π¦Ώ T-Mobile was breached: Here's how to protect your account π¦Ώ
π Read
via "Tech Republic".
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.π Read
via "Tech Republic".
TechRepublic
T-Mobile was breached: Here's how to protect your account
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.
βΌ CVE-2021-23025 βΌ
π Read
via "National Vulnerability Database".
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23028 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23030 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23027 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23029 βΌ
π Read
via "National Vulnerability Database".
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23026 βΌ
π Read
via "National Vulnerability Database".
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π’ Apple patches zero-day flaw abused by infamous NSO exploit π’
π Read
via "ITPro".
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interactionπ Read
via "ITPro".
ITPro
Apple patches zero-day flaw abused by infamous NSO exploit
The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
π’ WhatsApp activates end-to-end encrypted cloud backups π’
π Read
via "ITPro".
The messaging service will grant users a password-protected key when they save their chat histories to the cloudπ Read
via "ITPro".
IT PRO
WhatsApp activates end-to-end encrypted cloud backups | IT PRO
The messaging service will grant users a password-protected key when they save their chat histories to the cloud
π’ Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme π’
π Read
via "ITPro".
Ontario resident laundered cash for North Korea from bank heists and BEC scamsπ Read
via "ITPro".
IT PRO
Dual citizen sentenced to 11 years for laundering money | IT PRO
Ontario resident laundered cash for North Korea from bank heists and BEC scams
π’ Olympus hit by suspected ransomware attack π’
π Read
via "ITPro".
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incidentπ Read
via "ITPro".
IT PRO
Olympus hit by suspected ransomware attack | IT PRO
The former digital camera specialist has shut down its networks in Europe, Africa and the Middle East while it investigates the incident
π’ Irish data regulator fails to resolve 98% of big tech GDPR cases π’
π Read
via "ITPro".
Campaigners accuse the Irish DPC of being the βbottleneckβ for GDPR enforcement with 160 unresolved complaintsπ Read
via "ITPro".
IT PRO
Irish data regulator fails to resolve 98% of big tech GDPR cases | IT PRO
Campaigners accuse the Irish DPC of being the βbottleneckβ for GDPR enforcement with 160 unresolved complaints
π’ Google handed user data to Hong Kong authorities despite pledge π’
π Read
via "ITPro".
The tech giant last year said it would suspend the processing of user data requests from the Hong Kong government after a law that criminalised protests was introducedπ Read
via "ITPro".
IT PRO
Google handed user data to Hong Kong authorities despite pledge | IT PRO
The tech giant last year said it would suspend the processing of user data requests from the Hong Kong government after a law that criminalised protests was introduced
π’ Medigate and CrowdStrike bolster IoT medical device security π’
π Read
via "ITPro".
CrowdStrike will integrate its Falcon software with Medigateβs device security platformπ Read
via "ITPro".
IT PRO
Medigate and CrowdStrike team to bolster IoT medical devicesβ security | IT PRO
CrowdStrike will integrate its Falcon software with Medigateβs device security platform
π’ Hackers develop Linux port of Cobalt Strike for new attacks π’
π Read
via "ITPro".
The modified version of the penetration testing toolkit can evade malware detectionπ Read
via "ITPro".
IT PRO
Hackers develop Linux port of Cobalt Strike for new attacks | IT PRO
The modified version of the penetration testing toolkit can evade malware detection
π’ BT conducts 'world's first' trial of quantum-secure communications π’
π Read
via "ITPro".
The achievement was made possible using hollow-core fibre cable provided by a Southampton Uni startupπ Read
via "ITPro".
IT PRO
BT conducts 'world's first' trial of quantum-secure communications | IT PRO
The achievement was made possible using hollow-core fibre cable provided by a Southampton Uni startup
π’ Robust password policies cut cyber attacks by 60% π’
π Read
via "ITPro".
Research shows that hackers most often use brute force password attacks and flaw exploitationπ Read
via "ITPro".
IT PRO
Better patch management and password policies cut cyber attacks by 60% | IT PRO
New research shows that hackers most often use brute force password attacks and flaw exploitation
π’ The most secure email services of 2021 π’
π Read
via "ITPro".
Email is not secure by design, but these email providers allow you to send emails with top-level securityπ Read
via "ITPro".
IT PRO
The most secure email services of 2021 | IT PRO
Email is not secure by design, but these email providers allow you to send emails with top-level security
π’ Smishing attacks increased 700% in first six months of 2021 π’
π Read
via "ITPro".
Which? has urged businesses to play their part to protect people from text message scamsπ Read
via "ITPro".
IT PRO
Smishing attacks increased 700% in first six months of 2021 | IT PRO
Which? has urged businesses to play their part to protect people from text message scams
π’ IoT devices are more vulnerable than ever π’
π Read
via "ITPro".
Ove a billion attacks recorded on IoT devices in the first six months of the yearπ Read
via "ITPro".
IT PRO
IoT devices are more vulnerable than ever | IT PRO
Ove a billion attacks recorded on IoT devices in the first six months of the year
ποΈ Credential leak fears raised following security breach at Travis CI ποΈ
π Read
via "The Daily Swig".
DevOps firm slammed for βabysmalβ incident responseπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Credential leak fears raised following security breach at Travis CI
DevOps firm slammed for βabysmalβ incident response