ATENTIONβΌ New - CVE-2018-12397
π Read
via "National Vulnerability Database".
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12396
π Read
via "National Vulnerability Database".
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12395
π Read
via "National Vulnerability Database".
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12393
π Read
via "National Vulnerability Database".
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12392
π Read
via "National Vulnerability Database".
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12391
π Read
via "National Vulnerability Database".
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12390
π Read
via "National Vulnerability Database".
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12389
π Read
via "National Vulnerability Database".
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12388
π Read
via "National Vulnerability Database".
Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.π Read
via "National Vulnerability Database".
π΄ Solving Security: Repetition or Redundancy? π΄
π Read
via "Dark Reading: ".
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.π Read
via "Dark Reading: ".
Dark Reading
Solving Security: Repetition or Redundancy?
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
π΄ Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles π΄
π Read
via "Dark Reading: ".
In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.π Read
via "Dark Reading: ".
Darkreading
Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles
In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.
β The βMomo challengeβ β why itβs time to stop the hype [VIDEO] β
π Read
via "Naked Security".
What's the real deal with the "Momo challenge"?π Read
via "Naked Security".
Naked Security
The βMomo challengeβ β why itβs time to stop the hype [VIDEO]
Whatβs the real deal with the βMomo challengeβ?
π Using your Office 365 Secure Score π
π Read
via "Security on TechRepublic".
Office 365, Microsoft 365 and the Security Graph are coming together at last.π Read
via "Security on TechRepublic".
β Dow Jones Watchlist of risky businesses exposed on public server β
π Read
via "Naked Security".
A company with access to the Dow Jones Watchlist of risky people and businesses left it on a public AWS server without a password.π Read
via "Naked Security".
Naked Security
Dow Jones Watchlist of risky businesses exposed on public server
A company with access to the Dow Jones Watchlist of risky people and businesses left it on a public AWS server without a password.
β Disgruntled dev blames crypto-wallet for losing cryptocoins β
π Read
via "Naked Security".
Warith Al Maawali is blaming wallet vendor Coinomi for the loss of $65,000 in bitcoin. Coinomi countered by blaming him for blackmail.π Read
via "Naked Security".
Naked Security
Disgruntled dev blames crypto-wallet for losing cryptocoins
Warith Al Maawali is blaming wallet vendor Coinomi for the loss of $65,000 in bitcoin. Coinomi countered by blaming him for blackmail.
β For sale: iPhone hacking tool, one previous (not very careful) owner β
π Read
via "Naked Security".
At $100, the old-gen iPhone encryption-cracking tools are a bargain to hackers looking to pick up leftover forensics or police Wi-Fi data.π Read
via "Naked Security".
Naked Security
For sale: iPhone hacking tool, one previous (not very careful) owner
At $100, the old-gen iPhone encryption-cracking tools are a bargain to hackers looking to pick up leftover forensics or police Wi-Fi data.
β Data-tracking Chrome flaw triggered by viewing PDFs β
π Read
via "Naked Security".
Researchers have spotted an unusual βtrackwareβ attack triggered by a viewing a PDF inside the Chrome browser.π Read
via "Naked Security".
Naked Security
Data-tracking Chrome flaw triggered by viewing PDFs
Researchers have spotted an unusual βtrackwareβ attack triggered by a viewing a PDF inside the Chrome browser.
π΄ Encryption Offers Safe Haven for Criminals and Malware π΄
π Read
via "Dark Reading: ".
The same encryption that secures private enterprise data also provides security to malware authors and criminal networks.π Read
via "Dark Reading: ".
Darkreading
Encryption Offers Safe Haven for Criminals and Malware
The same encryption that secures private enterprise data also provides security to malware authors and criminal networks.
π΄ Security Pros Agree: Cloud Adoption Outpaces Security π΄
π Read
via "Dark Reading: ".
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.π Read
via "Dark Reading: ".
Dark Reading
Security Pros Agree: Cloud Adoption Outpaces Security
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.
π What is SOX Compliance? 2019 SOX Requirements & More π
π Read
via "Subscriber Blog RSS Feed ".
A DEFINITION OF SOX COMPLIANCEπ Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
What is SOX Compliance? 2023 SOX Requirements & More
Learn about SOX compliance in Data Protection 101, our series on the fundamentals of data security.
π Your systems, their profit: How IT rights can be abused for shadow mining of cryptocurrency π
π Read
via "Security on TechRepublic".
IT professionals have the know-how and requisite privileges to deploy Bitcoin miners, and to cover their tracks. Could your organization be at risk?π Read
via "Security on TechRepublic".
TechRepublic
Your systems, their profit: How IT rights can be abused for shadow mining of cryptocurrency
IT professionals have the know-how and requisite privileges to deploy Bitcoin miners, and to cover their tracks. Could your organization be at risk?