β Monday review β the hot 18 stories of the week β
π Read
via "Naked Security".
From spying Airbnb creeps to the CSS trick that tracks your mouse movements - and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 18 stories of the week
From spying Airbnb creeps to the CSS trick that tracks your mouse movements β and everything in between. Itβs weekly roundup time.
β Break up Facebook, cofounder says: itβs an un-American monopoly β
π Read
via "Naked Security".
During the 2018 "annus horribilis", users disgusted at privacy flops swore to dump Facebook. But where else is there to go?π Read
via "Naked Security".
Naked Security
Break up Facebook, cofounder says: itβs an un-American monopoly
During the 2018 βannus horribilisβ, users disgusted at privacy flops swore to dump Facebook. But where else is there to go?
β Study finds Android smartphones riddled with suspect βbloatwareβ β
π Read
via "Naked Security".
According to a new study, Android bloatware can create hidden security and privacy risks.π Read
via "Naked Security".
Naked Security
Study finds Android smartphones riddled with suspect βbloatwareβ
According to a new study, Android bloatware can create hidden security and privacy risks.
β Two Chinese hackers indicted for massive Anthem breach β
π Read
via "Naked Security".
They're part of a gang that spearphished millions of records out of the health insurer and other businesses, the DOJ says.π Read
via "Naked Security".
Naked Security
Two people indicted for massive Anthem health data breach
Theyβre part of a gang that spearphished millions of records out of the health insurer and other businesses, the DOJ says.
π Top 5 challenges keeping IT pros up at night π
π Read
via "Security on TechRepublic".
IT professionals face a slew of concerns in today's connected ecosystem, according to an Insight Enterprises report.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 challenges keeping IT pros up at night
IT professionals face a slew of concerns in today's connected ecosystem, according to an Insight Enterprises report.
ATENTIONβΌ New - CVE-2018-12303
π Read
via "National Vulnerability Database".
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12302
π Read
via "National Vulnerability Database".
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12301
π Read
via "National Vulnerability Database".
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12300
π Read
via "National Vulnerability Database".
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12299
π Read
via "National Vulnerability Database".
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12298
π Read
via "National Vulnerability Database".
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12297
π Read
via "National Vulnerability Database".
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12296
π Read
via "National Vulnerability Database".
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12295
π Read
via "National Vulnerability Database".
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.π Read
via "National Vulnerability Database".
π΄ How Open Testing Standards Can Improve Security π΄
π Read
via "Dark Reading: ".
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.π Read
via "Dark Reading: ".
Dark Reading
How Open Testing Standards Can Improve Security
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
π How to use SFTP with a chroot jail π
π Read
via "Security on TechRepublic".
Lock down all SFTP users on your data center Linux servers with a chroot jail.π Read
via "Security on TechRepublic".
TechRepublic
How to use SFTP with a chroot jail
Lock down all SFTP users on your data center Linux servers with a chroot jail.
ATENTIONβΌ New - CVE-2012-6652
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.π Read
via "National Vulnerability Database".
β ThreatList: Top 5 Most Dangerous Attachment Types β
π Read
via "Threatpost".
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.π Read
via "Threatpost".
Threat Post
ThreatList: Top 5 Most Dangerous Attachment Types
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.
β ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks β
π Read
via "Threatpost".
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.π Read
via "Threatpost".
Threat Post
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.
π΄ 78% of Consumers Say Online Companies Must Protect Their Info π΄
π Read
via "Dark Reading: ".
Yet 68% of US consumers agree they also must do more to protect their own information.π Read
via "Dark Reading: ".
Dark Reading
78% of Consumers Say Online Companies Must Protect Their Info
Yet 68% of US consumers agree they also must do more to protect their own information.
π΄ Poorly Configured Server Exposes Most Panama Citizens' Data π΄
π Read
via "Dark Reading: ".
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.π Read
via "Dark Reading: ".
Dark Reading
Poorly Configured Server Exposes Most Panama Citizens' Data
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.