β ThreatList: WordPress Vulnerabilities Tripled in 2018 β
π Read
via "Threatpost | The first stop for security news".
Despite fewer plugins being added to Wordpress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018.π Read
via "Threatpost | The first stop for security news".
Threat Post
ThreatList: WordPress Vulnerabilities Up 30 Percent in 2018
Despite fewer plugins being added to WordPress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018.
π 3 basic things to know about your data, according to Xerox's CISO π
π Read
via "Security on TechRepublic".
Dan Patterson interviews Xerox CISO Alissa Abdullah about protecting sensitive data from adversaries. They also discuss the recent Marriott hack, privacy, ransomware, machine learning, and IoT.π Read
via "Security on TechRepublic".
π΄ Cutting Through the Jargon of AI & ML: 5 Key Issues π΄
π Read
via "Dark Reading: ".
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.π Read
via "Dark Reading: ".
Darkreading
Cutting Through the Jargon of AI & ML: 5 Key Issues
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
π΄ NCSC Launches Nation-State Cyber Threat Protection Program for Businesses π΄
π Read
via "Dark Reading: ".
National Counterintelligence and Security Center (NCSC) released free online security awareness materials for businesses to defend against nation-state hackers.π Read
via "Dark Reading: ".
Dark Reading
NCSC Launches Nation-State Cyber Threat Protection Program for Businesses
National Counterintelligence and Security Center (NCSC) released free online security awareness materials for businesses to defend against nation-state hackers.
π΄ Security Concerns Limit Remote Work Opportunities π΄
π Read
via "Dark Reading: ".
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.π Read
via "Dark Reading: ".
Dark Reading
Security Concerns Limit Remote Work Opportunities
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
β Google Play Boots 85 Malicious Adware Apps β
π Read
via "Threatpost | The first stop for security news".
Once downloaded, the fake apps hide themselves on the victimβs device and continue to show a full-screen ad every 15 minutes.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Play Boots 85 Malicious Adware Apps
Once downloaded, the fake apps hide themselves on the victimβs device and continue to show a full-screen ad every 15 minutes.
β ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse β
π Read
via "Threatpost | The first stop for security news".
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users.π Read
via "Threatpost | The first stop for security news".
Threat Post
ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users.
ATENTIONβΌ New - CVE-2017-15428
π Read
via "National Vulnerability Database".
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15405
π Read
via "National Vulnerability Database".
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15404
π Read
via "National Vulnerability Database".
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15403
π Read
via "National Vulnerability Database".
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15402
π Read
via "National Vulnerability Database".
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15401
π Read
via "National Vulnerability Database".
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9651
π Read
via "National Vulnerability Database".
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10403
π Read
via "National Vulnerability Database".
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.π Read
via "National Vulnerability Database".
π How Winston can protect consumers and smart offices from identity thieves π
π Read
via "Security on TechRepublic".
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.π Read
via "Security on TechRepublic".
TechRepublic
How Winston can protect consumers and smart offices from identity thieves
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.
π΄ Kaspersky Lab Helped US Nab NSA Data Thief: Report π΄
π Read
via "Dark Reading: ".
But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.π Read
via "Dark Reading: ".
Darkreading
Kaspersky Lab Helped US Nab NSA Data Thief: Report
But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.
β Cisco Fixes Critical Vulnerability Enabling Remote DoS Attacks β
π Read
via "Threatpost | The first stop for security news".
A remote attacker could exploit the vulnerability simply by sending an email.π Read
via "Threatpost | The first stop for security news".
Threat Post
Critical Flaw in Ciscoβs Email Security Appliance Enables βPermanent DoSβ
A remote attacker could exploit the vulnerability simply by sending an email.
π΄ Container Deployments Bring Security Woes at DevOps Speed π΄
π Read
via "Dark Reading: ".
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.π Read
via "Dark Reading: ".
Dark Reading
Container Deployments Bring Security Woes at DevOps Speed
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
π΄ Web Vulnerabilities Up, IoT Flaws Down π΄
π Read
via "Dark Reading: ".
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.π Read
via "Dark Reading: ".
Dark Reading
Web Vulnerabilities Up, IoT Flaws Down
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.
ATENTIONβΌ New - CVE-2018-0282
π Read
via "National Vulnerability Database".
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.π Read
via "National Vulnerability Database".