π΄ Fighting Back Against Tech-Savvy Fraudsters π΄
π Read
via "Dark Reading: ".
Staying a step ahead requires moving beyond the security techniques of the past.π Read
via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
β Metal keys beat smart locks in NYC legal battle β
π Read
via "Naked Security".
A group of tenants in New York City have prevailed in a lawsuit against their landlord's use of smart locks.π Read
via "Naked Security".
Naked Security
Metal keys beat smart locks in NYC legal battle
A group of tenants in New York City have prevailed in a lawsuit against their landlordβs use of smart locks.
β Researchers in the Dark on Powerful LightNeuron Malware for Years β
π Read
via "Threatpost".
LightNeuron is the first to target Microsoft Exchange transport agents -- and is used as a hub for major Turla APT espionage efforts.π Read
via "Threatpost".
Threat Post
Researchers in the Dark on Powerful LightNeuron Malware, for Years
LightNeuron is the first to target Microsoft Exchange transport agents β and is used as a hub for major Turla APT espionage efforts.
π΄ Sectigo Buys Icon Labs to Expand IoT Security Platform π΄
π Read
via "Dark Reading: ".
End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.π Read
via "Dark Reading: ".
Dark Reading
Sectigo Buys Icon Labs to Expand IoT Security Platform
End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.
π Companies moving to the cloud still ignore security concerns π
π Read
via "Security on TechRepublic".
Nine in 10 cloud breaches occur due to employee mistakes, according to a Kaspersky Lab report.π Read
via "Security on TechRepublic".
TechRepublic
Companies moving to the cloud still ignore security concerns
Nine in 10 cloud breaches occur due to employee mistakes, according to a Kaspersky Lab report.
β Serious Phar Flaw Allows Arbitrary Code Execution on Drupal β
π Read
via "Threatpost".
Drupal, Typo3 and Joomla are all impacted by the bug.π Read
via "Threatpost".
Threat Post
Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Drupal, TYPO3 and Joomla are all impacted by a serious vulnerability in the phar stream wrapper that could enable arbitrary code execution on some systems.
ATENTIONβΌ New - CVE-2017-12788
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.π Read
via "National Vulnerability Database".
β Sextortion mail from yourself? It doesnβt mean youβve been hackedβ¦ β
π Read
via "Naked Security".
Here's a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselves...π Read
via "Naked Security".
Naked Security
Sextortion mail from yourself? It doesnβt mean youβve been hackedβ¦
Hereβs a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselvesβ¦
π On-device speech recognition may make smart assistants more appealing π
π Read
via "Security on TechRepublic".
Google unveiled the next-generation Google Assistant at I/O 2019, featuring an on-device speech recognition model-bypassing the need to upload voice samples to cloud systems.π Read
via "Security on TechRepublic".
β Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked β
π Read
via "Threatpost".
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.π Read
via "Threatpost".
Threat Post
Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.
ATENTIONβΌ New - CVE-2017-12839
π Read
via "National Vulnerability Database".
A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12806
π Read
via "National Vulnerability Database".
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12805
π Read
via "National Vulnerability Database".
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12804 (imageworsener)
π Read
via "National Vulnerability Database".
The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12790
π Read
via "National Vulnerability Database".
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12778
π Read
via "National Vulnerability Database".
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza.π Read
via "National Vulnerability Database".
π΄ How to Close the Critical Cybersecurity Talent Gap π΄
π Read
via "Dark Reading: ".
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.π Read
via "Dark Reading: ".
Darkreading
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
π΄ How the Skills Gap Strains - and Constrains - Security Pros π΄
π Read
via "Dark Reading: ".
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.π Read
via "Dark Reading: ".
Dark Reading
How the Skills Gap Strains - and Constrains - Security Pros
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
π News Roundup: Microsoft Build, Google I/O, and Sapphire π
π Read
via "Security on TechRepublic".
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.π Read
via "Security on TechRepublic".
π News Roundup: Microsoft Build, Google I/O, Sapphire π
π Read
via "Security on TechRepublic".
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.π Read
via "Security on TechRepublic".
TechRepublic
News Roundup: Microsoft Build, Google I/O, Sapphire
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.
β Hackers Take Over IoT Devices to βClickβ on Ads β
π Read
via "Threatpost".
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.π Read
via "Threatpost".
Threat Post
Hackers Take Over IoT Devices to βClickβ on Ads
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.