ATENTIONβΌ New - CVE-2017-16558
π Read
via "National Vulnerability Database".
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.π Read
via "National Vulnerability Database".
π΄ 55% of SMBs Would Pay Up Post-Ransomware Attack π΄
π Read
via "Dark Reading: ".
The number gets even higher among larger SMBs.π Read
via "Dark Reading: ".
Darkreading
55% of SMBs Would Pay Up Post-Ransomware Attack
The number gets even higher among larger SMBs.
π΄ UVA Wins Second Consecutive National Collegiate Cyber Defense Championship π΄
π Read
via "Dark Reading: ".
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.π Read
via "Dark Reading: ".
Darkreading
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
ATENTIONβΌ New - CVE-2018-1360
π Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12244
π Read
via "National Vulnerability Database".
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.π Read
via "National Vulnerability Database".
β Android-Based Sony Smart-TVs Open to Image Pilfering β
π Read
via "Threatpost".
A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.π Read
via "Threatpost".
Threat Post
Android-Based Sony Smart-TVs Open to Image Pilfering
A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.
π΄ Cyberattackers Focus on More Subtle Techniques π΄
π Read
via "Dark Reading: ".
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.π Read
via "Dark Reading: ".
Darkreading
Cyberattackers Focus on More Subtle Techniques
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
π΄ New EternalBlue Family Member Takes Aim at Asian Web Servers π΄
π Read
via "Dark Reading: ".
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.π Read
via "Dark Reading: ".
Darkreading
New EternalBlue Family Member Takes Aim at Asian Web Servers
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
π΄ Security Vulns in Microsoft Products Continue to Increase π΄
π Read
via "Dark Reading: ".
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Cops can try suspectβs fingers on locked iPhones found at crime scene β
π Read
via "Naked Security".
A Massachusetts federal district judge gave cops a warrant to force-unlock iPhones with the suspect's fingers.π Read
via "Naked Security".
Naked Security
Cops can try suspectβs fingers on locked iPhones found at crime scene
A Massachusetts federal district judge gave cops a warrant to force-unlock iPhones with the suspectβs fingers.
β Microsoft drops password expiration from Windows 10 security β
π Read
via "Naked Security".
Microsoft has recognised that users don't actually change their passwords when prompted, they just tweak them. And that doesn't help anyone.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Fingerprint glitch in passports swapped left and right hands β
π Read
via "Naked Security".
And just who, exactly, is going to pay for new passports if it's necessary? Danish police are chatting with Kube Data about that.π Read
via "Naked Security".
Naked Security
Fingerprint glitch in passports swapped left and right hands
And just who, exactly, is going to pay for new passports if itβs necessary? Danish police are chatting with Kube Data about that.
β NSA asks to end mass phone surveillance β
π Read
via "Naked Security".
The NSA has asked the White House to end its mass phone surveillance program because the work involved outweighs its intelligence value.π Read
via "Naked Security".
Naked Security
NSA asks to end mass phone surveillance
The NSA has asked the White House to end its mass phone surveillance program because the work involved outweighs its intelligence value.
β Facial Recognition βConsentβ Doesnβt Exist, Threatpost Poll Finds β
π Read
via "Threatpost".
Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition.π Read
via "Threatpost".
Threat Post
Facial Recognition βConsentβ Doesnβt Exist, Threatpost Poll Finds
Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition.
π΄ Go Medieval to Keep OT Safe π΄
π Read
via "Dark Reading: ".
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection β
π Read
via "Threatpost".
A 5G wireless gateway tailored for industrial internet of things (IoT), retail point-of-sale and enterprise redundancy applications is riddled with vulnerabilities, include two critical bugs that allow remote code-execution (RCE) and arbitrary command-injection. The Sierra Wireless AirLink ES450 LTE gateway (version 4.9.3) has 11 different bugs, which could be exploited for RCE, uncovering user credentials [β¦]π Read
via "Threatpost".
Threat Post
Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection
The wireless gateways are used in PoS, industrial IoT and distributed enterprise settings.
π Friday Five: 4/26 Edition π
π Read
via "Subscriber Blog RSS Feed ".
A new phishing scam asking for selfies,embedding malware in video games, and the latest IoT vulnerability are all covered in this week's Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 4/26 Edition
A new phishing scam asking for selfies,embedding malware in video games, and the latest IoT vulnerability are all covered in this week's Friday Five.
ATENTIONβΌ New - CVE-2015-9284
π Read
via "National Vulnerability Database".
The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.π Read
via "National Vulnerability Database".
π Widespread scam campaigns targeting millions uncovered by GoDaddy and Palo Alto Networks π
π Read
via "Security on TechRepublic".
A research team found that thousands of websites were tricking users into entering credit card information by spoofing trustworthy sites.π Read
via "Security on TechRepublic".
TechRepublic
Widespread scam campaigns targeting millions uncovered by GoDaddy and Palo Alto Networks
A research team found that thousands of websites were tricking users into entering credit card information by spoofing trustworthy sites.
π How to manage user passwords with Group Policy π
π Read
via "Security on TechRepublic".
You can enforce various policies to make sure your users meet certain requirements with their Windows passwords. Learn about some of the password-related settings in Group Policy.π Read
via "Security on TechRepublic".
TechRepublic
How to manage your users' Windows passwords with Group Policy
You can enforce various policies to make sure your users meet certain requirements with their Windows passwords. Learn about some of the password-related settings in Group Policy.
β GoDaddy Shutters 14,000 Subdomains Tied to βSnake Oilβ Scams β
π Read
via "Threatpost".
GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns.π Read
via "Threatpost".
Threat Post
GoDaddy Shutters 15,000 Subdomains Tied to βSnake Oilβ Scams
GoDaddy works with researchers to shut down 15,000 websites tied to 'snake oil' affiliate marketing offers promoted via spam campaigns.