π΄ Box Mistakes Leave Enterprise Data Exposed π΄
π Read
via "Dark Reading: ".
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.π Read
via "Dark Reading: ".
Dark Reading
Box Mistakes Leave Enterprise Data Exposed
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
β ThreatList: Phishing Attacks Doubled in 2018 β
π Read
via "Threatpost".
Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report.π Read
via "Threatpost".
Threat Post
ThreatList: Phishing Attacks Doubled in 2018
Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report.
β Microsoft Patches Two Win32k Bugs Under Active Attack β
π Read
via "Threatpost".
Microsoft's March Patch Tuesday updates include 64 fixes, 17 of which are rated critical.π Read
via "Threatpost".
Threat Post
Microsoft Patches Two Win32k Bugs Under Active Attack
March Patch Tuesday updates include 64 CVEs, 17 of which are rated critical.
π΄ How the Best DevSecOps Teams Make Risk Visible to Developers π΄
π Read
via "Dark Reading: ".
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.π Read
via "Dark Reading: ".
Dark Reading
How the Best DevSecOps Teams Make Risk Visible to Developers
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
β Federal Focus on Cyber Plays Out in Presidentβs Budget, IoT Legislation β
π Read
via "Threatpost".
Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.π Read
via "Threatpost".
Threat Post
Federal Focus on Cyber Plays Out in Presidentβs Budget, IoT Legislation
Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.
π΄ Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack π΄
π Read
via "Dark Reading: ".
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Citrix Breach Underscores Password Perils π΄
π Read
via "Dark Reading: ".
Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.π Read
via "Dark Reading: ".
Darkreading
Citrix Breach Underscores Password Perils
Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.
π΄ Web Apps are Becoming Less Secure π΄
π Read
via "Dark Reading: ".
Critical vulnerabilities in web applications tripled in 2018, according to a new study.π Read
via "Dark Reading: ".
Dark Reading
Web Apps Are Becoming Less Secure
Critical vulnerabilities in web applications tripled in 2018, according to a new study.
π΄ There May be A Ceiling on Vulnerability Remediation π΄
π Read
via "Dark Reading: ".
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.π Read
via "Dark Reading: ".
Dark Reading
There May be A Ceiling on Vulnerability Remediation
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
β New bill would give parents an βEraser Buttonβ to delete kidsβ data β
π Read
via "Naked Security".
The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.π Read
via "Naked Security".
Naked Security
New bill would give parents an βEraser Buttonβ to delete kidsβ data
The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.
<b>⚙️ Judging Facebook's Privacy Shift ⚙️</b>
<code>Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services."</code><code>There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.</code><code>In security and privacy, the devil is always in the details -- and Zuckerberg's post provides none. But we'll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.</code><code>How Facebook treats people on its platform</code><code>Increased transparency over advertiser and app accesses to user data. Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn't go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.</code><code>Better -- and more usable -- privacy options. Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook's advertisers, which are the company's real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it's hard to understand the results of different options. But much of this is deliberate; Facebook doesn't want its users to make their data private from other users.</code><code>The company could give people better control over how -- and whether -- their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don't mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.</code><code>More user protection from stalking. "Facebook stalking" is often thought of as "stalking light," or "harmless." But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.</code><code>Fully ending real-name enforcement. Facebook's real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improveβ¦
<code>Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services."</code><code>There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.</code><code>In security and privacy, the devil is always in the details -- and Zuckerberg's post provides none. But we'll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.</code><code>How Facebook treats people on its platform</code><code>Increased transparency over advertiser and app accesses to user data. Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn't go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.</code><code>Better -- and more usable -- privacy options. Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook's advertisers, which are the company's real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it's hard to understand the results of different options. But much of this is deliberate; Facebook doesn't want its users to make their data private from other users.</code><code>The company could give people better control over how -- and whether -- their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don't mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.</code><code>More user protection from stalking. "Facebook stalking" is often thought of as "stalking light," or "harmless." But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.</code><code>Fully ending real-name enforcement. Facebook's real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improveβ¦
β Misconfigured Box accounts leak terabytes of companiesβ sensitive data β
π Read
via "Naked Security".
Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.π Read
via "Naked Security".
Naked Security
Misconfigured Box accounts leak terabytes of companiesβ sensitive data
Easily guessable URLs led to what should have been big companiesβ very private data. Even Box itself was found to be exposing folders.
β βFINAL WARNINGβ email β have they really hacked your webcam? β
π Read
via "Naked Security".
In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.π Read
via "Naked Security".
Naked Security
βFINAL WARNINGβ email β have they really hacked your webcam?
In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? Itβs all a pack of lies. Donβt reply. Donβt engage.
β Update now! WordPress abandoned cart plugin under attack β
π Read
via "Naked Security".
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.π Read
via "Naked Security".
Naked Security
Update now! WordPress abandoned cart plugin under attack
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.
π How to secure IoT devices: 6 factors to consider π
π Read
via "Security on TechRepublic".
While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.π Read
via "Security on TechRepublic".
TechRepublic
How to secure IoT devices: 6 factors to consider
While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.
β Chrome will soon block drive-by-download malvertising β
π Read
via "Naked Security".
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.π Read
via "Naked Security".
Naked Security
Chrome will soon block drive-by-download malvertising
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.
π How to wipe your USB drive before throwing it away π
π Read
via "Security on TechRepublic".
Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here's how to secure your data for disposal.π Read
via "Security on TechRepublic".
TechRepublic
How to wipe your USB drive before throwing it away
Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here's how to secure your data for disposal.
β Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw β
π Read
via "Threatpost".
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.π Read
via "Threatpost".
Threat Post
Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.
π΄ The Case for Transparency in End-User License Agreements π΄
π Read
via "Dark Reading: ".
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.π Read
via "Dark Reading: ".
Dark Reading
The Case for Transparency in End-User License Agreements
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
β Three Ways DNS is Weaponized and How to Mitigate the Risk β
π Read
via "Threatpost".
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.π Read
via "Threatpost".
Threat Post
Three Ways DNS is Weaponized and How to Mitigate the Risk
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.
π How to generate SSH keys on macOS Mojave π
π Read
via "Security on TechRepublic".
macOS is capable of working with SSH keys. Jack Wallen shows you how to generate the necessary keys and copy them to a server.π Read
via "Security on TechRepublic".
TechRepublic
How to generate SSH keys on macOS Mojave | TechRepublic
macOS is perfectly capable of working with SSH keys, for more secure remote connections. Jack Wallen shows you how to generate the necessary keys and copy them to a server.