ATENTIONβΌ New - CVE-2018-10055
π Read
via "National Vulnerability Database".
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.π Read
via "National Vulnerability Database".
π΄ 5 Security Challenges to API Protection π΄
π Read
via "Dark Reading: ".
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.π Read
via "Dark Reading: ".
Dark Reading
5 Security Challenges to API Protection - Dark Reading
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
β Facebook May Face $5 Billion FTC Fine for Data Misuse β
π Read
via "Threatpost".
Facebook may be fined as much as $5 million by the FTC for data issues related to the Cambridge Analytica incident.π Read
via "Threatpost".
Threat Post
Facebook May Face $5 Billion FTC Fine for Data Misuse
Facebook may be fined as much as $5 billion by the FTC for data issues related to the Cambridge Analytica incident.
ATENTIONβΌ New - CVE-2017-18367
π Read
via "National Vulnerability Database".
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.π Read
via "National Vulnerability Database".
π΄ TA505 Abusing Legit Remote Admin Tool in String of Attacks π΄
π Read
via "Dark Reading: ".
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.π Read
via "Dark Reading: ".
Darkreading
TA505 Abusing Legit Remote Admin Tool in String of Attacks
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
β Teen sues Apple for $1 billion over Apple storesβ facial recognition β
π Read
via "Naked Security".
He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.π Read
via "Naked Security".
Naked Security
Teen sues Apple for $1 billion over Apple storesβ facial recognition
He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.
β Atlanta Hawks fall prey to Magecart credit card skimming group β
π Read
via "Naked Security".
The Atlanta Hawks basketball team is recovering after a sophisticated cybercrime group hacked its ecommerce site and planted credit card skimming code on it.π Read
via "Naked Security".
Naked Security
Atlanta Hawks fall prey to Magecart credit card skimming group
The Atlanta Hawks basketball team is recovering after a sophisticated cybercrime group hacked its ecommerce site and planted credit card skimming code on it.
π Microsoft wants to kill Windows password expiration policy π
π Read
via "Security on TechRepublic".
The proposal means that users at organizations with Group Policy would no longer be required to change their Windows passwords on a regular basis.π Read
via "Security on TechRepublic".
β Blochainbandit stole $54 million of Ethereum by guessing weak keys β
π Read
via "Naked Security".
Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.π Read
via "Naked Security".
Naked Security
Blockchain Bandit stole $54 million of Ethereum by guessing weak keys
Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.
π Businesses hit with 235% more cyberthreats this year π
π Read
via "Security on TechRepublic".
Trojans and ransomware top the list of threats with corporate targets in Q1 2019, according to a Malwarebytes report.π Read
via "Security on TechRepublic".
TechRepublic
Businesses hit with 235% more cyberthreats this year
Trojans and ransomware top the list of threats with corporate targets in Q1 2019, according to a Malwarebytes report.
π The 10 highest-paying cybersecurity jobs π
π Read
via "Security on TechRepublic".
Demand for cybersecurity roles jumped over 7% in the last year, leading to increasing salaries, according to Indeed.π Read
via "Security on TechRepublic".
TechRepublic
The 10 highest-paying cybersecurity jobs
Demand for cybersecurity roles jumped over 7% in the last year, leading to increasing salaries, according to Indeed.
π Top 50 InfoSec Networking Groups to Join π
π Read
via "Subscriber Blog RSS Feed ".
Looking to stay ahead of the curve on all things infosec? We've gathered a list of 50 valuable associations, LinkedIn networking groups, and meetups for security professionals.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Top 50 InfoSec Networking Groups to Join
Looking to stay ahead of the curve on all things infosec? We've gathered a list of 50 valuable associations, LinkedIn networking groups, and meetups for security professionals.
π΄ Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings π΄
π Read
via "Dark Reading: ".
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.π Read
via "Dark Reading: ".
Dark Reading
Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.
π Most SMBs would pay a hacker a ransom to get their stolen data back π
π Read
via "Security on TechRepublic".
Social media apps and websites are the biggest potential threat vectors to businesses, according to an AppRiver report.π Read
via "Security on TechRepublic".
TechRepublic
Most SMBs would pay a hacker a ransom to get their stolen data back
Social media apps and websites are the biggest potential threat vectors to businesses, according to an AppRiver report.
π How automated Dark Web marketplaces make credential stuffing attacks more profitable π
π Read
via "Security on TechRepublic".
Validated stolen credentials cost less than a cup of coffee, but economies of scale have made selling user accounts more lucrative than ever, according to Recorded Future.π Read
via "Security on TechRepublic".
TechRepublic
How automated Dark Web marketplaces make credential stuffing attacks more profitable
Validated stolen credentials cost less than a cup of coffee, but economies of scale have made selling user accounts more lucrative than ever, according to Recorded Future.
π΄ Ramblings of a Recovering Academic on the So-Called Lack of Security Talent π΄
π Read
via "Dark Reading: ".
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" - and a lack of talent may not be the sole reason.π Read
via "Dark Reading: ".
Dark Reading
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the why - and a lack of talent may not be the sole reason.
π΄ Regulations, Insider Threat Handicap Healthcare IT Security π΄
π Read
via "Dark Reading: ".
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.π Read
via "Dark Reading: ".
Darkreading
Regulations, Insider Threat Handicap Healthcare IT Security
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
β ExtraPulsar backdoor based on leaked NSA code β what you need to know β
π Read
via "Naked Security".
A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.π Read
via "Naked Security".
β Qualcomm Critical Flaw Exposes Private Keys For Android Devices β
π Read
via "Threatpost".
A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys.π Read
via "Threatpost".
Threat Post
Qualcomm Critical Flaw Exposes Private Keys For Android Devices
A side-channel attack in Qualcomm technology, which is used by most Android devices, could allow an attacker to snatch private keys.
π Enterprise cryptojacking attacks continue, despite overall decline in popularity among hackers π
π Read
via "Security on TechRepublic".
A newly-discovered cryptojacking campaign uses familiar exploits to target enterprises and traverse network shares, infecting any connected computer.π Read
via "Security on TechRepublic".
TechRepublic
Enterprise cryptojacking attacks continue, despite overall decline in popularity among hackers
A newly-discovered cryptojacking campaign uses familiar exploits to target enterprises and traverse network shares, infecting any connected computer.
π΄ Sensitive Data Lingers on Used Storage Drives Sold Online π΄
π Read
via "Dark Reading: ".
Four in 10 used hard drives sold on eBay found to contain sensitive information.π Read
via "Dark Reading: ".
Darkreading
Sensitive Data Lingers on Used Storage Drives Sold Online
Four in 10 used hard drives sold on eBay found to contain sensitive information.