π΄ Meet Baldr: The Inside Scoop on a New Stealer π΄
π Read
via "Dark Reading: ".
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.π Read
via "Dark Reading: ".
Darkreading
Meet Baldr: The Inside Scoop on a New Stealer
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
π Apple's Face ID: Cheat sheet π
π Read
via "Security on TechRepublic".
Face ID has replaced Touch ID on the newest iterations of Apple's flagship products. Here's what you need to know about this form of biometric security.π Read
via "Security on TechRepublic".
TechRepublic
Appleβs Face ID Cheat Sheet: What It Is and How to Use It
Apple's Face ID is a secure and convenient facial recognition feature that utilizes TrueDepth cameras for fast, reliable and secure access.
β Intel Patches High-Severity Flaws in Media SDK, Mini PC β
π Read
via "Threatpost".
Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.π Read
via "Threatpost".
Threat Post
Intel Patches High-Severity Flaws in Media SDK, Mini PC
Overall Intel patched four vulnerabilities in products like its Media SDK and Intel NUC mini PC.
ATENTIONβΌ New - CVE-2017-3139
π Read
via "National Vulnerability Database".
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-17023
π Read
via "National Vulnerability Database".
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.π Read
via "National Vulnerability Database".
π΄ Microsoft Patch Tuesday Fixes Windows Bugs Under Attack π΄
π Read
via "Dark Reading: ".
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Verizon Patches Trio of Vulnerabilities in Home Router π΄
π Read
via "Dark Reading: ".
One of the flaws gives attackers way to gain root access to devices, Tenable says.π Read
via "Dark Reading: ".
Dark Reading
Verizon Patches Trio of Vulnerabilities in Home Router
One of the flaws gives attackers way to gain root access to devices, Tenable says.
β SAS 2019: Meet βTajMahal,β A New and Highly Advanced APT Framework β
π Read
via "Threatpost".
A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years.π Read
via "Threatpost".
Threat Post
SAS 2019: Meet βTajMahal,β A New and Highly Advanced APT Framework
A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years.
β SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort β
π Read
via "Threatpost".
The SneakyPastes campaign was highly effective but hardly advanced.π Read
via "Threatpost".
Threat Post
SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort
The SneakyPastes campaign was highly effective but hardly advanced.
π΄ 'MuddyWater' APT Spotted Attacking Android π΄
π Read
via "Dark Reading: ".
Cyber espionage attack group adds mobile malware to its toolset.π Read
via "Dark Reading: ".
Dark Reading
'MuddyWater' APT Spotted Attacking Android
Cyber espionage attack group adds mobile malware to its toolset.
β Two teens charged with jamming school Wi-Fi to get out of exams β
π Read
via "Naked Security".
They're facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.π Read
via "Naked Security".
Naked Security
Two teens charged with jamming school Wi-Fi to get out of exams
Theyβre facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.
β Two robocallers fined $3m for Google listings scam β
π Read
via "Naked Security".
The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.π Read
via "Naked Security".
Naked Security
Two robocallers fined $3m for Google listings scam
The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.
β Mar-a-Lago intruder had instant-malware-inflicting thumb drive β
π Read
via "Naked Security".
Ms. Zhang's infected USB drive instantly went to work on a Secret Service agent's PC. He shut it down immediately "to halt the corruption."π Read
via "Naked Security".
Naked Security
Mar-a-Lago intruder had instant-malware-inflicting thumb drive
Ms. Zhangβs infected USB drive instantly went to work on a Secret Service agentβs PC. He shut it down immediately βto halt the corruption.β
β SAS 2019: Triton ICS Malware Hits A Second Victim β
π Read
via "Threatpost".
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit.π Read
via "Threatpost".
Threat Post
SAS 2019: Triton ICS Malware Hits A Second Victim
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit.
β Update now! Hereβs the April Patch Tuesday roundup β
π Read
via "Naked Security".
Microsoft and Adobe Patch Tuesday updates are here. Find out more about the most serious bugs and how to patch them.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π How hotel booking confirmation links can leak personal information to third parties π
π Read
via "Security on TechRepublic".
Passing booking information as URL arguments allows third parties to intercept booking information for data collection, according to Symantec.π Read
via "Security on TechRepublic".
TechRepublic
How hotel booking confirmation links can leak personal information to third parties
Passing booking information as URL arguments allows third parties to intercept booking information for data collection, according to Symantec.
π How Mozilla uses AI to manage Firefox bug reports π
π Read
via "Security on TechRepublic".
The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report.π Read
via "Security on TechRepublic".
TechRepublic
How Mozilla uses AI to manage Firefox bug reports
The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report.
β Check your Verizon FiOS Quantum Gateway G1100 router now β
π Read
via "Naked Security".
Owners of Verizonβs FiOS Quantum Gateway (G1100) routers should check the firmware has been updated after a security company made public three significant security flaws.π Read
via "Naked Security".
Naked Security
Check your Verizon FiOS Quantum Gateway G1100 router now
Owners of Verizonβs FiOS Quantum Gateway (G1100) routers should check the firmware has been updated after a security company made public three significant security flaws.
β Ep. 027 β Honeypots, GPS rollover and the MySpace data vortex β
π Read
via "Naked Security".
Guess how long it takes crooks to find a new device when you plug it in? All this and more in the latest Naked Security podcast- enjoy!π Read
via "Naked Security".
Naked Security
Ep. 027 β Honeypots, GPS rollover and the MySpace data vortex
Guess how long it takes crooks to find a new device when you plug it in? All this and more in the latest Naked Security podcast- enjoy!
π΄ Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads π΄
π Read
via "Dark Reading: ".
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.π Read
via "Dark Reading: ".
Dark Reading
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
β Yahoo Offers $117.5M Settlement in Data Breach Lawsuit β
π Read
via "Threatpost".
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016.π Read
via "Threatpost".
Threat Post
Yahoo Offers $117.5M Settlement in Data Breach Lawsuit
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016.