π Tech news roundup: Microsoft Office 365, Facebook scandal, and AI adoption π
π Read
via "Security on TechRepublic".
Karen Roby highlights some of this weeks news coverage on TechRepublic and ZDNet. The stories include a security warning from Microsoft, a rundown of the Facebook privacy scandal and a look at the highest paying internships for 2019.π Read
via "Security on TechRepublic".
π Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown π
π Read
via "Security on TechRepublic".
Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.π Read
via "Security on TechRepublic".
TechRepublic
Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown
Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.
π Spectre and Meltdown explained: A comprehensive guide for professionals π
π Read
via "Security on TechRepublic".
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.π Read
via "Security on TechRepublic".
TechRepublic
Spectre and Meltdown explained: A comprehensive guide for professionals
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.
ATENTIONβΌ New - CVE-2016-7043
π Read
via "National Vulnerability Database".
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7285
π Read
via "National Vulnerability Database".
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.π Read
via "National Vulnerability Database".
π New Senate Bill Would Crackdown on IP Theft π
π Read
via "Subscriber Blog RSS Feed ".
A new bill introduced in the Senate this week would restrict U.S. tech exports to China and crack down on intellectual property theft.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
New Senate Bill Would Crackdown on IP Theft
A new bill introduced in the Senate this week would restrict U.S. tech exports to China and crack down on intellectual property theft.
π΄ Introducing the Digital Transformation Architect π΄
π Read
via "Dark Reading: ".
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.π Read
via "Dark Reading: ".
Dark Reading
Introducing the Digital Transformation Architect
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
β Google Titan Security Key Recalled After Bluetooth Pairing Bug β
π Read
via "Threatpost".
Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.π Read
via "Threatpost".
Threat Post
Google Titan Security Key Recalled After Bluetooth Pairing Bug
Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.
π΄ Attackers Are Messing with Encryption Traffic to Evade Detection π΄
π Read
via "Dark Reading: ".
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.π Read
via "Dark Reading: ".
Dark Reading
Attackers Are Messing with Encryption Traffic to Evade Detection
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
π΄ New Intel Vulnerabilities Bring Fresh CPU Attack Dangers π΄
π Read
via "Dark Reading: ".
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.π Read
via "Dark Reading: ".
Dark Reading
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
π΄ GDPR Drives Changes, but Privacy by Design Proves Elusive π΄
π Read
via "Dark Reading: ".
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.π Read
via "Dark Reading: ".
Darkreading
GDPR Drives Changes, but Privacy by Design Proves Elusive
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
π Cheat sheet: How to become a cybersecurity pro π
π Read
via "Security on TechRepublic".
If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide to salaries, job markets, skills, and common interview questions in the field.π Read
via "Security on TechRepublic".
TechRepublic
How to become a cybersecurity pro: A cheat sheet
If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide about salaries, job markets, skills and common interview questions in the field, as well as the top security software.
β San Francisco bans police use of facial recognition β
π Read
via "Naked Security".
The city that gave us facial recognition tech says "not in my back yard".π Read
via "Naked Security".
Naked Security
San Francisco bans police use of facial recognition
The city that gave us facial recognition tech says βnot in my back yardβ.
β Severe Linux kernel flaw found in RDS β
π Read
via "Naked Security".
Unpatched Linux systems are vulnerable to remote compromise from the local network.π Read
via "Naked Security".
Naked Security
Severe Linux kernel flaw found in RDS
Unpatched Linux systems are vulnerable to remote compromise from the local network.
β Facebook restores disabled βView Asβ feature used in 2018 breach β
π Read
via "Naked Security".
The feature still lets you see how others see you, but without leaking access tokens.π Read
via "Naked Security".
Naked Security
Facebook restores disabled βView Asβ feature used in 2018 breach
The feature still lets you see how others see you, but without leaking access tokens.
β Cybercrime Gang Behind GozNym Banking Malware Dismantled β
π Read
via "Threatpost".
Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses.π Read
via "Threatpost".
Threat Post
Cybercrime Gang Behind GozNym Banking Malware Dismantled
Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses.
β Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution β
π Read
via "Threatpost".
The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices.π Read
via "Threatpost".
Threat Post
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution
The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices.
π΄ Cyber Workforce Exec Order: Right Question, Wrong Answer π΄
π Read
via "Dark Reading: ".
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.π Read
via "Dark Reading: ".
Dark Reading
Cyber Risk recent news | Dark Reading
Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading
β Please vote for Naked Security at the European Blogger Awards 2018! β
π Read
via "Naked Security".
If you like what we do... please vote for us!π Read
via "Naked Security".
Naked Security
Please vote for Naked Security at the European Blogger Awards 2019!
If you like what we do⦠please vote for us!
π MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading π
π Read
via "Security on TechRepublic".
Hyper-Threading, Intel's implementation of symmetric multithreading (SMT) can be exploited using the newly-disclosed MDS vulnerabilities, like Fallout and ZombieLoad.π Read
via "Security on TechRepublic".
TechRepublic
MDS vulnerabilities lead Chrome OS 74 to disable hyper-threading
Hyper-Threading, Intel's implementation of symmetric multithreading (SMT) can be exploited using the newly-disclosed MDS vulnerabilities, like Fallout and ZombieLoad.