β Project Zero Discloses High-Severity Apple macOS Flaw β
π Read
via "Threatpost".
Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.π Read
via "Threatpost".
Threat Post
Project Zero Discloses High-Severity Apple macOS Flaw
Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.
π 3 ways geopolitical attacks could impact your business this year π
π Read
via "Security on TechRepublic".
Nearly 75% of CEOs say their companies are affected by geopolitical cyber attacks, but only 15% feel resilient, according to a PwC report.π Read
via "Security on TechRepublic".
TechRepublic
3 ways geopolitical attacks could impact your business this year
Nearly 75% of CEOs say their companies are affected by geopolitical cyber attacks, but only 15% feel resilient, according to a PwC report.
β Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data β
π Read
via "Threatpost".
A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time.π Read
via "Threatpost".
Threat Post
Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data
A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time.
ATENTIONβΌ New - CVE-2017-15515
π Read
via "National Vulnerability Database".
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.π Read
via "National Vulnerability Database".
β Teen Becomes First to Earn $1M in Bug Bounties with HackerOne β
π Read
via "Threatpost".
He is also the all-time top-ranked hacker on HackerOneβs leaderboard, out of more than 330,000 hackers competing for the top spot.π Read
via "Threatpost".
Threat Post
Teen Becomes First to Earn $1M in Bug Bounties with HackerOne
He is also the all-time top-ranked hacker on HackerOneβs leaderboard, out of more than 330,000 hackers competing for the top spot.
π΄ Startup Armor Scientific Launches Multifactor Identity System π΄
π Read
via "Dark Reading: ".
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.π Read
via "Dark Reading: ".
Dark Reading
Startup Armor Scientific Launches Multifactor Identity System
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
π΄ CrowdStrike Debuts Mobile Threat Detection System at RSA Conference π΄
π Read
via "Dark Reading: ".
Falcon for Mobile offers detection and response capabilities for mobile platforms.π Read
via "Dark Reading: ".
Dark Reading
CrowdStrike Debuts Mobile Threat Detection System at RSA Conference
Falcon for Mobile offers detection and response capabilities for mobile platforms.
π΄ Fixing Fragmentation Can Yield Tangible Benefits π΄
π Read
via "Dark Reading: ".
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.π Read
via "Dark Reading: ".
Dark Reading
Fixing Fragmentation Can Yield Tangible Benefits
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
π΄ Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018 π΄
π Read
via "Dark Reading: ".
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.π Read
via "Dark Reading: ".
Dark Reading
Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
π΄ Chronicle Releases Chapter One: Backstory π΄
π Read
via "Dark Reading: ".
Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.π Read
via "Dark Reading: ".
Dark Reading
Chronicle Releases Chapter One: Backstory
Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
β BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained β
π Read
via "Threatpost".
Users of Logitechβs Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.π Read
via "Threatpost".
Threat Post
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
Users of Logitechβs Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.
π Employees are the biggest risk to enterprise mobile device security, report says π
π Read
via "Security on TechRepublic".
While mobile security risks have skyrocketed, 85% of organizations say they aren't doing enough to stay protected, according to a Verizon report.π Read
via "Security on TechRepublic".
TechRepublic
Employees are the biggest risk to enterprise mobile device security, report says
While mobile security risks have skyrocketed, 85% of organizations say they aren't doing enough to stay protected, according to a Verizon report.
β Apple gets bug for free, while world sees first $1m bug hunter β
π Read
via "Naked Security".
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.π Read
via "Naked Security".
Naked Security
Apple gets bug for free, while HackerOne declares first $1m bug hunter
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.
β RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes β
π Read
via "Threatpost".
Researchers say that Microsoft won't issue a patch for the issue.π Read
via "Threatpost".
Threat Post
RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes
Researchers say that Microsoft won't issue a patch for the issue.
β Windows IoT Core exploitable via ethernet β
π Read
via "Naked Security".
Microsoft's IoT version of Windows is vulnerable to an exploit that could give an attacker complete control of the system.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase β
π Read
via "Threatpost".
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.π Read
via "Threatpost".
Threat Post
RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.
β RSAC 2019: Picking Apart the Foreshadow Attack β
π Read
via "Threatpost".
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.π Read
via "Threatpost".
Threat Post
RSA Conference 2019: Picking Apart the Foreshadow Attack
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.
β Update now! Critical Adobe ColdFusion flaw now being exploited β
π Read
via "Naked Security".
Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.π Read
via "Naked Security".
Naked Security
Update now! Critical Adobe ColdFusion flaw now being exploited
Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.
β Comcast security nightmare: default β0000β PIN on everybodyβs account β
π Read
via "Naked Security".
It didn't require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customersβ¦ and phone hijackers.π Read
via "Naked Security".
Naked Security
Comcast security nightmare: default β0000β PIN on everybodyβs account
It didnβt require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customersβ¦ and phone hijackers.
π΄ Incident Response: Having a Plan Isn't Enough π΄
π Read
via "Dark Reading: ".
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.π Read
via "Dark Reading: ".
β RSAC 2019: Most Consumers Say βNoβ to Cumbersome Data Privacy Practices β
π Read
via "Threatpost".
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.π Read
via "Threatpost".
Threat Post
RSAC 2019: Most Consumers Say βNoβ to Cumbersome Data Privacy Practices
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.