ATENTIONβΌ New - CVE-2017-18365
π Read
via "National Vulnerability Database".
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.π Read
via "National Vulnerability Database".
β Firefox brings Lockbox password manager to Androidβs autofill β
π Read
via "Naked Security".
All your saved Firefox passwords, now happily inserting themselves into your Android-verse!π Read
via "Naked Security".
Naked Security
Firefox brings Lockbox password manager to Androidβs autofill
All your saved Firefox passwords, now happily inserting themselves into your Android-verse!
β Broadband providers told to explain how they handle consumer data β
π Read
via "Naked Security".
The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.π Read
via "Naked Security".
Naked Security
Broadband providers told to explain how they handle consumer data
The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.
π΄ Inside Cyber Battlefields, the Newest Domain of War π΄
π Read
via "Dark Reading: ".
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.π Read
via "Dark Reading: ".
Dark Reading
Inside Cyber Battlefields, the Newest Domain of War
In his Black Hat Asia keynote, Mikko Hypponen explored implications of the next arms race and why cyber will present challenges never before seen in warfare.
β Spyware app exposes private photos, hosting provider steps in β
π Read
via "Naked Security".
A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone owners' intimate images online.π Read
via "Naked Security".
Naked Security
Spyware app exposes private photos, hosting provider steps in
A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone ownersβ intimate images online.
π Is crowdsourcing cybersecurity the answer to CISOs' problems? π
π Read
via "Security on TechRepublic".
More than half of organizations now run bug bounty and other crowdsourced options to avoid data breaches, according to a Bugcrowd report.π Read
via "Security on TechRepublic".
TechRepublic
Is crowdsourcing cybersecurity the answer to CISOs' problems?
More than half of organizations now run bug bounty and other crowdsourced options to avoid data breaches, according to a Bugcrowd report.
π Employee mistakes and system errors are a larger threat to data security than hackers or insiders π
π Read
via "Security on TechRepublic".
Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.π Read
via "Security on TechRepublic".
TechRepublic
Employee mistakes and system errors are a larger threat to data security than hackers or insiders
Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.
π Why you should never allow your web browser to save your passwords π
π Read
via "Security on TechRepublic".
When a web browser like Chrome, Firefox or Safari is allowed to store passwords, you're putting your network security at risk.π Read
via "Security on TechRepublic".
TechRepublic
Why you should never allow your web browser to save your passwords | TechRepublic
When a web browser like Chrome, Firefox, or Safari is allowed to store passwords, you're putting your network security at risk.
π΄ Tidying Expert Marie Kondo: Cybersecurity Guru? π΄
π Read
via "Dark Reading: ".
The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.π Read
via "Dark Reading: ".
Dark Reading
Tidying Expert Marie Kondo: Cybersecurity Guru?
The KonMari method of decluttering can be a huge step toward greater security, according to a growing number of executives.
π΄ Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents π΄
π Read
via "Dark Reading: ".
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.π Read
via "Dark Reading: ".
Darkreading
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
β Gamers Urged to Patch Critical Bugs in GOG Galaxy β
π Read
via "Threatpost".
Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution.π Read
via "Threatpost".
Threat Post
Gamers Urged to Patch Critical Bugs in GOG Galaxy
Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution.
β Is your e-commerce site being used to test stolen card data? β
π Read
via "Naked Security".
If you're running Magento you should be on the look out for hackers testing stolen card data - it could get your PayPal account suspended.π Read
via "Naked Security".
Naked Security
Is your e-commerce site being used to test stolen card data?
If youβre running Magento you should be on the look out for hackers testing stolen card data β it could get your PayPal account suspended.
β βTwitter 2007 multicolorβ hoax β debunk it, donβt spread it! β
π Read
via "Naked Security".
Hoaxers are saying you can unlock colorful new "features" in Twitter, but you'll probably lock yourself out instead.π Read
via "Naked Security".
Naked Security
βTwitter 2007 multicolorβ hoax β debunk it, donβt spread it!
Hoaxers are saying you can unlock colorful new βfeaturesβ in Twitter, but youβll probably lock yourself out instead.
β Lazarus Group Widens Tactics in Cryptocurrency Attacks β
π Read
via "Threatpost".
MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.π Read
via "Threatpost".
Threat Post
Lazarus Group Widens Tactics in Cryptocurrency Attacks
macOS users as well as Windows are in the cross-hairs, especially those based in South Korea.
π Even if your data is stored in the cloud, you need to back it up π
π Read
via "Security on TechRepublic".
Misconceptions about fault-tolerance of data in the cloud is leading to IT professionals not safely backing up mission-critical business data.π Read
via "Security on TechRepublic".
TechRepublic
Even if your data is stored in the cloud, you need to back it up
Misconceptions about fault-tolerance of data in the cloud is leading to IT professionals not safely backing up mission-critical business data.
π΄ Microsoft Tackles IoT Security with New Azure Updates π΄
π Read
via "Dark Reading: ".
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Analytics recent news | Dark Reading
Explore the latest news and expert commentary on Cybersecurity Analytics, brought to you by the editors of Dark Reading
π΄ Enterprise Data Encryption Hits All-time High π΄
π Read
via "Dark Reading: ".
A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.π Read
via "Dark Reading: ".
Dark Reading
Enterprise Data Encryption Hits All-time High
A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.
π Unpatched vulnerability in MikroTik RouterOS enables easily exploitable denial of service attack π
π Read
via "Security on TechRepublic".
Despite having nearly a year to address the vulnerability, no patch is available for a critical vulnerability, leaving network admins no alternative to disabling IPv6 support.π Read
via "Security on TechRepublic".
TechRepublic
Vulnerability in MikroTik RouterOS enables easily exploitable denial of service attack
MikroTik took a year to address a vulnerability that allowed a remote attacker to send affected routers into a bootloop using maliciously crafted IPv6 packets.
π 45 Percent of Orgs Have Encryption Plan in Place π
π Read
via "Subscriber Blog RSS Feed ".
A Ponemon Institute report, published today, says the biggest driver to encryption is organizations who want to protect enterprise intellectual property and consumer personal information.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
45 Percent of Orgs Have Encryption Plan in Place
A Ponemon Institute report published today says the biggest driver to encryption for organizations is protecting enterprise intellectual property and consumer personal information.
π΄ Quantum Computing and Code-Breaking π΄
π Read
via "Dark Reading: ".
Prepare today for the quantum threats of tomorrow.π Read
via "Dark Reading: ".
Darkreading
Quantum Computing and Code-Breaking
Prepare today for the quantum threats of tomorrow.
π΄ Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers π΄
π Read
via "Dark Reading: ".
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.π Read
via "Dark Reading: ".
Dark Reading
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.