π΄ BEC Scammer Pleads Guilty π΄
π Read
via "Dark Reading: ".
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Years-Long Phishing Campaign Targets Saudi Gov Agencies β
π Read
via "Threatpost".
The campaign, codenamed βBad Tidings,β has sought out victimsβ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interiorβs e-Service portal.π Read
via "Threatpost".
Threat Post
Years-Long Phishing Campaign Targets Saudi Gov Agencies
The campaign, codenamed βBad Tidings,β has sought out victimsβ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interiorβs e-Service portal.
β Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats β
π Read
via "Threatpost".
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.π Read
via "Threatpost".
Threat Post
Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
β Mac-Focused Malvertising Campaign Abuses Google Firebase DBs β
π Read
via "Threatpost".
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.π Read
via "Threatpost".
Threat Post
Mac-Focused Malvertising Campaign Abuses Google Firebase DBs
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
π΄ Researchers Seek Out Ways to Search IPv6 Space π΄
π Read
via "Dark Reading: ".
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?π Read
via "Dark Reading: ".
Dark Reading
Researchers Seek Out Ways to Search IPv6 Space - Dark Reading
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?
β FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes β
π Read
via "Naked Security".
According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.π Read
via "Naked Security".
Naked Security
FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes
According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.
β Opera brings back free VPN service to its Android browser β
π Read
via "Naked Security".
Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.π Read
via "Naked Security".
Sophos
Opera brings back free VPN service to its Android browser β Naked Security
Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.
β Flaw in popular PDF creation library enabled remote code execution β
π Read
via "Naked Security".
A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.π Read
via "Naked Security".
Naked Security
Flaw in popular PDF creation library enabled remote code execution
A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.
β Researcher finds new way to sniff Windows BitLocker encryption keys β
π Read
via "Naked Security".
A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.π Read
via "Naked Security".
Naked Security
Researcher finds new way to sniff Windows BitLocker encryption keys
A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) duβ¦
β Cisco Patches High-Severity Flaws in IP Phones β
π Read
via "Threatpost".
The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.π Read
via "Threatpost".
Threat Post
Cisco Patches High-Severity Flaws in IP Phones
The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
π Why digital transformation could open you up to a DDoS attack π
π Read
via "Security on TechRepublic".
One hour of downtime from a DDoS attack costs an average of $221,837 globally, according to Netscout.π Read
via "Security on TechRepublic".
TechRepublic
Why digital transformation could open you up to a DDoS attack
One hour of downtime from a DDoS attack costs an average of $221,837 globally, according to Netscout.
π Vulnerability in Android Instant Apps can be used to steal history, authentication tokens π
π Read
via "Security on TechRepublic".
Google's Instant Apps feature allows you to try apps before installing them, though a vulnerability allows attackers to abuse the feature to steal data.π Read
via "Security on TechRepublic".
TechRepublic
Vulnerability in Android Instant Apps can be used to steal history, authentication tokens
Google's Instant Apps feature allows you to try apps before installing them, though a vulnerability allows attackers to abuse the feature to steal data.
β MyPillow and Amerisleep Targeted in Magecart Group Attacks β
π Read
via "Threatpost".
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.π Read
via "Threatpost".
Threat Post
MyPillow and Amerisleep Targeted in Magecart Group Attacks
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
π How to encrypt files with FinalCrypt π
π Read
via "Security on TechRepublic".
If you're looking for an encryption tool that offers a unique approach and a well-designed GUI, FinalCrypt might be just the tool.π Read
via "Security on TechRepublic".
TechRepublic
How to encrypt files with FinalCrypt
If you're looking for an encryption tool that offers a unique approach and a well-designed GUI, FinalCrypt might be just the tool.
β Facebook Stored Passwords in Plain Text For Years β
π Read
via "Threatpost".
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.π Read
via "Threatpost".
Threat Post
Facebook Stored Passwords in Plain Text For Years
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.
ATENTIONβΌ New - CVE-2018-10093
π Read
via "National Vulnerability Database".
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10091
π Read
via "National Vulnerability Database".
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-2659
π Read
via "National Vulnerability Database".
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1713
π Read
via "National Vulnerability Database".
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-16232
π Read
via "National Vulnerability Database".
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.π Read
via "National Vulnerability Database".