π΄ Chronicle Releases Chapter One: Backstory π΄
π Read
via "Dark Reading: ".
Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.π Read
via "Dark Reading: ".
Dark Reading
Chronicle Releases Chapter One: Backstory
Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
β BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained β
π Read
via "Threatpost".
Users of Logitechβs Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.π Read
via "Threatpost".
Threat Post
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
Users of Logitechβs Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.
π Employees are the biggest risk to enterprise mobile device security, report says π
π Read
via "Security on TechRepublic".
While mobile security risks have skyrocketed, 85% of organizations say they aren't doing enough to stay protected, according to a Verizon report.π Read
via "Security on TechRepublic".
TechRepublic
Employees are the biggest risk to enterprise mobile device security, report says
While mobile security risks have skyrocketed, 85% of organizations say they aren't doing enough to stay protected, according to a Verizon report.
β Apple gets bug for free, while world sees first $1m bug hunter β
π Read
via "Naked Security".
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.π Read
via "Naked Security".
Naked Security
Apple gets bug for free, while HackerOne declares first $1m bug hunter
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.
β RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes β
π Read
via "Threatpost".
Researchers say that Microsoft won't issue a patch for the issue.π Read
via "Threatpost".
Threat Post
RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes
Researchers say that Microsoft won't issue a patch for the issue.
β Windows IoT Core exploitable via ethernet β
π Read
via "Naked Security".
Microsoft's IoT version of Windows is vulnerable to an exploit that could give an attacker complete control of the system.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase β
π Read
via "Threatpost".
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.π Read
via "Threatpost".
Threat Post
RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.
β RSAC 2019: Picking Apart the Foreshadow Attack β
π Read
via "Threatpost".
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.π Read
via "Threatpost".
Threat Post
RSA Conference 2019: Picking Apart the Foreshadow Attack
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.
β Update now! Critical Adobe ColdFusion flaw now being exploited β
π Read
via "Naked Security".
Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.π Read
via "Naked Security".
Naked Security
Update now! Critical Adobe ColdFusion flaw now being exploited
Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.
β Comcast security nightmare: default β0000β PIN on everybodyβs account β
π Read
via "Naked Security".
It didn't require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customersβ¦ and phone hijackers.π Read
via "Naked Security".
Naked Security
Comcast security nightmare: default β0000β PIN on everybodyβs account
It didnβt require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customersβ¦ and phone hijackers.
π΄ Incident Response: Having a Plan Isn't Enough π΄
π Read
via "Dark Reading: ".
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.π Read
via "Dark Reading: ".
β RSAC 2019: Most Consumers Say βNoβ to Cumbersome Data Privacy Practices β
π Read
via "Threatpost".
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.π Read
via "Threatpost".
Threat Post
RSAC 2019: Most Consumers Say βNoβ to Cumbersome Data Privacy Practices
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.
π΄ Organizations Taking Less Time to Detect Breaches π΄
π Read
via "Dark Reading: ".
But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.π Read
via "Dark Reading: ".
Darkreading
Organizations Taking Less Time to Detect Breaches
But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.
β RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure β
π Read
via "Threatpost".
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.π Read
via "Threatpost".
Threat Post
RSAC 2019: Joomla! Flaw Exploited to Create Mass Phishing Infrastructure
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.
π΄ Axonius' 'Unsexy' Tool Wins RSAC Innovation Sandbox π΄
π Read
via "Dark Reading: ".
Judges award top honor to new company solving an old, unsolved problem: asset discovery and management.π Read
via "Dark Reading: ".
β Companies are flying blind on cybersecurity β
π Read
via "Naked Security".
IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.π Read
via "Naked Security".
Naked Security
Companies are flying blind on cybersecurity
IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.
π The public sector is a cyberattack magnet, manual processes are to blame π
π Read
via "Security on TechRepublic".
More than half (51%) of respondents said their security teams spend more time on manual processes than handling vulnerabilities, according to a Tenable and Ponemon report.π Read
via "Security on TechRepublic".
TechRepublic
The public sector is a cyberattack magnet, manual processes are to blame
More than half (51%) of respondents said their security teams spend more time on manual processes than handling vulnerabilities, according to a Tenable and Ponemon report.
π΄ Artificial Intelligence: The Terminator of Malware π΄
π Read
via "Dark Reading: ".
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?π Read
via "Dark Reading: ".
π΄ 6 Questions to Ask While Buying a Connected Car π΄
π Read
via "Dark Reading: ".
Here are six questions to keep in mind when you walk into the showroom to buy a networked car.π Read
via "Dark Reading: ".
π Insider cyberthreats in government agencies hit all-time high, report says π
π Read
via "Security on TechRepublic".
Untrained insiders and foreign governments create huge cybersecurity risks in government agencies, according to a SolarWinds report.π Read
via "Security on TechRepublic".
TechRepublic
Insider cyberthreats in government agencies hit all-time high, report says
Untrained insiders and foreign governments create huge cybersecurity risks in government agencies, according to a SolarWinds report.
ATENTIONβΌ New - CVE-2018-15361
π Read
via "National Vulnerability Database".
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.π Read
via "National Vulnerability Database".