π΄ Container Deployments Bring Security Woes at DevOps Speed π΄
π Read
via "Dark Reading: ".
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.π Read
via "Dark Reading: ".
Dark Reading
Container Deployments Bring Security Woes at DevOps Speed
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
π΄ Web Vulnerabilities Up, IoT Flaws Down π΄
π Read
via "Dark Reading: ".
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.π Read
via "Dark Reading: ".
Dark Reading
Web Vulnerabilities Up, IoT Flaws Down
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.
ATENTIONβΌ New - CVE-2018-0282
π Read
via "National Vulnerability Database".
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-0181
π Read
via "National Vulnerability Database".
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10736
π Read
via "National Vulnerability Database".
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.π Read
via "National Vulnerability Database".
β Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case β
π Read
via "Naked Security".
The court's action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.π Read
via "Naked Security".
Naked Security
Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case
The courtβs action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.
β Update now! Microsoft and Adobeβs January 2019 Patch Tuesday is here β
π Read
via "Naked Security".
After a busy sequence of updates in October, November, and December, the new yearβs first Patch Tuesday promises a lighter workload.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 6 Best Practices for Managing an Online Educational Infrastructure π΄
π Read
via "Dark Reading: ".
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.π Read
via "Dark Reading: ".
Darkreading
6 Best Practices for Managing an Online Educational Infrastructure
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
β Google Search Results Spoofed to Create Fake News β
π Read
via "Threatpost | The first stop for security news".
The technique can be used to spread disinformation while leveraging the trust people have in Google's search results.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Search Results Spoofed to Create Fake News
The technique can be used to spread disinformation while leveraging the trust people have in Google's search results.
β βUnprecedentedβ DNS Hijacking Attacks Linked to Iran β
π Read
via "Threatpost | The first stop for security news".
The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran.π Read
via "Threatpost | The first stop for security news".
Threat Post
βUnprecedentedβ DNS Hijacking Attacks Linked to Iran
The attacks, targeting several countries redirect traffic and harvest credentials, have been linked to Iran.
π΄ Google: G Suite Now Alerts Admins to Data Exfiltration π΄
π Read
via "Dark Reading: ".
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.π Read
via "Dark Reading: ".
Darkreading
Google: G Suite Now Alerts Admins to Data Exfiltration
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.
π΄ Consumers Demand Security from Smart Device Makers π΄
π Read
via "Dark Reading: ".
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.π Read
via "Dark Reading: ".
Dark Reading
Consumers Demand Security from Smart Device Makers
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.
π CES 2019: How Winston can protect consumers and smart offices from identity thieves π
π Read
via "Security on TechRepublic".
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.π Read
via "Security on TechRepublic".
TechRepublic
CES 2019: How Winston can protect consumers and smart offices from identity thieves
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.
π΄ Ryuk Ransomware Attribution May Be Premature π΄
π Read
via "Dark Reading: ".
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.π Read
via "Dark Reading: ".
Darkreading
Ryuk Ransomware Attribution May Be Premature
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.
π΄ Election Security Isn't as Bad as People Think π΄
π Read
via "Dark Reading: ".
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Facebook violated tough new cybersecurity law, says Vietnam β
π Read
via "Naked Security".
The law brought sweeping new powers, allowing authorities to force technology companies to hand over user data and to censor posts.π Read
via "Naked Security".
Naked Security
Facebook violated tough new cybersecurity law, says Vietnam
The law brought sweeping new powers, allowing authorities to force technology companies to hand over user data and to censor posts.
β You canβt delete Facebook from some Androids and people arenβt happy β
π Read
via "Naked Security".
The #DeleteFacebook movement may be growing, but many Samsung users are having a tough time scraping the social networkβs preinstalled software from their phones.π Read
via "Naked Security".
Naked Security
You canβt delete Facebook from some Androids and people arenβt happy
The #DeleteFacebook movement may be growing, but many Samsung users are having a tough time scraping the social networkβs preinstalled software from their phones.
π΄ Reddit Alerts Users to Possible Account Breaches π΄
π Read
via "Dark Reading: ".
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.π Read
via "Dark Reading: ".
Darkreading
Reddit Alerts Users to Possible Account Breaches
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
β At CES, Focus is On βCool Factorβ Not IoT Security β
π Read
via "Threatpost | The first stop for security news".
When it comes to IoT, the priority at CES is the "wow factor" - but not so much a focus on security.π Read
via "Threatpost | The first stop for security news".
Threat Post
At CES, Focus is On βCool Factorβ Not IoT Security
When it comes to IoT, the priority at CES is the "wow factor" - but not so much a focus on security.
π΄ DNS Hijacking Campaign Targets Organizations Globally π΄
π Read
via "Dark Reading: ".
A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.π Read
via "Dark Reading: ".
Darkreading
DNS Hijacking Campaign Targets Organizations Globally
A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.
π΄ New Software Side-Channel Attack Raises Risk for Captured Crypto π΄
π Read
via "Dark Reading: ".
The new attack hits operating systems, not chips, and may give criminals the keys to a company's cryptography.π Read
via "Dark Reading: ".
Dark Reading
New Software Side-Channel Attack Raises Risk for Captured Crypto
The new attack hits operating systems, not chips, and may give criminals the keys to a company's cryptography.