ATENTIONβΌ New - CVE-2017-18105
π Read
via "National Vulnerability Database".
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.π Read
via "National Vulnerability Database".
β Magento Patches Critical SQL Injection and RCE Vulnerabilities β
π Read
via "Threatpost".
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.π Read
via "Threatpost".
Threat Post
Magento Patches Critical SQL Injection and RCE Vulnerabilities
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
π΄ 7 Malware Families Ready to Ruin Your IoT's Day π΄
π Read
via "Dark Reading: ".
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.π Read
via "Dark Reading: ".
Dark Reading
7 Malware Families Ready to Ruin Your IoT's Day
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
π΄ Toyota Customer Information Exposed in Data Breach π΄
π Read
via "Dark Reading: ".
The attackers hit dealer sales systems in Japan, according to the automaker.π Read
via "Dark Reading: ".
Darkreading
Toyota Customer Information Exposed in Data Breach
The attackers hit dealer sales systems in Japan, according to the automaker.
π΄ NDSU Offers Nation's First Ph.D. in Cybersecurity Education π΄
π Read
via "Dark Reading: ".
The new program focuses on training university-level educators in cybersecurity.π Read
via "Dark Reading: ".
Dark Reading
NDSU Offers Nation's First Ph.D. in Cybersecurity Education
The new program focuses on training university-level educators in cybersecurity.
β Critical Bug in Cisco WebEx Browser Extensions Allows Remote Code-Execution β
π Read
via "Threatpost".
Users of the conferencing platform should update immediately.π Read
via "Threatpost".
Threat Post
Critical RCE Bug in Cisco WebEx Browser Extensions Faces βOngoing Exploitationβ
Users of the conferencing platform should update immediately.
β Undocumented Intel VISA Tech Can Be Abused, Researchers Allege β
π Read
via "Threatpost".
Researchers at Black Hat Asia said that Intel VISA, an undocumented testing tool, can be abused using previously-disclosed vulnerabilities.π Read
via "Threatpost".
Threat Post
Intel VISA Tech Can Be Abused, Researchers Allege
Researchers at Black Hat Asia said that Intel VISA, an undocumented testing tool, can be abused using previously-disclosed vulnerabilities.
π Use a password to secure access to an Excel workbook π
π Read
via "Security on TechRepublic".
At the file level, you can password protect an Excel workbook in two ways: You can determine who can get in and who can save changes.π Read
via "Security on TechRepublic".
TechRepublic
Use a password to secure access to an Excel workbook
At the file level, you can password protect an Excel workbook in two ways: You can determine who can get in and who can save changes.
β Medical Weed Dispensary Exposes Health Data for Thousands β
π Read
via "Threatpost".
As to how the breach happened, the company is so far keeping details tightly rolled up.π Read
via "Threatpost".
Threat Post
Medical Weed Dispensary Exposes Health Data for Thousands
As to how the breach happened, the company is so far keeping details tightly rolled up.
π Blockchain: Top 4 challenges CIOs face π
π Read
via "Security on TechRepublic".
With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.π Read
via "Security on TechRepublic".
TechRepublic
Blockchain: Top 4 challenges CIOs face
With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.
ATENTIONβΌ New - CVE-2014-7198
π Read
via "National Vulnerability Database".
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.π Read
via "National Vulnerability Database".
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From the Android bloatware selling your data to the hoards of security keys on GitHub, and everything in between. It's the weekly roundup.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From the Android bloatware selling your data to the hoards of security keys on GitHub, and everything in between. Itβs the weekly roundup.
β Politicians mistakenly vote the wrong way in controversial internet law β
π Read
via "Naked Security".
Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.π Read
via "Naked Security".
Naked Security
Politicians mistakenly vote the wrong way in controversial internet law
Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.
β Top-secret defense document hoarder Harold Martin pleads guilty β
π Read
via "Naked Security".
Martin admitted that for more than 20 years, he stole and a vast quantity of highly classified information, stashing it in his home and car.π Read
via "Naked Security".
Naked Security
Top-secret defense document hoarder Harold Martin pleads guilty
Martin admitted that for more than 20 years, he stole and a vast quantity of highly classified information, stashing it in his home and car.
β Microsoft slaps down 99 APT35/Charming Kitten domains β
π Read
via "Naked Security".
Court order in hand, Microsoft seized control of the hacker group's (which it calls Phosphorous) phishing sites.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Russia accused of massive GPS spoofing campaign β
π Read
via "Naked Security".
Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.π Read
via "Naked Security".
π Blockchain: Top 4 challenges CIOs face π
π Read
via "Security on TechRepublic".
With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.π Read
via "Security on TechRepublic".
TechRepublic
Blockchain: Top 4 challenges CIOs face
With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.
π΄ In the Race Toward Mobile Banking, Don't Forget Risk Management π΄
π Read
via "Dark Reading: ".
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.π Read
via "Dark Reading: ".
Dark Reading
In the Race Toward Mobile Banking, Don't Forget Risk Management
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
β Google Play Boots Italian Spyware Apps That Infected Hundreds β
π Read
via "Threatpost".
Google Play has removed 25 malicious apps that were downloading spyware, dubbed Exodus, onto victims' phones.π Read
via "Threatpost".
Threat Post
Google Play Boots Italian Spyware Apps That Infected Hundreds
Google Play has removed 25 malicious apps that were downloading spyware, dubbed Exodus, onto victims' phones.
β ThreatList: Game of Thrones, a Top Malware Conduit for Cybercriminals β
π Read
via "Threatpost".
As Game of Thrones' eighth season gets ready to kick off, a new report says the popular TV show accounted for 17 percent of all infected pirated content in the last year.π Read
via "Threatpost".
Threat Post
ThreatList: Game of Thrones, a Top Malware Conduit for Cybercriminals
The HBO blockbuster is the most-targeted show for malware-laden pirated files.
ATENTIONβΌ New - CVE-2017-16775
π Read
via "National Vulnerability Database".
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.π Read
via "National Vulnerability Database".