β ThreatList: Remote Workers Threaten 1 in 3 Organizations β
π Read
via "Threatpost".
More than one-third of surveyed organizations (36 percent) said have experienced a security incident because of a remote worker's actions.π Read
via "Threatpost".
Threat Post
ThreatList: Remote Workers Threaten 1 in 3 Organizations
More than one-third of surveyed organizations (36 percent) said they have experienced a security incident because of a remote worker's actions.
ATENTIONβΌ New - CVE-2017-7340
π Read
via "National Vulnerability Database".
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9189
π Read
via "National Vulnerability Database".
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9187
π Read
via "National Vulnerability Database".
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.π Read
via "National Vulnerability Database".
π One reason why you shouldn't allow your web browser to save your passwords π
π Read
via "Security on TechRepublic".
Jack Wallen explains why you should never allow your web browser to save passwords--and what you should do instead.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2017-7342
π Read
via "National Vulnerability Database".
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close buttonπ Read
via "National Vulnerability Database".
π΄ Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics π΄
π Read
via "Dark Reading: ".
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards-just like the real marketplace.π Read
via "Dark Reading: ".
Dark Reading
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewardsβjust like the real market
β Family tracking app spilled pics, names and real-time location data β
π Read
via "Naked Security".
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.π Read
via "Naked Security".
Naked Security
Family tracking app spilled pics, names and real-time location data
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.
β Tech giants back bill that privacy advocates claim is toothless β
π Read
via "Naked Security".
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.π Read
via "Naked Security".
Naked Security
Tech giants back bill that privacy advocates claim is toothless
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.
β FEMA exposes sensitive data of 2.5 million disaster survivors β
π Read
via "Naked Security".
The agency said it exposed 2.3m people's details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.π Read
via "Naked Security".
Naked Security
FEMA exposes sensitive data of 2.3 million disaster survivors
The agency said it exposed 2.3m peopleβs details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.
π Why data security is now a top concern for IT leaders π
π Read
via "Security on TechRepublic".
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.π Read
via "Security on TechRepublic".
TechRepublic
Why data security is now a top concern for IT leaders
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.
π΄ Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract' π΄
π Read
via "Dark Reading: ".
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.π Read
via "Dark Reading: ".
Dark Reading
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.
π 5 IT security roles businesses are most desperate to fill π
π Read
via "Security on TechRepublic".
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.π Read
via "Security on TechRepublic".
TechRepublic
5 IT security roles businesses are most desperate to fill
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.
β Apple iOS 12.2 Patches 51 Serious Flaws β
π Read
via "Threatpost".
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.π Read
via "Threatpost".
Threat Post
Apple iOS 12.2 Patches 51 Serious Flaws
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.
π Top Tips for Improving Board Communication Around Security π
π Read
via "Subscriber Blog RSS Feed ".
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around securityπ Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Top Tips for Improving Board Communication Around Security
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around security
π΄ Under Attack: Over Half of SMBs Breached Last Year π΄
π Read
via "Dark Reading: ".
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.π Read
via "Dark Reading: ".
Darkreading
Under Attack: Over Half of SMBs Breached Last Year
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
β Apple patches 51 security flaws with iOS 12.2 update β
π Read
via "Naked Security".
Apple's update patches 51 iOS holes, the more serious of which include bugs in Safari, Keychain and FaceTime.π Read
via "Naked Security".
Naked Security
Apple patches 51 security flaws
Appleβs update for iOS and macOS patches 51 holes, the more serious of which include bugs in Safari, Keychain and FaceTime.
π Android Security Bulletin March 2019: What you need to know π
π Read
via "Security on TechRepublic".
Another month is here and Android finds itself with a mixture of Critical and High vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
Android Security Bulletin March 2019: What you need to know
Another month is here and Android finds itself with a mixture of Critical and High vulnerabilities.
β ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs β
π Read
via "Threatpost".
If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUSπ Read
via "Threatpost".
Threat Post
ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs
If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUS
ATENTIONβΌ New - CVE-2014-5434
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
π What criminals can find out about you on the Dark Web π
π Read
via "Security on TechRepublic".
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.π Read
via "Security on TechRepublic".
TechRepublic
What criminals can find out about you on the Dark Web
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.