π΄ Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists π΄
π Read
via "Dark Reading: ".
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.
β Brave browser concerned that Client Hints could be abused for tracking β
π Read
via "Naked Security".
Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.π Read
via "Naked Security".
Naked Security
Brave browser concerned that Client Hints could be abused for tracking
Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.
β CEO told to hand back 757,000 fraudulently obtained IP addresses β
π Read
via "Naked Security".
A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.π Read
via "Naked Security".
Naked Security
CEO told to hand back 757,000 fraudulently obtained IP addresses
A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.
π΄ How a Manufacturing Firm Recovered from a Devastating Ransomware Attack π΄
π Read
via "Dark Reading: ".
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.π Read
via "Dark Reading: ".
Darkreading
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.
β ZombieLoad: How Intelβs Latest Side Channel Bug Was Discovered and Disclosed β
π Read
via "Threatpost".
Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.π Read
via "Threatpost".
Threat Post
ZombieLoad: How Intelβs Latest Side Channel Bug Was Discovered and Disclosed
Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.
π΄ 7 Signs of the Rising Threat of Magecart Attacks in 2019 π΄
π Read
via "Dark Reading: ".
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.π Read
via "Dark Reading: ".
Darkreading
7 Signs of the Rising Threat of Magecart Attacks in 2019
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
β Slack Bug Allows Remote File Hijacking, Malware Injection β
π Read
via "Threatpost".
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.π Read
via "Threatpost".
Threat Post
Slack Bug Allows Remote File Hijacking, Malware Injection
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.
ATENTIONβΌ New - CVE-2015-9287 (the_university_of_cambridge_web_authentication_system_apache_authentication_agent)
π Read
via "National Vulnerability Database".
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.π Read
via "National Vulnerability Database".
π΄ Killer SecOps Skills: Soft Is the New Hard π΄
π Read
via "Dark Reading: ".
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.π Read
via "Dark Reading: ".
Darkreading
Killer SecOps Skills: Soft Is the New Hard
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
π΄ Financial Sector Under Siege π΄
π Read
via "Dark Reading: ".
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
β Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws β
π Read
via "Threatpost".
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.π Read
via "Threatpost".
Threat Post
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
β Salesforce Woes Linger as Admins Clean Up After Service Outage β
π Read
via "Threatpost".
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.π Read
via "Threatpost".
Threat Post
Salesforce Woes Linger as Admins Clean Up After Service Outage
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
π΄ 97% of Americans Can't Ace a Basic Security Test π΄
π Read
via "Dark Reading: ".
Still, a new Google study uncovers a bit of good news, too.π Read
via "Dark Reading: ".
Dark Reading
97% of Americans Can't Ace a Basic Security Test
Still, a new Google study uncovers a bit of good news, too.
ATENTIONβΌ New - CVE-2018-12270
π Read
via "National Vulnerability Database".
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.π Read
via "National Vulnerability Database".
π How has GDPR actually affected businesses? π
π Read
via "Security on TechRepublic".
The EU's General Data Protection Regulation is now a year old, and has resulted in financial repercussions and changes to how businesses handle data.π Read
via "Security on TechRepublic".
TechRepublic
How has GDPR actually affected businesses?
The EU's General Data Protection Regulation is now a year old, and has resulted in financial repercussions and changes to how businesses handle data.
π The current cybersecurity landscape of guerrilla warfare π
π Read
via "Security on TechRepublic".
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.π Read
via "Security on TechRepublic".
TechRepublic
The current cybersecurity landscape of guerrilla warfare
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.
π The current cybersecurity landscape of guerrilla warfare π
π Read
via "Security on TechRepublic".
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.π Read
via "Security on TechRepublic".
TechRepublic
The current cybersecurity landscape of guerrilla warfare
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.
π California Consumer Privacy Act Amendment Blocked by Lawmakers π
π Read
via "Subscriber Blog RSS Feed ".
SB 561, a contested amendment to the California Consumer Privacy Act that could have expanded the right of consumers to sue companies over their handling of personal data, has been shelved by the state for now, likely giving businesses a sigh a relief.π Read
via "Subscriber Blog RSS Feed ".
β Windows 10 Update Bricks PCs, Microsoft Offers Workarounds β
π Read
via "Threatpost".
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.π Read
via "Threatpost".
Threat Post
Windows 10 Update Bricks PCs, Microsoft Offers Workarounds
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.
β Sharing Threat Intelligence: Time for an Overhaul β
π Read
via "Threatpost".
All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.π Read
via "Threatpost".
Threat Post
Sharing Threat Intelligence: Time for an Overhaul
All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.
π΄ New Trickbot Variant Uses URL Redirection to Spread π΄
π Read
via "Dark Reading: ".
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.π Read
via "Dark Reading: ".
Darkreading
New Trickbot Variant Uses URL Redirection to Spread
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.