β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From WhatsApps that aren't meant for you to the highly promising USB-C authentication, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From WhatsApps that arenβt meant for you to the highly promising USB-C authentication, and everything in between. Itβs weekly roundup time.
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From WhatsApps that aren't meant for you to the highly promising USB-C authentication, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From WhatsApps that arenβt meant for you to the highly promising USB-C authentication, and everything in between. Itβs weekly roundup time.
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From WhatsApps that aren't meant for you to the highly promising USB-C authentication, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From WhatsApps that arenβt meant for you to the highly promising USB-C authentication, and everything in between. Itβs weekly roundup time.
β Tim Cook demands a way for users to delete their personal data β
π Read
via "Naked Security".
The Apple CEO wants the FTC to set up a data-broker clearinghouse so people can see the data that companies have collected on them.π Read
via "Naked Security".
Naked Security
Tim Cook demands a way for users to delete their personal data
The Apple CEO wants the FTC to set up a data-broker clearinghouse so people can see the data that companies have collected on them.
β State agency exposes 3TB of data, including FBI info and remote logins β
π Read
via "Naked Security".
Oklahomaβs Department of Securities (ODS) exposed 3TB of files in plain text containing sensitive data on the public internet this month.π Read
via "Naked Security".
Naked Security
State agency exposes 3TB of data, including FBI info and remote logins
Oklahomaβs Department of Securities (ODS) exposed 3TB of files in plain text containing sensitive data on the public internet this month.
β Attackers used a LinkedIn job ad and Skype call to breach bankβs defences β
π Read
via "Naked Security".
A Chilean Senator has taken to Twitter with alarming news β the company running the countryβs ATM network suffered a serious cyberattack.π Read
via "Naked Security".
Naked Security
Attackers used a LinkedIn job ad and Skype call to breach bankβs defences
A Chilean Senator has taken to Twitter with alarming news β the company running the countryβs ATM network suffered a serious cyberattack.
β Twitter bug exposed some Android private tweets to public view β
π Read
via "Naked Security".
The latest privacy glitch, which went unnoticed for over four years, may trigger yet another EU privacy probe.π Read
via "Naked Security".
Naked Security
Twitter bug exposed some Android private tweets to public view
The latest privacy glitch, which went unnoticed for over four years, may trigger yet another EU privacy probe.
π΄ Shadow IT, IaaS & the Security Imperative π΄
π Read
via "Dark Reading: ".
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.π Read
via "Dark Reading: ".
Dark Reading
Shadow IT, IaaS & the Security Imperative
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
ATENTIONβΌ New - CVE-2016-10739
π Read
via "National Vulnerability Database".
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.π Read
via "National Vulnerability Database".
β WhatsApp fights the spread of deadly fake news with recipient limit β
π Read
via "Naked Security".
WhatsApp has capped the number of people you can forward messages to, after India was seized by rumour-inspired mob lynchings.π Read
via "Naked Security".
Naked Security
WhatsApp fights the spread of deadly fake news with recipient limit
WhatsApp has capped the number of people you can forward messages to, after India was seized by rumour-inspired mob lynchings.
β DNC targeted by Russian hackers beyond 2018 midterms, it claims β
π Read
via "Naked Security".
The Democratic National Committee has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018.π Read
via "Naked Security".
Naked Security
DNC targeted by Russian hackers beyond 2018 midterms, it claims
The Democratic National Committee has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018.
β Bicycle-riding hitman convicted with Garmin GPS watch location data β
π Read
via "Naked Security".
Location data extracted from the athletic hitman's Garmin GPS watch and TomTom sat nav led to his conviction in two gangland murders.π Read
via "Naked Security".
Naked Security
Bicycle-riding hitman convicted with Garmin GPS watch location data
Location data extracted from the athletic hitmanβs Garmin GPS watch and TomTom sat nav led to his conviction in two gangland murders.
β Rogue websites can turn vulnerable browser extensions into back doors β
π Read
via "Naked Security".
A researcher has found that websites can use some extensions to bypass security policies, execute code, and even install other extensions.π Read
via "Naked Security".
Naked Security
Rogue websites can turn vulnerable browser extensions into back doors
A researcher has found that websites can use some extensions to bypass security policies, execute code, and even install other extensions.
π Rushing to patch? Here's how to prioritize your security efforts π
π Read
via "Security on TechRepublic".
When addressing security vulnerabilities, enterprises should focus on those with publicly available exploit code, according to a Kenna Security report.π Read
via "Security on TechRepublic".
TechRepublic
Rushing to patch? Here's how to prioritize your security efforts
When addressing security vulnerabilities, enterprises should focus on those with publicly available exploit code, according to a Kenna Security report.
β Adobe Issues Unscheduled Updates for Experience Manager Platform β
π Read
via "Threatpost | The first stop for security news".
The patches are part of Adobe's second unscheduled update this month.π Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Issues Unscheduled Updates for Experience Manager Platform
The patches are Adobe's second unscheduled update this month.
π΄ How Cybercriminals Clean Their Dirty Money π΄
π Read
via "Dark Reading: ".
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.π Read
via "Dark Reading: ".
Darkreading
How Cybercriminals Clean Their Dirty Money
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
π Hackers turn to data theft and resale on the Dark Web for higher payouts π
π Read
via "Security on TechRepublic".
Selling personal information and compromised accounts of popular Instragram users has become more lucrative than ransomware and cryptojacking campaigns.π Read
via "Security on TechRepublic".
TechRepublic
Hackers turn to data theft and resale on the Dark Web for higher payouts
Selling personal information and compromised accounts of popular Instragram users has become more lucrative than ransomware and cryptojacking campaigns.
β Google Fined $57M in Largest GDPR Slap Yet β
π Read
via "Threatpost | The first stop for security news".
The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Fined $57M in Largest GDPR Slap Yet
The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.
ATENTIONβΌ New - CVE-2017-6923
π Read
via "National Vulnerability Database".
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6922
π Read
via "National Vulnerability Database".
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.π Read
via "National Vulnerability Database".