π΄ Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic π΄
π Read
via "Dark Reading: ".
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.π Read
via "Dark Reading: ".
Darkreading
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
ATENTIONβΌ New - CVE-2018-0382
π Read
via "National Vulnerability Database".
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-0248
π Read
via "National Vulnerability Database".
A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.π Read
via "National Vulnerability Database".
β Oracle issues nearly 300 patches in quarterly update β
π Read
via "Naked Security".
Oracle's latest security update covers 297 vulnerabilities, many of which come with a "patch now" warning.π Read
via "Naked Security".
Naked Security
Oracle issues nearly 300 patches in quarterly update
Oracleβs latest security update covers 297 vulnerabilities, many of which come with a βpatch nowβ warning.
β Chrome flaw on iOS leads to 500 million unwanted pop-up ads β
π Read
via "Naked Security".
If you own an iOS device and use the Chrome browser, you may have encountered some strange-looking pop-up ads in the past week.π Read
via "Naked Security".
Naked Security
Chrome flaw on iOS leads to 500 million unwanted pop-up ads
If you own an iOS device and use the Chrome browser, you may have encountered some strange-looking pop-up ads in the past week.
β Google plays Whack-A-Mole with naughty Android developers β
π Read
via "Naked Security".
Android developers without a track record are going to be submitted to more checks in order to stamp out those of βbad faith.βπ Read
via "Naked Security".
Naked Security
Google plays Whack-A-Mole with naughty Android developers
Android developers without a track record are going to be submitted to more checks in order to stamp out those of βbad faith.β
β Facebook user data used as bargaining chip, according to leaked docs β
π Read
via "Naked Security".
Leaked internal docs used to claim "privacy was an afterthought" at Facebookπ Read
via "Naked Security".
Naked Security
Facebook user data used as bargaining chip, according to leaked docs
Leaked internal docs used to claim βprivacy was an afterthoughtβ at Facebook
β Serious Security: Ransomware youβll never find β and how to stop it β
π Read
via "Naked Security".
What if you got hit by ransomware - but the malware program itself was on the other side of the world where you'd never find it?π Read
via "Naked Security".
Naked Security
Serious Security: Ransomware youβll never find β and how to stop it
What if you got hit by ransomware β but the malware program itself was on the other side of the world where youβd never find it?
β Cisco Patches Critical Flaw In ASR 9000 Routers β
π Read
via "Threatpost".
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.π Read
via "Threatpost".
Threat Post
Cisco Patches Critical Flaw In ASR 9000 Routers
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.
π BlackBerry opens BBM Enterprise for personal use after Emtek discontinues BBM Consumer π
π Read
via "Security on TechRepublic".
Attempts to make BBM more consumer-focused with social media functions saw limited success, leading to the discontinuation of the BBM Consumer app.π Read
via "Security on TechRepublic".
TechRepublic
BlackBerry opens BBM Enterprise for personal use after Emtek discontinues BBM Consumer
Attempts to make BBM more consumer-focused with social media functions saw limited success, leading to the discontinuation of the BBM Consumer app.
π How to secure a blockchain: 3 things business leaders need to know π
π Read
via "Security on TechRepublic".
With companies across industries adopting blockchain technologies, security concerns remain, according to the World Economic Forum.π Read
via "Security on TechRepublic".
TechRepublic
How to secure a blockchain: 3 things business leaders need to know
With companies across industries adopting blockchain technologies, security concerns remain, according to the World Economic Forum.
π΄ Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent π΄
π Read
via "Dark Reading: ".
The social media giant says it did not access the imported data and is notifying affected users.π Read
via "Dark Reading: ".
Dark Reading
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
The social media giant says it did not access the imported data and is notifying affected users.
π΄ GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage π΄
π Read
via "Dark Reading: ".
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.π Read
via "Dark Reading: ".
Darkreading
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Faced with an overwhelming adversary, <i>Game of Thrones</i> heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
π How to install the OPNsense Firewall/Router Linux distribution π
π Read
via "Security on TechRepublic".
Need a dedicated firewall appliance? OPNsense is a free, open-source solution, ready to protect your network from intrusion.π Read
via "Security on TechRepublic".
TechRepublic
How to install the OPNsense Firewall/Router distribution
Need a dedicated firewall appliance? OPNsense is a free, open-source solution, ready to protect your network from intrusion.
β Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug β
π Read
via "Threatpost".
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.π Read
via "Threatpost".
Threat Post
Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.
π΄ Former Student Admits to USB Killer Attack π΄
π Read
via "Dark Reading: ".
An Indian national used device to attack computers and peripherals at a New York college.π Read
via "Dark Reading: ".
Darkreading
Former Student Admits to USB Killer Attack
An Indian national used device to attack computers and peripherals at a New York college.
π Breaking Down the Best Practices & Tools for Data-Centric Audit and Protection (DCAP) π
π Read
via "Subscriber Blog RSS Feed ".
Data classification, discovery, and encryption: We reached out to 18 security experts for insight on implementing a data-centric audit and protection program in an organization.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Breaking Down the Best Practices & Tools for Data-Centric Audit and Protection (DCAP)
Data classification, discovery, and encryption: We reached out to 18 security experts for insight on implementing a data-centric audit and protection program in an organization.
β Poll: Facebook Harvests Email Contacts for 1.5M Users β Is Enough, Enough? β
π Read
via "Threatpost".
Take our short poll on how far Facebook can push its luck.π Read
via "Threatpost".
Threat Post
Poll: Facebook Harvests Email Contacts for 1.5M Users β Is Enough, Enough?
Take our short poll on how far Facebook can push its luck.
ATENTIONβΌ New - CVE-2016-10746
π Read
via "National Vulnerability Database".
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.π Read
via "National Vulnerability Database".
π΄ How to Raise the Level of AppSec Competency in Your Organization π΄
π Read
via "Dark Reading: ".
Improving processes won't happen overnight, but it's not complicated either.π Read
via "Dark Reading: ".
Dark Reading
How to Raise the Level of AppSec Competency in Your Organization
Improving processes won't happen overnight, but it's not complicated either.
β Shopify Flaw Exposed Thousands of Merchantsβ Revenue, Traffic Numbers β
π Read
via "Threatpost".
The flaw, which existed in a Shopify API endpoint, has been patched.π Read
via "Threatpost".
Threat Post
Shopify Flaw Exposed Thousands of Merchantsβ Revenue, Traffic Numbers
The flaw, which existed in a Shopify API endpoint, has been patched.