β Double-Stuffed: Dunkinβ Hit by Another Credential-Stuffing Attack β
π Read
via "Threatpost | The first stop for security news".
Dunkinβ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkinβs loyalty program. Names, email addresses, 16-digit DD Perks [β¦]π Read
via "Threatpost | The first stop for security news".
Threat Post
Double-Stuffed: Dunkinβ Hit by Another Credential-Stuffing Attack
Dunkinβ Donutsβ loyalty program was hit with a credential stuffing attack that targeted names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.
π΄ Microsoft, Adobe Both Close More Than 70 Security Issues π΄
π Read
via "Dark Reading: ".
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.π Read
via "Dark Reading: ".
Darkreading
Microsoft, Adobe Both Close More Than 70 Security Issues
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
π΄ Up to 100,000 Reported Affected in Landmark White Data Breach π΄
π Read
via "Dark Reading: ".
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.π Read
via "Dark Reading: ".
Darkreading
Up to 100,000 Reported Affected in Landmark White Data Breach
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
β Siemens Warns of Critical Remote-Code Execution ICS Flaw β
π Read
via "Threatpost | The first stop for security news".
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.π Read
via "Threatpost | The first stop for security news".
Threat Post
Siemens Warns of Critical Remote-Code Execution ICS Flaw
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
ATENTIONβΌ New - CVE-2017-0938
π Read
via "National Vulnerability Database".
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.π Read
via "National Vulnerability Database".
β Security firm beats Adobe by patching reader flaw first β
π Read
via "Naked Security".
Adobe has patched a flaw that enabled attackers to slurp a userβs network authentication details - but not before someone else patched it first.π Read
via "Naked Security".
Naked Security
Security firm beats Adobe by patching reader flaw first
Adobe has patched a flaw that enabled attackers to slurp a userβs network authentication details β but not before someone else patched it first.
β 620 million records from 16 websites listed for sale on the Dark Web β
π Read
via "Sophos".
Some of the breaches are new, while some were reported last year. The sites include MyFitnessPal, MyHeritage, Whitepages and more.π Read
via "Sophos".
Naked Security
620 million records from 16 websites listed for sale on the Dark Web
Some of the breaches are new, while some were reported last year. The sites include MyFitnessPal, MyHeritage, Whitepages and more.
π 4 ways your company can avoid a data breach π
π Read
via "Security on TechRepublic".
Only one in three organizations say they are confident they can prevent data breaches, according to Balbix.π Read
via "Security on TechRepublic".
TechRepublic
4 ways your company can avoid a data breach
Only one in three organizations say they are confident they can prevent data breaches, according to Balbix.
β Ep. 019 β Android holes, iOS screengrabbing and USB poo [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast - enjoy!π Read
via "Naked Security".
Naked Security
Ep. 019 β Android holes, iOS screengrabbing and USB poo [PODCAST]
Hereβs the latest Naked Security podcast β enjoy!
π More developers are abusing Apple Developer Enterprise Program to distribute illicit apps π
π Read
via "Security on TechRepublic".
Apple has less of an iron grip over iOS than first thought, as organizations are using the Developer Enterprise Program for apps that would not be allowed in the App Store.π Read
via "Security on TechRepublic".
TechRepublic
More developers are abusing Apple Developer Enterprise Program to distribute illicit apps
Apple has less of an iron grip over iOS than first thought, as organizations are using the Developer Enterprise Program for apps that would not be allowed in the App Store.
β Unpatched Apple macOS Hole Exposes Safari Browsing History β
π Read
via "Threatpost | The first stop for security news".
There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories..π Read
via "Threatpost | The first stop for security news".
Threat Post
Unpatched Apple macOS Hole Exposes Safari Browsing History
Apple has since acknowledged the flaw.
β βDirty Sockβ Flaw in snapd Allows Root Access to Linux Servers β
π Read
via "Threatpost | The first stop for security news".
The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions.π Read
via "Threatpost | The first stop for security news".
Threat Post
βDirty Sockβ Flaw in snapd Allows Root Access to Linux Servers
The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions.
β Evil USB O.MG Cable opens up Wi-Fi to remote attacks β
π Read
via "Naked Security".
... and enables de-authenticaton attacks that could knock targeted systems off the Wi-Fi and onto one of these nefarious cables.π Read
via "Naked Security".
Naked Security
Evil USB O.MG cable opens up Wi-Fi to remote attacks
β¦ and enables de-authenticaton attacks that could knock targeted systems off the Wi-Fi and onto one of these nefarious cables.
β Another flaw found in macOS Mojaveβs privacy protection β
π Read
via "Naked Security".
Ever since Apple announced enhanced privacy protection for macOS Mojave 10.14 last September, a dedicated band of researchers has been poking away at it looking for security flaws. Here's another.π Read
via "Naked Security".
Naked Security
Another flaw found in macOS Mojaveβs privacy protection
Ever since Apple announced enhanced privacy protection for macOS Mojave 10.14 last September, a dedicated band of researchers has been poking away at it looking for security flaws. Hereβs anoβ¦
π΄ Lessons Learned from a Hard-Hitting Security Review π΄
π Read
via "Dark Reading: ".
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.π Read
via "Dark Reading: ".
Dark Reading
Lessons Learned from a Hard-Hitting Security Review
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
π΄ 70% of Consumers Want Biometrics in the Workplace π΄
π Read
via "Dark Reading: ".
Speed, simplicity, and security underscore their desire, a new study shows.π Read
via "Dark Reading: ".
Dark Reading
70% of Consumers Want Biometrics in the Workplace
Speed, simplicity, and security underscore their desire, a new study shows.
π How to protect and secure your web browsing with the Brave browser π
π Read
via "Security on TechRepublic".
The Brave browser offers built-in protection against ad trackers, third-party cookies, and other potential threats to your privacy. Here's how to use it and tweak it.π Read
via "Security on TechRepublic".
TechRepublic
How to protect and secure your web browsing with the Brave browser
The Brave browser offers built-in protection against ad trackers, third-party cookies, and other potential threats to your privacy. Here's how to use it and tweak it.
π How to create a home office VPN server with Microsoft Azure π
π Read
via "Security on TechRepublic".
Creating a do-it-yourself VPN that you manage and access on your own terms is not as difficult as you might think.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2018-0696
π Read
via "National Vulnerability Database".
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.π Read
via "National Vulnerability Database".
π΄ 5 Expert Tips for Complying with the New PCI Software Security Framework π΄
π Read
via "Dark Reading: ".
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.π Read
via "Dark Reading: ".
Dark Reading
5 Expert Tips for Complying with the New PCI Software Security Framework
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
π΄ Scammers Fall in Love with Valentine's Day π΄
π Read
via "Dark Reading: ".
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.π Read
via "Dark Reading: ".
Darkreading
Scammers Fall in Love with Valentine's Day
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.