β Police canβt compel biometric phone unlocking, rules judge β
π Read
via "Naked Security".
The landmark decision asserts the same legal protection for biometrics that we're given for passcodes.π Read
via "Naked Security".
Naked Security
Feds canβt force you to unlock your phone with finger or face, says judge
The landmark decision asserts the same legal protection for biometrics that weβre given for passcodes.
β Beware buying Fortniteβs V-Bucks, you could be funding organised crime β
π Read
via "Naked Security".
Credit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.π Read
via "Naked Security".
Naked Security
Beware buying Fortniteβs V-Bucks, you could be funding organised crime
Credit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.
β Intel patches another security flaw in SGX technology β
π Read
via "Naked Security".
Of the six advisories Intel released last week, the most interesting is a flaw discovered in the companyβs Software Guard Extensions (SGX).π Read
via "Naked Security".
Naked Security
Intel patches another security flaw in SGX technology
Of the six advisories Intel released last week, the most interesting is a flaw discovered in the companyβs Software Guard Extensions (SGX).
β Are you sure those WhatsApp messages are meant for you? β
π Read
via "Naked Security".
Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone elseβs messages waiting for her.π Read
via "Naked Security".
Naked Security
Are you sure those WhatsApp messages are meant for you?
Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone elseβs messages waiting for her.
β VOIPO Database Exposes Millions of Texts, Call Logs β
π Read
via "Threatpost | The first stop for security news".
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.π Read
via "Threatpost | The first stop for security news".
Threat Post
VOIPO Database Exposes Millions of Texts, Call Logs
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
β Magecart Returns with Advertising Library Tactic β
π Read
via "Threatpost | The first stop for security news".
The threat group also has a new subsidiary, Magecart Group 12.π Read
via "Threatpost | The first stop for security news".
Threat Post
Magecart Returns with Advertising Library Tactic
The threat group also has a new subsidiary, Magecart Group 12.
π Top 10 app vulnerabilities: Unpatched plugins and extensions dominate π
π Read
via "Security on TechRepublic".
Despite the existence of patches, the proliferation of unpatched installations are enticing targets for malicious actors, according to a WhiteHat report.π Read
via "Security on TechRepublic".
TechRepublic
Top 10 app vulnerabilities: Unpatched plugins and extensions dominate
Despite the existence of patches, the proliferation of unpatched installations are enticing targets for malicious actors, according to a WhiteHat report.
π΄ Triton/Trisis Attack Was More Widespread Than Publicly Known π΄
π Read
via "Dark Reading: ".
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.π Read
via "Dark Reading: ".
Darkreading
Triton/Trisis Attack Was More Widespread Than Publicly Known
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
ATENTIONβΌ New - CVE-2016-9651 (chrome, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation)
π Read
via "National Vulnerability Database".
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
β Fortnite Hacked Via Insecure Single Sign-On β
π Read
via "Threatpost | The first stop for security news".
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.π Read
via "Threatpost | The first stop for security news".
Threat Post
Fortnite Hacked Via Insecure Single Sign-On
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.
π΄ Are You Listening to Your Kill Chain? π΄
π Read
via "Dark Reading: ".
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.π Read
via "Dark Reading: ".
Darkreading
Are You Listening to Your Kill Chain?
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
β U.S. Issues Multiple Charges For 2016 SEC Hack β
π Read
via "Threatpost | The first stop for security news".
The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.π Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Issues Multiple Charges For 2016 SEC Hack
The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.
π To stay competitive, MSSPs need to grow and evolve π
π Read
via "Security on TechRepublic".
βManaged Security Service Providers can alleviate many of the headaches suffered by in-house security, but they need to remain nimble and focused to retain their edge.π Read
via "Security on TechRepublic".
TechRepublic
To stay competitive, MSSPs need to grow and evolve
βManaged Security Service Providers can alleviate many of the headaches suffered by in-house security, but they need to remain nimble and focused to retain their edge.
π΄ Fortnite Players at Risk Via Epic Games Vulnerability π΄
π Read
via "Dark Reading: ".
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.π Read
via "Dark Reading: ".
Darkreading
Fortnite Players Compromised Via Epic Games Vulnerability
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
ATENTIONβΌ New - CVE-2015-9280
π Read
via "National Vulnerability Database".
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9279
π Read
via "National Vulnerability Database".
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9278
π Read
via "National Vulnerability Database".
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9277
π Read
via "National Vulnerability Database".
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9276
π Read
via "National Vulnerability Database".
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10403 (chrome)
π Read
via "National Vulnerability Database".
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.π Read
via "National Vulnerability Database".
π΄ BEC Groups Ramp Up Payroll Diversion Attacks π΄
π Read
via "Dark Reading: ".
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.π Read
via "Dark Reading: ".
Darkreading
BEC Groups Ramp Up Payroll Diversion Attacks
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.