ATENTIONβΌ New - CVE-2018-12384
π Read
via "National Vulnerability Database".
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10749
π Read
via "National Vulnerability Database".
parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9285
π Read
via "National Vulnerability Database".
esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1343 (ubuntu_linux)
π Read
via "National Vulnerability Database".
All versions of unity-scope-gdrive logs search terms to syslog.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1341 (apport, ubuntu_linux)
π Read
via "National Vulnerability Database".
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1340 (lxd)
π Read
via "National Vulnerability Database".
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.π Read
via "National Vulnerability Database".
π How the cloud is evolving to improve enterprise security π
π Read
via "Security on TechRepublic".
Microsoft's executive vice president Jason Zander sat down with Dan Patterson to discuss cloud migration and how it benefits security in the enterprise.π Read
via "Security on TechRepublic".
π Why real-estate businesses need to defend against these cybersecurity threats π
π Read
via "Security on TechRepublic".
BEC scams, ransomware, and malware are some of the cybersecurity threats that cybercriminals use against real-estate agencies. Here's security advice, including scam prevention tips from the FBI.π Read
via "Security on TechRepublic".
TechRepublic
Why real-estate businesses need to defend against these cybersecurity threats
BEC scams, ransomware, and malware are some of the cybersecurity threats that cybercriminals use against real-estate agencies. Here's security advice, including scam prevention tips from the FBI.
π How the cloud is evolving to improve enterprise security π
π Read
via "Security on TechRepublic".
Microsoft's executive vice president Jason Zander sat down with Dan Patterson to discuss cloud migration and how it benefits security in the enterprise.π Read
via "Security on TechRepublic".
π΄ Unknown, Unprotected Database Exposes Info on 80 Million US Households π΄
π Read
via "Dark Reading: ".
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.π Read
via "Dark Reading: ".
Darkreading
Unknown, Unprotected Database Exposes Info on 80 Million US Households
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
β Apple Defends Parental Control App Removal Amid Backlash β
π Read
via "Threatpost".
After facing criticism for removing or restricting several parental control apps over the past year, Apple cited security and privacy reasons.π Read
via "Threatpost".
Threat Post
Apple Defends Parental Control App Removal Amid Backlash
After facing criticism for removing or restricting several parental control apps over the past year, Apple cited security and privacy reasons.
β MuddyWater APT Hones an Arsenal of Custom Tools β
π Read
via "Threatpost".
The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level.π Read
via "Threatpost".
Threat Post
MuddyWater APT Hones an Arsenal of Custom Tools
The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level.
β Malware Infests Popular Pirate Streaming Hardware β
π Read
via "Threatpost".
Hardware that supports pirated video streaming content comes packed with malware.π Read
via "Threatpost".
Threat Post
Malware Infests Popular Pirate Streaming Hardware
Hardware that supports pirated video streaming content comes packed with malware.
π΄ 7 Types of Experiences Every Security Pro Should Have π΄
π Read
via "Dark Reading: ".
As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.π Read
via "Dark Reading: ".
Dark Reading
Slideshows - Dark Reading
Dark Reading: Connecting The Information Security Community. Explore our slideshows.
π΄ Credit Card Compromise Up 212% as Hackers Eye Financial Sector π΄
π Read
via "Dark Reading: ".
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.π Read
via "Dark Reading: ".
Darkreading
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
π΄ Peer-to-Peer Vulnerability Exposes Millions of IoT Devices π΄
π Read
via "Dark Reading: ".
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.π Read
via "Dark Reading: ".
Dark Reading
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
π΄ Docker Forces Password Reset for 190,000 Accounts After Breach π΄
π Read
via "Dark Reading: ".
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.π Read
via "Dark Reading: ".
Darkreading
Docker Forces Password Reset for 190,000 Accounts After Breach
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.
π΄ Black Hat USA Offers an Inside Look at Intel's Security Engine π΄
π Read
via "Dark Reading: ".
Come to the August event and learn how Intel's Converged Security and Manageability Engine has been fine-tuned to guard against low-level firmware attacks.π Read
via "Dark Reading: ".
Darkreading
Black Hat USA Offers an Inside Look at Intelβs Security Engine
Come to the August event and learn how IntelΠΏΡΠ
s Converged Security and Manageability Engine has been fine-tuned to guard against low-level firmware attacks.
β Man posing as Hollywood superstar scams woman out of a βfortuneβ β
π Read
via "Naked Security".
She must have been star-struck, she said, after the fraudster hid behind the Fast & Furious star's photo and reached out from a fan page.π Read
via "Naked Security".
Naked Security
Man posing as Hollywood superstar scams woman out of a βfortuneβ
She must have been star-struck, she said, after the fraudster hid behind the Fast & Furious starβs photo and reached out from a fan page.
β Facebook under investigation for harvesting 1.5m usersβ contact lists β
π Read
via "Naked Security".
For years, Facebook asked some new users for email passwords, then grabbed their contacts without consent (or any way to stop the process).π Read
via "Naked Security".
Naked Security
Facebook under investigation for harvesting 1.5m usersβ contact lists
For years, Facebook asked some new users for email passwords, then grabbed their contacts without consent (or any way to stop the process).
β Docker breach of 190,000 users exposes lack of two-factor authentication β
π Read
via "Naked Security".
The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.π Read
via "Naked Security".
Naked Security
Docker breach of 190,000 users exposes lack of two-factor authentication
The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.