β The APT Name Game: How Grim Threat Actors Get Goofy Monikers β
π Read
via "Threatpost | The first stop for security news".
How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?π Read
via "Threatpost | The first stop for security news".
Threat Post
The APT Name Game: How Grim Threat Actors Get Goofy Monikers
How do advanced persistent threat groups such as Darkhotel and Anchor Panda get their ridiculous names?
β Half of IoT devices let down by vulnerable apps β
π Read
via "Naked Security".
Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.π Read
via "Naked Security".
Naked Security
Half of IoT devices let down by vulnerable apps
Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.
β Home DNA kit company says itβs working with the FBI β
π Read
via "Naked Security".
FamilyTreeDNA has disclosed that it's opened up more than 1m DNA profiles to the FBI to help find suspects of violent crime.π Read
via "Naked Security".
Naked Security
Home DNA kit company now lets users opt out of FBI data sharing
FamilyTreeDNA has disclosed that itβs opened up DNA profiles to the FBI to help find suspects of violent crime.
β Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws β
π Read
via "Threatpost | The first stop for security news".
Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer β which could then allow for an intrusion into the IT network as a whole.π Read
via "Threatpost | The first stop for security news".
Threat Post
Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws
Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer β which could then allow for an intrusion into the IT network as a whole.
π΄ Black Hat USA 2019 Offers a Boatload of New Training Opportunities π΄
π Read
via "Dark Reading: ".
Led by top infosec talent, these cutting-edge courses are an efficient way to get practical, hands-on training in everything from blockchain security to machine learning.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA 2019 Offers a Boatload of New Training Opportunities
Led by top infosec talent, these cutting-edge courses are an efficient way to get practical, hands-on training in everything from blockchain security to machine learning.
β EU Recalls Childrenβs Smartwatch That Leaks Location Data β
π Read
via "Threatpost | The first stop for security news".
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.π Read
via "Threatpost | The first stop for security news".
Threat Post
EU Recalls Childrenβs Smartwatch That Leaks Location Data
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.
π΄ Taming the Wild, West World of Security Product Testing π΄
π Read
via "Dark Reading: ".
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.π Read
via "Dark Reading: ".
Dark Reading
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
β Google Patches Critical .PNG Image Bug β
π Read
via "Threatpost | The first stop for security news".
Eleven critical bugs will be patched as part of the February Android Security Bulletin.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Patches Critical .PNG Image Bug
Eleven critical bugs will be patched as part of the February Android Security Bulletin.
π Why your business needs to work with the government to fight cyber warfare π
π Read
via "Security on TechRepublic".
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.π Read
via "Security on TechRepublic".
TechRepublic
Why your business needs to work with the government to fight cyber warfare
The US government will not be able to mitigate a cyber-enabled economic warfare attack without help from the private sector, according to a report from FDD and the Chertoff Group.
β Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast - give it a listen!π Read
via "Naked Security".
Naked Security
Ep. 018 β Home invasions, snoopy apps and Android versus iOS [PODCAST]
Hereβs the latest Naked Security podcast β give it a listen!
ATENTIONβΌ New - CVE-2017-1202
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1200
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1198
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1177
π Read
via "National Vulnerability Database".
IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-1000282
π Read
via "National Vulnerability Database".
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.π Read
via "National Vulnerability Database".
π΄ No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms π΄
π Read
via "Dark Reading: ".
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Over 59K Data Breaches Reported in EU Under GDPR π΄
π Read
via "Dark Reading: ".
In addition, 91 reported fines have been imposed since the regulation went into effect last May.π Read
via "Dark Reading: ".
Darkreading
Over 59K Data Breaches Reported in EU Under GDPR
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
π΄ Mitigating the Security Risks of Cloud-Native Applications π΄
π Read
via "Dark Reading: ".
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.π Read
via "Dark Reading: ".
Dark Reading
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
π΄ Cybercriminals Exploit Gmail Feature to Scale Up Attacks π΄
π Read
via "Dark Reading: ".
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
β IoT Scale Flaws Enable Denial of Service, Privacy Issues β
π Read
via "Threatpost | The first stop for security news".
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous about using this vulnerable IoT device.π Read
via "Threatpost | The first stop for security news".
Threat Post
IoT Scale Flaws Enable Denial of Service, Privacy Issues
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.