β DHS policies allow unlimited, warrantless device search β
π Read
via "Naked Security".
Newly revealed policies show border agents can search devices for pretty much any reason, including if some other agency asked them to.π Read
via "Naked Security".
Naked Security
DHS policies allow unlimited, warrantless device search
Newly revealed policies show border agents can search devices for pretty much any reason, including if some other agency asked them to.
π Companies are still failing to effectively manage passwords π
π Read
via "Security on TechRepublic".
Though most businesses have complex password requirements in place, many are falling into other traps of poor password management, according to a survey from OneLogin.π Read
via "Security on TechRepublic".
TechRepublic
Companies are still failing to effectively manage passwords
Though most businesses have complex password requirements in place, many are falling into other traps of poor password management, according to a survey from OneLogin.
π How to protect your business from account takeover attacks: 3 tips π
π Read
via "Security on TechRepublic".
Account takeovers are one of the fastest-growing email security threats hitting Office 365 accounts, according to Barracuda.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your business from account takeover attacks: 3 tips
Account takeovers are one of the fastest-growing email security threats hitting Office 365 accounts, according to Barracuda.
β World Password Day β what (NOT!) to do β
π Read
via "Naked Security".
Yeah, yeah, yeah... we really ought to get around to picking proper passwords for everything - and here's why!π Read
via "Naked Security".
Naked Security
World Password Day β what (NOT!) to do
Yeah, yeah, yeahβ¦ we really ought to get around to picking proper passwords for everything β and hereβs why!
π Digital transformation increases cyber risk for 8 out of 10 companies π
π Read
via "Security on TechRepublic".
Organizations are not prepared to handle cyber breaches due to gaps in IT security and basic operations, according to a 1E survey.π Read
via "Security on TechRepublic".
TechRepublic
Digital transformation increases cyber risk for 8 out of 10 companies
Organizations are not prepared to handle cyber breaches due to gaps in IT security and basic operations, according to a 1E survey.
π Hackers impersonate Microsoft more than any other brand in phishing attacks π
π Read
via "Security on TechRepublic".
Phishers tend to focus on business during the week, social media and finance on the weekend, according to a Vade Secure report.π Read
via "Security on TechRepublic".
π΄ World Password Day or Groundhog Day? π΄
π Read
via "Dark Reading: ".
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.π Read
via "Dark Reading: ".
Darkreading
World Password Day or Groundhog Day?
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
π΄ Why Are We Still Celebrating World Password Day? π΄
π Read
via "Dark Reading: ".
Calls to eliminate the password abound on this World Password Day - and the technology to change is ready. So why can't we get off our password habit?π Read
via "Dark Reading: ".
Dark Reading
Why Are We Still Celebrating World Password Day?
Calls to eliminate the password abound on this World Password Day - and the technology to change is ready. So why can't we get off our password habit?
π΄ Facebook, Instagram Are Phishers' Favorite Social Platforms π΄
π Read
via "Dark Reading: ".
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.π Read
via "Dark Reading: ".
Darkreading
Facebook, Instagram Are Phishers' Favorite Social Platforms
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
β Cisco Warns of Critical Nexus 9000 Data Center Flaw β
π Read
via "Threatpost".
Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.π Read
via "Threatpost".
Threat Post
Cisco Warns of Critical Nexus 9000 Data Center Flaw
Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.
π 6 ways to strengthen your password π
π Read
via "Security on TechRepublic".
Make an effort to secure your digital life with these helpful, easy-to-follow password tips.π Read
via "Security on TechRepublic".
TechRepublic
6 ways to strengthen your password
Make an effort to secure your digital life with these helpful, easy-to-follow password tips.
π NIST Sets New Standard for Data Encryption Testing π
π Read
via "Subscriber Blog RSS Feed ".
NIST has updated the Federal Information Processing Standard, or FIPS, to align with the international standard, ISO 19790 for the first time,π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NIST Sets New Standard for Data Encryption Testing
NIST has updated the Federal Information Processing Standard, or FIPS, to align with the international standard, ISO 19790 for the first time,
ATENTIONβΌ New - CVE-2018-14559 (ac10_firmware, ac7_firmware, ac9_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14557 (ac10_firmware, ac7_firmware, ac9_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12244 (endpoint_protection)
π Read
via "National Vulnerability Database".
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.π Read
via "National Vulnerability Database".
π΄ Real-World Use, Risk of Open Source Code π΄
π Read
via "Dark Reading: ".
Organizations are using more open source software than ever before, but managing that code remains a challenge.π Read
via "Dark Reading: ".
Dark Reading
Real-World Use, Risk of Open Source Code
Organizations are using more open source software than ever before, but managing that code remains a challenge.
β Dell Security Support Tool Harbors High-Severity Flaws β
π Read
via "Threatpost".
Dell has patched two high-severity vulnerabilities in its SupportAssist software meant to aid security issues for customers.π Read
via "Threatpost".
Threat Post
Dell Security Support Tool Harbors High-Severity Flaws
Dell has patched two high-severity vulnerabilities in its software meant to support hardware issues for customers.
β Ladders, SkyMed Leak Employment, Medical Data for Millions β
π Read
via "Threatpost".
One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.π Read
via "Threatpost".
Threat Post
Ladders, SkyMed Leak Employment, Medical Data for Millions
One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.
ATENTIONβΌ New - CVE-2017-18374
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18373
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18372
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.π Read
via "National Vulnerability Database".