π΄ Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics π΄
π Read
via "Dark Reading: ".
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards-just like the real marketplace.π Read
via "Dark Reading: ".
Dark Reading
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewardsβjust like the real market
β Family tracking app spilled pics, names and real-time location data β
π Read
via "Naked Security".
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.π Read
via "Naked Security".
Naked Security
Family tracking app spilled pics, names and real-time location data
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.
β Tech giants back bill that privacy advocates claim is toothless β
π Read
via "Naked Security".
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.π Read
via "Naked Security".
Naked Security
Tech giants back bill that privacy advocates claim is toothless
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.
β FEMA exposes sensitive data of 2.5 million disaster survivors β
π Read
via "Naked Security".
The agency said it exposed 2.3m people's details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.π Read
via "Naked Security".
Naked Security
FEMA exposes sensitive data of 2.3 million disaster survivors
The agency said it exposed 2.3m peopleβs details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.
π Why data security is now a top concern for IT leaders π
π Read
via "Security on TechRepublic".
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.π Read
via "Security on TechRepublic".
TechRepublic
Why data security is now a top concern for IT leaders
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.
π΄ Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract' π΄
π Read
via "Dark Reading: ".
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.π Read
via "Dark Reading: ".
Dark Reading
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.
π 5 IT security roles businesses are most desperate to fill π
π Read
via "Security on TechRepublic".
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.π Read
via "Security on TechRepublic".
TechRepublic
5 IT security roles businesses are most desperate to fill
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.
β Apple iOS 12.2 Patches 51 Serious Flaws β
π Read
via "Threatpost".
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.π Read
via "Threatpost".
Threat Post
Apple iOS 12.2 Patches 51 Serious Flaws
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.
π Top Tips for Improving Board Communication Around Security π
π Read
via "Subscriber Blog RSS Feed ".
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around securityπ Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Top Tips for Improving Board Communication Around Security
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around security
π΄ Under Attack: Over Half of SMBs Breached Last Year π΄
π Read
via "Dark Reading: ".
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.π Read
via "Dark Reading: ".
Darkreading
Under Attack: Over Half of SMBs Breached Last Year
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
β Apple patches 51 security flaws with iOS 12.2 update β
π Read
via "Naked Security".
Apple's update patches 51 iOS holes, the more serious of which include bugs in Safari, Keychain and FaceTime.π Read
via "Naked Security".
Naked Security
Apple patches 51 security flaws
Appleβs update for iOS and macOS patches 51 holes, the more serious of which include bugs in Safari, Keychain and FaceTime.
π Android Security Bulletin March 2019: What you need to know π
π Read
via "Security on TechRepublic".
Another month is here and Android finds itself with a mixture of Critical and High vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
Android Security Bulletin March 2019: What you need to know
Another month is here and Android finds itself with a mixture of Critical and High vulnerabilities.
β ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs β
π Read
via "Threatpost".
If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUSπ Read
via "Threatpost".
Threat Post
ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs
If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUS
ATENTIONβΌ New - CVE-2014-5434
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
π What criminals can find out about you on the Dark Web π
π Read
via "Security on TechRepublic".
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.π Read
via "Security on TechRepublic".
TechRepublic
What criminals can find out about you on the Dark Web
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.
π΄ 10 Movies All Security Pros Should Watch π΄
π Read
via "Dark Reading: ".
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers', which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.π Read
via "Dark Reading: ".
Dark Reading
10 Movies All Security Pros Should Watch
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers', which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
ATENTIONβΌ New - CVE-2014-5433
π Read
via "National Vulnerability Database".
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5432
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5431
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5401
π Read
via "National Vulnerability Database".
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2807
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".