ATENTIONβΌ New - CVE-2015-6461
π Read
via "National Vulnerability Database".
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.π Read
via "National Vulnerability Database".
β WordPress Plugin Removed After Zero Day Discovered β
π Read
via "Threatpost".
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.π Read
via "Threatpost".
Threat Post
WordPress Plugin Patched After Zero Day Discovered
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
π΄ Businesses Manage 9.7PB of Data but Struggle to Protect It π΄
π Read
via "Dark Reading: ".
What's more, their attempts to secure it may be putting information at risk, a new report finds.π Read
via "Dark Reading: ".
Dark Reading
Businesses Manage 9.7PB of Data but Struggle to Protect It
What's more, their attempts to secure it may be putting information at risk, a new report finds.
ATENTIONβΌ New - CVE-2015-6458
π Read
via "National Vulnerability Database".
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6457
π Read
via "National Vulnerability Database".
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.π Read
via "National Vulnerability Database".
π΄ FIN7 Cybercrime Gang Rises Again π΄
π Read
via "Dark Reading: ".
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.π Read
via "Dark Reading: ".
Dark Reading
FIN7 Cybercrime Gang Rises Again
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.
β Scammer pleads guilty to fleecing Facebook and Google of $121m β
π Read
via "Naked Security".
Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?π Read
via "Naked Security".
Naked Security
Scammer pleads guilty to fleecing Facebook and Google of $121m
Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?
β Spycam sex videos of 1,600 motel guests sold to paying subscribers β
π Read
via "Naked Security".
1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.π Read
via "Naked Security".
Naked Security
Spycam sex videos of 1,600 motel guests sold to paying subscribers
1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.
β Sacked IT guy annihilates 23 of his ex-employerβs AWS servers β
π Read
via "Naked Security".
He was fired after four weeks, ripped off the credentials of former colleague "Speedy", and will be mulling it all over for two years in jail.π Read
via "Naked Security".
π Data protection: Top 3 business challenges π
π Read
via "Security on TechRepublic".
More than a quarter of businesses experienced irreparable data loss in the past year, according to a Dell EMC survey.π Read
via "Security on TechRepublic".
TechRepublic
Data protection: Top 3 business challenges
More than a quarter of businesses experienced irreparable data loss in the past year, according to a Dell EMC survey.
β Microsoft Windows 7 patch warns of coming patchocalypse β
π Read
via "Naked Security".
Microsoft has issued a patch to remind Windows 7 users that theyβll soon have no patches.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Windows 10 DHCP vulnerability allows for remote code execution π
π Read
via "Security on TechRepublic".
The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
Windows 10 DHCP vulnerability allows for remote code execution
The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.
β BitLocker hacked? Disk encryption β and why you still need it [VIDEO] β
π Read
via "Naked Security".
Is BitLocker cracked? Is disk encryption still worth it? The answers are "No" and "Yes", and here's why.π Read
via "Naked Security".
Naked Security
BitLocker hacked? Disk encryption β and why you still need it [VIDEO]
Is BitLocker cracked? Is disk encryption still worth it? The answers are βNoβ and βYesβ, and hereβs why.
π΄ Security Lessons from My Game Closet π΄
π Read
via "Dark Reading: ".
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.π Read
via "Dark Reading: ".
Darkreading
Security Lessons from My Game Closet
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
β Medtronic Defibrillators Have Critical Flaws, Warns DHS β
π Read
via "Threatpost".
The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.π Read
via "Threatpost".
Threat Post
Medtronic Defibrillators Have Critical Flaws, Warns DHS
The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.
π Friday Five: 3/22 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Looking back at last year's 230M person breach, Facebook's latest privacy slipup, and more - catch up on the week's infosec news with this roundup!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 3/22 Edition
Looking back at last year's 230M person breach, Facebook's latest privacy slipup, and more - catch up on the week's infosec news with this roundup!
π Facebook data privacy scandal: A cheat sheet π
π Read
via "Security on TechRepublic".
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.π Read
via "Security on TechRepublic".
TechRepublic
Facebook data privacy scandal: A cheat sheet
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.
π΄ Two Found Guilty in Online Dating, BEC Scheme π΄
π Read
via "Dark Reading: ".
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.π Read
via "Dark Reading: ".
Darkreading
Two Found Guilty in Online Dating, BEC Scheme
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
β Analysis: Drone Tech Creates New Type of Blended Threat β
π Read
via "Threatpost".
Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.π Read
via "Threatpost".
Threat Post
Drones are Quickly Becoming a Cybersecurity Nightmare
Whether it be geofence cutting or aerial network sniffing, drones are increasingly viewed as a cybersecurity threat.
π΄ Inside Incident Response: 6 Key Tips to Keep in Mind π΄
π Read
via "Dark Reading: ".
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.π Read
via "Dark Reading: ".
Darkreading
Inside Incident Response: 6 Key Tips to Keep in Mind
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
β Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project β
π Read
via "Threatpost".
Users of the open-source project should upgrade immediately.π Read
via "Threatpost".
Threat Post
Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
Users of the open-source project should upgrade immediately.