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.

151 views16:56

🕴 Akamai Acquires Asavie 🕴

Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.

📖 Read

via "Dark Reading".

Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.

Akamai Acquires Asavie

140 views17:23

🦿 Top 5 things to know about EU-US data privacy 🦿

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

📖 Read

via "Tech Republic".

Top 5 things to know about EU-US data privacy

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

145 views17:25

🦿 Top 5 things to know about EU-US data privacy 🦿

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

📖 Read

via "Tech Republic".

Top 5 things to know about EU-US data privacy

For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.

154 views17:25

🕴 MITRE Shield Matrix Highlights Deception & Concealment Technology 🕴

The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.

📖 Read

via "Dark Reading".

MITRE Shield Matrix Highlights Deception & Concealment Technology

The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.

155 views18:23

Naked Security – Sophos News

⚠ Facebook “copyright violation” tries to get past 2FA – don’t fall for it! ⚠

Watch out for "Facebook copyright violation" emails - even if they link straight back to Facebook.com

📖 Read

via "Naked Security".

Sophos News

147 views18:28

‼ CVE-2020-11854 ‼

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

📖 Read

via "National Vulnerability Database".

148 views18:31

‼ CVE-2020-11858 ‼

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.

📖 Read

via "National Vulnerability Database".

158 views18:31

‼ CVE-2020-15238 ‼

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.

📖 Read

via "National Vulnerability Database".

150 views20:30

‼ CVE-2020-26156 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".

143 views20:30

Employee Surveillance Tied to $41M GDPR Fine

🔏 Employee Surveillance Tied to $41M GDPR Fine 🔏

The apparel company H&M is being asked to pay a 35 million Euro fine, roughly $41 million dollars, stemming from a GDPR violation.

📖 Read

via "Digital Guardian".

Digital Guardian

The apparel company H&M is being asked to pay a 35 million Euro fine, roughly $41 million dollars, stemming from a GDPR violation.

146 views20:33

❌ Amazon Fires Employee Who Leaked Customer Names, Emails ❌

Amazon notified customers and law enforcement of the insider-threat incident this week.

📖 Read

via "Threat Post".