ATENTIONβΌ New - CVE-2017-12788
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.π Read
via "National Vulnerability Database".
β Sextortion mail from yourself? It doesnβt mean youβve been hackedβ¦ β
π Read
via "Naked Security".
Here's a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselves...π Read
via "Naked Security".
Naked Security
Sextortion mail from yourself? It doesnβt mean youβve been hackedβ¦
Hereβs a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselvesβ¦
π On-device speech recognition may make smart assistants more appealing π
π Read
via "Security on TechRepublic".
Google unveiled the next-generation Google Assistant at I/O 2019, featuring an on-device speech recognition model-bypassing the need to upload voice samples to cloud systems.π Read
via "Security on TechRepublic".
β Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked β
π Read
via "Threatpost".
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.π Read
via "Threatpost".
Threat Post
Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.
ATENTIONβΌ New - CVE-2017-12839
π Read
via "National Vulnerability Database".
A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12806
π Read
via "National Vulnerability Database".
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12805
π Read
via "National Vulnerability Database".
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12804 (imageworsener)
π Read
via "National Vulnerability Database".
The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12790
π Read
via "National Vulnerability Database".
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12778
π Read
via "National Vulnerability Database".
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza.π Read
via "National Vulnerability Database".
π΄ How to Close the Critical Cybersecurity Talent Gap π΄
π Read
via "Dark Reading: ".
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.π Read
via "Dark Reading: ".
Darkreading
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
π΄ How the Skills Gap Strains - and Constrains - Security Pros π΄
π Read
via "Dark Reading: ".
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.π Read
via "Dark Reading: ".
Dark Reading
How the Skills Gap Strains - and Constrains - Security Pros
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
π News Roundup: Microsoft Build, Google I/O, and Sapphire π
π Read
via "Security on TechRepublic".
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.π Read
via "Security on TechRepublic".
π News Roundup: Microsoft Build, Google I/O, Sapphire π
π Read
via "Security on TechRepublic".
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.π Read
via "Security on TechRepublic".
TechRepublic
News Roundup: Microsoft Build, Google I/O, Sapphire
Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.
β Hackers Take Over IoT Devices to βClickβ on Ads β
π Read
via "Threatpost".
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.π Read
via "Threatpost".
Threat Post
Hackers Take Over IoT Devices to βClickβ on Ads
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.
π Cybersecurity burnout: 10 most stressful parts of the job π
π Read
via "Security on TechRepublic".
The cybersecurity skills shortage has gotten worse for the third consecutive year, according to the Information Systems Security Association.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity burnout: 10 most stressful parts of the job
The cybersecurity skills shortage has gotten worse for the third consecutive year, according to the Information Systems Security Association.
π΄ New Initiative Aims to Fast-Track Women into Cybersecurity Careers π΄
π Read
via "Dark Reading: ".
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.π Read
via "Dark Reading: ".
Dark Reading
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.
ATENTIONβΌ New - CVE-2017-12761
π Read
via "National Vulnerability Database".
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12760
π Read
via "National Vulnerability Database".
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12759
π Read
via "National Vulnerability Database".
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12758 (component_appointment)
π Read
via "National Vulnerability Database".
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.π Read
via "National Vulnerability Database".