π How to stop remote workers from causing a security incident: 3 tips π
π Read
via "Security on TechRepublic".
Some 36% of organizations said they experience security breaches due to remote work, according to an OpenVPN report. Here's how to help.π Read
via "Security on TechRepublic".
TechRepublic
How to stop remote workers from causing a security incident: 3 tips
Some 36% of organizations said they experience security breaches due to remote work, according to an OpenVPN report. Here's how to help.
β FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors β
π Read
via "Threatpost".
The contractor with whom it shared the data has a vulnerable, unpatched network.π Read
via "Threatpost".
Threat Post
FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors
The contractor with whom it shared the data has a vulnerable, unpatched network.
π΄ A Glass Ceiling? Not in Privacy π΄
π Read
via "Dark Reading: ".
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.π Read
via "Dark Reading: ".
Dark Reading
A Glass Ceiling? Not in Privacy
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
π Top 5 business concerns about public cloud applications π
π Read
via "Security on TechRepublic".
Some 99% of companies receive direct business value from cloud visibility, according to a Keysight Technologies report.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 business concerns about public cloud applications
Some 99% of companies receive direct business value from cloud visibility, according to a Keysight Technologies report.
π΄ Dark Reading's Kelly Jackson Higgins Honored as Top Cybersecurity Journalist π΄
π Read
via "Dark Reading: ".
In voting conducted by the SANS Institute, Jackson Higgins is named by peers as one of the top 10 journalists in the industry.π Read
via "Dark Reading: ".
Dark Reading
Dark Reading's Kelly Jackson Higgins Honored as Top Cybersecurity Journalist
In voting conducted by the SANS Institute, Jackson Higgins is named by peers as one of the top 10 journalists in the industry.
β Some ASUS Updates Drop Backdoors on PCs in βOperation ShadowHammerβ β
π Read
via "Threatpost".
The attack appears to be associated with a China-backed APT actor.π Read
via "Threatpost".
Threat Post
Some ASUS Updates Drop Backdoors on PCs in βOperation ShadowHammerβ
The attack appears to be associated with a China-backed APT actor.
π How to install OpenSSH on Windows 10 to encrypt network communications π
π Read
via "Security on TechRepublic".
Learn how to use SSH natively within Windows 10 to secure communications between network devices.π Read
via "Security on TechRepublic".
TechRepublic
How to install OpenSSH on Windows 10 to encrypt network communications
Learn how to use SSH natively within Windows 10 to secure communications between network devices.
β Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks β
π Read
via "Threatpost".
Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.π Read
via "Threatpost".
Threat Post
Bugs in Grandstream Gear Lay Open SMBs to Range of Attacks
Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.
π΄ IT Leaders, Employees Divided on Data Security π΄
π Read
via "Dark Reading: ".
Execs and employees have dramatically different ideas of how much information is being lost and why - a gap that puts enterprise data in grave danger.π Read
via "Dark Reading: ".
Dark Reading
IT Leaders, Employees Divided on Data Security
Execs and employees have dramatically different ideas of how much information is being lost and why - a gap that puts enterprise data in grave danger.
β Medtronic cardiac implants can be hacked, FDA issues alert β
π Read
via "Naked Security".
Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).π Read
via "Naked Security".
Naked Security
Medtronic cardiac implants can be hacked, FDA issues alert
Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).
β Malware Payloads Hide in Images: Steganography Gets a Reboot β
π Read
via "Threatpost".
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.π Read
via "Threatpost".
Threat Post
Malware Payloads Hide in Images: Steganography Gets a Reboot
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.
ATENTIONβΌ New - CVE-2017-9376
π Read
via "National Vulnerability Database".
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9362
π Read
via "National Vulnerability Database".
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3954
π Read
via "National Vulnerability Database".
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3953
π Read
via "National Vulnerability Database".
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3952
π Read
via "National Vulnerability Database".
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-7510
π Read
via "National Vulnerability Database".
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3956
π Read
via "National Vulnerability Database".
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1014
π Read
via "National Vulnerability Database".
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1012
π Read
via "National Vulnerability Database".
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1007
π Read
via "National Vulnerability Database".
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.π Read
via "National Vulnerability Database".