βΌ CVE-2020-27524 βΌ
π Read
via "National Vulnerability Database".
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.π Read
via "National Vulnerability Database".
π΄ Former Microsoft Software Engineer Sentenced to 9 Years in Prison π΄
π Read
via "Dark Reading".
The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β βInstant bank fraudβ hoax is back β donβt spread fake news! β
π Read
via "Naked Security".
You need to spread the word to your family and friends NOT to spread the word to their family and friendsπ Read
via "Naked Security".
Naked Security
βInstant bank fraudβ hoax is back β donβt spread fake news!
You need to spread the word to your family and friends NOT to spread the word to their family and friends
β Smishing attack tells you βmobile payment problemβ β donβt fall for it! β
π Read
via "Naked Security".
Don't be fooled by a website that looks OK - it's easy for crooks to make an exact copy. (This time, they got just one letter wrong.)π Read
via "Naked Security".
Naked Security
Smishing attack tells you βmobile payment problemβ β donβt fall for it!
Donβt be fooled by a website that looks OK β itβs easy for crooks to make an exact copy. (This time, they got just one letter wrong.)
β Minecraft Apps on Google Play Fleece Players Out of Big Money β
π Read
via "Threat Post".
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.π Read
via "Threat Post".
Threat Post
Minecraft Apps on Google Play Fleece Players Out of Big Money
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.
β Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic β
π Read
via "Threat Post".
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.π Read
via "Threat Post".
Threat Post
Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.
β Nvidia Warns Windows Gamers of GeForce NOW Flaw β
π Read
via "Threat Post".
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.π Read
via "Threat Post".
Threat Post
Nvidia Warns Windows Gamers of GeForce NOW Flaw
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.
βΌ CVE-2020-8353 βΌ
π Read
via "National Vulnerability Database".
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8354 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8352 βΌ
π Read
via "National Vulnerability Database".
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5426 βΌ
π Read
via "National Vulnerability Database".
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.π Read
via "National Vulnerability Database".
π΄ 9 New Tactics to Spread Security Awareness π΄
π Read
via "Dark Reading".
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.π Read
via "Dark Reading".
Dark Reading
9 New Tactics to Spread Security Awareness
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.
π΄ Barracuda to Acquire Fyde for Zero-Trust Capabilities π΄
π Read
via "Dark Reading".
Plans call for expanding the Barracuda CloudGen SASE platform.π Read
via "Dark Reading".
Dark Reading
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Plans call for expanding the Barracuda CloudGen SASE platform.
π Best Practices for Organizations to Mitigate Risks in Collaboration Software π
π Read
via "Digital Guardian".
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.π Read
via "Digital Guardian".
Digital Guardian
Best Practices for Organizations to Mitigate Risks in Collaboration Software
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.
β Silver Peak SD-WAN Bugs Allow for Network Takeover β
π Read
via "Threat Post".
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.π Read
via "Threat Post".
Threat Post
Silver Peak SD-WAN Bugs Allow for Network Takeover
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
π΄ 3 Tips For Successfully Running Tech Outside the IT Department π΄
π Read
via "Dark Reading".
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.π Read
via "Dark Reading".
Dark Reading
3 Tips For Successfully Running Tech Outside the IT Department
When marketing opts for extra-departmental IT, coordination and communication are required to keep things secured.
π΄ Security Hiring Plans Remain Constant Despite Pandemic π΄
π Read
via "Dark Reading".
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.π Read
via "Dark Reading".
Dark Reading
Security Hiring Plans Remain Constant Despite Pandemic
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.
βΌ CVE-2020-26218 βΌ
π Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26219 βΌ
π Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.π Read
via "National Vulnerability Database".
π΄ Want to Avoid an Extreme Cyberloss? Focus on the Basics π΄
π Read
via "Dark Reading".
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.π Read
via "Dark Reading".
Dark Reading
Want to Avoid an Extreme Cyberloss? Focus on the Basics
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.
π΄ NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains π΄
π Read
via "Dark Reading".
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.π Read
via "Dark Reading".
Dark Reading
NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting