❌ Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes ❌

Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation.

📖 Read

via "Threatpost".

🕴 Cybercriminals Think Small to Earn Big 🕴

As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.

📖 Read

via "Dark Reading: ".

ATENTION‼ New - CVE-2018-17944

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

📖 Read

via "National Vulnerability Database".

🔏 Misconfigured Box Accounts Yield Sensitive Data 🔏

Nearly 100 companies were exposing sensitive data, including raw CAD files and Social Security Numbers, on misconfigured Box accounts.

📖 Read

via "Subscriber Blog RSS Feed ".

🕴 5 Essentials for Securing and Managing Windows 10 🕴

It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.

📖 Read

via "Dark Reading: ".

🕴 It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job 🕴

Meanwhile, organizations are looking at nonconventional ways to staff up and train their workforce as technical expertise gets even harder to find.

📖 Read

via "Dark Reading: ".

🕴 Box Mistakes Leave Enterprise Data Exposed 🕴

User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.

📖 Read

via "Dark Reading: ".

❌ ThreatList: Phishing Attacks Doubled in 2018 ❌

Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report.

📖 Read

via "Threatpost".

❌ Microsoft Patches Two Win32k Bugs Under Active Attack ❌

Microsoft's March Patch Tuesday updates include 64 fixes, 17 of which are rated critical.

📖 Read

via "Threatpost".

🕴 How the Best DevSecOps Teams Make Risk Visible to Developers 🕴

DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.

📖 Read

via "Dark Reading: ".

❌ Federal Focus on Cyber Plays Out in President’s Budget, IoT Legislation ❌

Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.

📖 Read

via "Threatpost".

🕴 Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack 🕴

Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.

📖 Read

via "Dark Reading: ".

🕴 Citrix Breach Underscores Password Perils 🕴

Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.

📖 Read

via "Dark Reading: ".

🕴 Web Apps are Becoming Less Secure 🕴

Critical vulnerabilities in web applications tripled in 2018, according to a new study.

📖 Read

via "Dark Reading: ".

🕴 There May be A Ceiling on Vulnerability Remediation 🕴

Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.

📖 Read

via "Dark Reading: ".

⚠ New bill would give parents an ‘Eraser Button’ to delete kids’ data ⚠

The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.

📖 Read

via "Naked Security".

<b>&#9881;&#65039; Judging Facebook's Privacy Shift &#9881;&#65039;</b>

<code>Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services."</code><code>There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.</code><code>In security and privacy, the devil is always in the details -- and Zuckerberg's post provides none. But we'll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.</code><code>How Facebook treats people on its platform</code><code>Increased transparency over advertiser and app accesses to user data. Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn't go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.</code><code>Better -- and more usable -- privacy options. Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook's advertisers, which are the company's real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it's hard to understand the results of different options. But much of this is deliberate; Facebook doesn't want its users to make their data private from other users.</code><code>The company could give people better control over how -- and whether -- their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don't mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.</code><code>More user protection from stalking. "Facebook stalking" is often thought of as "stalking light," or "harmless." But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.</code><code>Fully ending real-name enforcement. Facebook's real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improve…

⚠ Misconfigured Box accounts leak terabytes of companies’ sensitive data ⚠

Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.

📖 Read

via "Naked Security".

⚠ “FINAL WARNING” email – have they really hacked your webcam? ⚠

In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.

📖 Read

via "Naked Security".

⚠ Update now! WordPress abandoned cart plugin under attack ⚠

Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.

📖 Read

via "Naked Security".

🔐 How to secure IoT devices: 6 factors to consider 🔐

While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.

📖 Read

via "Security on TechRepublic".