π΄ Citrix Breach Underscores Password Perils π΄
π Read
via "Dark Reading: ".
Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.π Read
via "Dark Reading: ".
Darkreading
Citrix Breach Underscores Password Perils
Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.
π΄ Web Apps are Becoming Less Secure π΄
π Read
via "Dark Reading: ".
Critical vulnerabilities in web applications tripled in 2018, according to a new study.π Read
via "Dark Reading: ".
Dark Reading
Web Apps Are Becoming Less Secure
Critical vulnerabilities in web applications tripled in 2018, according to a new study.
π΄ There May be A Ceiling on Vulnerability Remediation π΄
π Read
via "Dark Reading: ".
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.π Read
via "Dark Reading: ".
Dark Reading
There May be A Ceiling on Vulnerability Remediation
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
β New bill would give parents an βEraser Buttonβ to delete kidsβ data β
π Read
via "Naked Security".
The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.π Read
via "Naked Security".
Naked Security
New bill would give parents an βEraser Buttonβ to delete kidsβ data
The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.
<b>⚙️ Judging Facebook's Privacy Shift ⚙️</b>
<code>Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services."</code><code>There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.</code><code>In security and privacy, the devil is always in the details -- and Zuckerberg's post provides none. But we'll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.</code><code>How Facebook treats people on its platform</code><code>Increased transparency over advertiser and app accesses to user data. Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn't go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.</code><code>Better -- and more usable -- privacy options. Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook's advertisers, which are the company's real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it's hard to understand the results of different options. But much of this is deliberate; Facebook doesn't want its users to make their data private from other users.</code><code>The company could give people better control over how -- and whether -- their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don't mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.</code><code>More user protection from stalking. "Facebook stalking" is often thought of as "stalking light," or "harmless." But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.</code><code>Fully ending real-name enforcement. Facebook's real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improveβ¦
<code>Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services."</code><code>There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.</code><code>In security and privacy, the devil is always in the details -- and Zuckerberg's post provides none. But we'll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.</code><code>How Facebook treats people on its platform</code><code>Increased transparency over advertiser and app accesses to user data. Today, Facebook users can download and view much of the data the company has about them. This is important, but it doesn't go far enough. The company could be more transparent about what data it shares with advertisers and others and how it allows advertisers to select users they show ads to. Facebook could use its substantial skills in usability testing to help people understand the mechanisms advertisers use to show them ads or the reasoning behind what it chooses to show in user timelines. It could deliver on promises in this area.</code><code>Better -- and more usable -- privacy options. Facebook users have limited control over how their data is shared with other Facebook users and almost no control over how it is shared with Facebook's advertisers, which are the company's real customers. Moreover, the controls are buried deep behind complex and confusing menu options. To be fair, some of this is because privacy is complex, and it's hard to understand the results of different options. But much of this is deliberate; Facebook doesn't want its users to make their data private from other users.</code><code>The company could give people better control over how -- and whether -- their data is used, shared, and sold. For example, it could allow users to turn off individually targeted news and advertising. By this, we don't mean simply making those advertisements invisible; we mean turning off the data flows into those tailoring systems. Finally, since most users stick to the default options when it comes to configuring their apps, a changing Facebook could tilt those defaults toward more privacy, requiring less tailoring most of the time.</code><code>More user protection from stalking. "Facebook stalking" is often thought of as "stalking light," or "harmless." But stalkers are rarely harmless. Facebook should acknowledge this class of misuse and work with experts to build tools that protect all of its users, especially its most vulnerable ones. Such tools should guide normal people away from creepiness and give victims power and flexibility to enlist aid from sources ranging from advocates to police.</code><code>Fully ending real-name enforcement. Facebook's real-names policy, requiring people to use their actual legal names on the platform, hurts people such as activists, victims of intimate partner violence, police officers whose work makes them targets, and anyone with a public persona who wishes to have control over how they identify to the public. There are many ways Facebook can improveβ¦
β Misconfigured Box accounts leak terabytes of companiesβ sensitive data β
π Read
via "Naked Security".
Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.π Read
via "Naked Security".
Naked Security
Misconfigured Box accounts leak terabytes of companiesβ sensitive data
Easily guessable URLs led to what should have been big companiesβ very private data. Even Box itself was found to be exposing folders.
β βFINAL WARNINGβ email β have they really hacked your webcam? β
π Read
via "Naked Security".
In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.π Read
via "Naked Security".
Naked Security
βFINAL WARNINGβ email β have they really hacked your webcam?
In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? Itβs all a pack of lies. Donβt reply. Donβt engage.
β Update now! WordPress abandoned cart plugin under attack β
π Read
via "Naked Security".
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.π Read
via "Naked Security".
Naked Security
Update now! WordPress abandoned cart plugin under attack
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.
π How to secure IoT devices: 6 factors to consider π
π Read
via "Security on TechRepublic".
While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.π Read
via "Security on TechRepublic".
TechRepublic
How to secure IoT devices: 6 factors to consider
While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.
β Chrome will soon block drive-by-download malvertising β
π Read
via "Naked Security".
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.π Read
via "Naked Security".
Naked Security
Chrome will soon block drive-by-download malvertising
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.
π How to wipe your USB drive before throwing it away π
π Read
via "Security on TechRepublic".
Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here's how to secure your data for disposal.π Read
via "Security on TechRepublic".
TechRepublic
How to wipe your USB drive before throwing it away
Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here's how to secure your data for disposal.
β Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw β
π Read
via "Threatpost".
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.π Read
via "Threatpost".
Threat Post
Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.
π΄ The Case for Transparency in End-User License Agreements π΄
π Read
via "Dark Reading: ".
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.π Read
via "Dark Reading: ".
Dark Reading
The Case for Transparency in End-User License Agreements
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
β Three Ways DNS is Weaponized and How to Mitigate the Risk β
π Read
via "Threatpost".
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.π Read
via "Threatpost".
Threat Post
Three Ways DNS is Weaponized and How to Mitigate the Risk
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.
π How to generate SSH keys on macOS Mojave π
π Read
via "Security on TechRepublic".
macOS is capable of working with SSH keys. Jack Wallen shows you how to generate the necessary keys and copy them to a server.π Read
via "Security on TechRepublic".
TechRepublic
How to generate SSH keys on macOS Mojave | TechRepublic
macOS is perfectly capable of working with SSH keys, for more secure remote connections. Jack Wallen shows you how to generate the necessary keys and copy them to a server.
β MAGA βSafe Spaceβ App Developer Threatens Security Researcher β
π Read
via "Threatpost".
The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.π Read
via "Threatpost".
Threat Post
MAGA βSafe Spaceβ App Developer Threatens Security Researcher
The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.
ATENTIONβΌ New - CVE-2018-17937
π Read
via "National Vulnerability Database".
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-2254
π Read
via "National Vulnerability Database".
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.π Read
via "National Vulnerability Database".
β Intel Windows 10 Graphics Drivers Riddled With Flaws β
π Read
via "Threatpost".
Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code code execution.π Read
via "Threatpost".
Threat Post
Intel Windows 10 Graphics Drivers Riddled With Flaws
Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code code execution.
π΄ 'SimBad': Android Adware Hits 210 Apps with 150M Downloads π΄
π Read
via "Dark Reading: ".
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.π Read
via "Dark Reading: ".
Dark Reading
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
π΄ IoT Anomaly Detection 101: Data Science to Predict the Unexpected π΄
π Read
via "Dark Reading: ".
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.π Read
via "Dark Reading: ".
Darkreading
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.