β WordPress WP Live Chat Support Plugin Fixes XSS Flaw β
π Read
via "Threatpost".
A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.π Read
via "Threatpost".
Threat Post
WordPress WP Live Chat Support Plugin Fixes XSS Flaw
A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.
π΄ Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter π΄
π Read
via "Dark Reading: ".
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.π Read
via "Dark Reading: ".
Dark Reading
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
π΄ Artist Uses Malware in Installation π΄
π Read
via "Dark Reading: ".
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.π Read
via "Dark Reading: ".
Darkreading
Artist Uses Malware in Installation
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
π΄ DevOps Repository Firms Establish Shared Analysis Capability π΄
π Read
via "Dark Reading: ".
Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Monday review β the hot 20 stories of the week β
π Read
via "Naked Security".
It was a week of patches - from a severe Linux kernel flaw to a new 'wormable' Windows bug, here's a roundup of the week's top stories.π Read
via "Naked Security".
Naked Security
Monday review β the hot 20 stories of the week
It was a week of patches β from a severe Linux kernel flaw to a new βwormableβ Windows bug, hereβs a roundup of the weekβs top stories.
β Bots rigged Russian finale of βThe Voice Kidsβ talent show β
π Read
via "Naked Security".
It turns out that robo-dialed calls accounted for 56.5% of the phone-in vote for the millionaire's daughter.π Read
via "Naked Security".
Naked Security
Bots rigged Russian finale of βThe Voice Kidsβ talent show
It turns out that robo-dialed calls accounted for 56.5% of the phone-in vote for the millionaireβs daughter.
β Facebook bans accounts of fake news firm β
π Read
via "Naked Security".
It's not clear who paid Archimedes Group for its reality-warping campaigns, but it's clear disinformation is now a global scourge.π Read
via "Naked Security".
Naked Security
Facebook bans accounts of fake news firm
Itβs not clear who paid Archimedes Group for its reality-warping campaigns, but itβs clear disinformation is now a global scourge.
π How to block hijacking attacks on your Google account π
π Read
via "Security on TechRepublic".
Bot and phishing attacks can compromise your G Suite account, but there is an easy way to block the majority of these attempts, according to Google.π Read
via "Security on TechRepublic".
TechRepublic
How to block hijacking attacks on your Google account
Bot and phishing attacks can compromise your G Suite account, but there is an easy way to block the majority of these attempts, according to Google.
π΄ Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists π΄
π Read
via "Dark Reading: ".
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.
π΄ Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists π΄
π Read
via "Dark Reading: ".
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.
β Brave browser concerned that Client Hints could be abused for tracking β
π Read
via "Naked Security".
Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.π Read
via "Naked Security".
Naked Security
Brave browser concerned that Client Hints could be abused for tracking
Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.
β CEO told to hand back 757,000 fraudulently obtained IP addresses β
π Read
via "Naked Security".
A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.π Read
via "Naked Security".
Naked Security
CEO told to hand back 757,000 fraudulently obtained IP addresses
A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.
π΄ How a Manufacturing Firm Recovered from a Devastating Ransomware Attack π΄
π Read
via "Dark Reading: ".
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.π Read
via "Dark Reading: ".
Darkreading
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.
β ZombieLoad: How Intelβs Latest Side Channel Bug Was Discovered and Disclosed β
π Read
via "Threatpost".
Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.π Read
via "Threatpost".
Threat Post
ZombieLoad: How Intelβs Latest Side Channel Bug Was Discovered and Disclosed
Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.
π΄ 7 Signs of the Rising Threat of Magecart Attacks in 2019 π΄
π Read
via "Dark Reading: ".
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.π Read
via "Dark Reading: ".
Darkreading
7 Signs of the Rising Threat of Magecart Attacks in 2019
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
β Slack Bug Allows Remote File Hijacking, Malware Injection β
π Read
via "Threatpost".
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.π Read
via "Threatpost".
Threat Post
Slack Bug Allows Remote File Hijacking, Malware Injection
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.
ATENTIONβΌ New - CVE-2015-9287 (the_university_of_cambridge_web_authentication_system_apache_authentication_agent)
π Read
via "National Vulnerability Database".
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.π Read
via "National Vulnerability Database".
π΄ Killer SecOps Skills: Soft Is the New Hard π΄
π Read
via "Dark Reading: ".
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.π Read
via "Dark Reading: ".
Darkreading
Killer SecOps Skills: Soft Is the New Hard
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
π΄ Financial Sector Under Siege π΄
π Read
via "Dark Reading: ".
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
β Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws β
π Read
via "Threatpost".
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.π Read
via "Threatpost".
Threat Post
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
β Salesforce Woes Linger as Admins Clean Up After Service Outage β
π Read
via "Threatpost".
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.π Read
via "Threatpost".
Threat Post
Salesforce Woes Linger as Admins Clean Up After Service Outage
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.