π΄ Exposed Consumer Data Skyrocketed 126% in 2018 π΄
π Read
via "Dark Reading: ".
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.π Read
via "Dark Reading: ".
Darkreading
Exposed Consumer Data Skyrocketed 126% in 2018
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
β Kidsβ GPS watches are still a security βtrain wreckβ β
π Read
via "Naked Security".
Anyone could have accessed the entire database, including a child's location, on Gator watches and other models that share its back end.π Read
via "Naked Security".
Naked Security
Kidsβ GPS watches are still a security βtrain wreckβ
Anyone could have accessed the entire database, including a childβs location, on Gator watches and other models that share its back end.
ATENTIONβΌ New - CVE-2017-18362
π Read
via "National Vulnerability Database".
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.π Read
via "National Vulnerability Database".
β Crypto exchange in limbo after founder dies with password β
π Read
via "Naked Security".
The only person who knew the password is dead, leaving customers unable to access around $190million in fiat and virtual currency.π Read
via "Naked Security".
Naked Security
Crypto exchange in limbo after founder dies with password
The only person who knew the password is dead, leaving customers unable to access around $190million in fiat and virtual currency.
β The APT Name Game: How Grim Threat Actors Get Goofy Monikers β
π Read
via "Threatpost | The first stop for security news".
How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?π Read
via "Threatpost | The first stop for security news".
Threat Post
The APT Name Game: How Grim Threat Actors Get Goofy Monikers
How do advanced persistent threat groups such as Darkhotel and Anchor Panda get their ridiculous names?
β Half of IoT devices let down by vulnerable apps β
π Read
via "Naked Security".
Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.π Read
via "Naked Security".
Naked Security
Half of IoT devices let down by vulnerable apps
Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.
β Home DNA kit company says itβs working with the FBI β
π Read
via "Naked Security".
FamilyTreeDNA has disclosed that it's opened up more than 1m DNA profiles to the FBI to help find suspects of violent crime.π Read
via "Naked Security".
Naked Security
Home DNA kit company now lets users opt out of FBI data sharing
FamilyTreeDNA has disclosed that itβs opened up DNA profiles to the FBI to help find suspects of violent crime.
β Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws β
π Read
via "Threatpost | The first stop for security news".
Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer β which could then allow for an intrusion into the IT network as a whole.π Read
via "Threatpost | The first stop for security news".
Threat Post
Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws
Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer β which could then allow for an intrusion into the IT network as a whole.
π΄ Black Hat USA 2019 Offers a Boatload of New Training Opportunities π΄
π Read
via "Dark Reading: ".
Led by top infosec talent, these cutting-edge courses are an efficient way to get practical, hands-on training in everything from blockchain security to machine learning.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA 2019 Offers a Boatload of New Training Opportunities
Led by top infosec talent, these cutting-edge courses are an efficient way to get practical, hands-on training in everything from blockchain security to machine learning.
β EU Recalls Childrenβs Smartwatch That Leaks Location Data β
π Read
via "Threatpost | The first stop for security news".
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.π Read
via "Threatpost | The first stop for security news".
Threat Post
EU Recalls Childrenβs Smartwatch That Leaks Location Data
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.
π΄ Taming the Wild, West World of Security Product Testing π΄
π Read
via "Dark Reading: ".
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.π Read
via "Dark Reading: ".
Dark Reading
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
β Google Patches Critical .PNG Image Bug β
π Read
via "Threatpost | The first stop for security news".
Eleven critical bugs will be patched as part of the February Android Security Bulletin.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Patches Critical .PNG Image Bug
Eleven critical bugs will be patched as part of the February Android Security Bulletin.
π Why your business needs to work with the government to fight cyber warfare π
π Read
via "Security on TechRepublic".
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.π Read
via "Security on TechRepublic".
TechRepublic
Why your business needs to work with the government to fight cyber warfare
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.
β Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast - give it a listen!π Read
via "Naked Security".
Naked Security
Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST]
Hereβs the latest Naked Security podcast β give it a listen!
ATENTIONβΌ New - CVE-2017-1202
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1200
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1198
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1177
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-1000282
π Read
via "National Vulnerability Database".
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.π Read
via "National Vulnerability Database".
π΄ No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms π΄
π Read
via "Dark Reading: ".
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Over 59K Data Breaches Reported in EU Under GDPR π΄
π Read
via "Dark Reading: ".
In addition, 91 reported fines have been imposed since the regulation went into effect last May.π Read
via "Dark Reading: ".
Darkreading
Over 59K Data Breaches Reported in EU Under GDPR
In addition, 91 reported fines have been imposed since the regulation went into effect last May.