π΄ 7 Signs of the Rising Threat of Magecart Attacks in 2019 π΄
π Read
via "Dark Reading: ".
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.π Read
via "Dark Reading: ".
Darkreading
7 Signs of the Rising Threat of Magecart Attacks in 2019
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
β Slack Bug Allows Remote File Hijacking, Malware Injection β
π Read
via "Threatpost".
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.π Read
via "Threatpost".
Threat Post
Slack Bug Allows Remote File Hijacking, Malware Injection
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.
ATENTIONβΌ New - CVE-2015-9287 (the_university_of_cambridge_web_authentication_system_apache_authentication_agent)
π Read
via "National Vulnerability Database".
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.π Read
via "National Vulnerability Database".
π΄ Killer SecOps Skills: Soft Is the New Hard π΄
π Read
via "Dark Reading: ".
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.π Read
via "Dark Reading: ".
Darkreading
Killer SecOps Skills: Soft Is the New Hard
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
π΄ Financial Sector Under Siege π΄
π Read
via "Dark Reading: ".
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
β Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws β
π Read
via "Threatpost".
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.π Read
via "Threatpost".
Threat Post
Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
β Salesforce Woes Linger as Admins Clean Up After Service Outage β
π Read
via "Threatpost".
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.π Read
via "Threatpost".
Threat Post
Salesforce Woes Linger as Admins Clean Up After Service Outage
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
π΄ 97% of Americans Can't Ace a Basic Security Test π΄
π Read
via "Dark Reading: ".
Still, a new Google study uncovers a bit of good news, too.π Read
via "Dark Reading: ".
Dark Reading
97% of Americans Can't Ace a Basic Security Test
Still, a new Google study uncovers a bit of good news, too.
ATENTIONβΌ New - CVE-2018-12270
π Read
via "National Vulnerability Database".
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.π Read
via "National Vulnerability Database".
π How has GDPR actually affected businesses? π
π Read
via "Security on TechRepublic".
The EU's General Data Protection Regulation is now a year old, and has resulted in financial repercussions and changes to how businesses handle data.π Read
via "Security on TechRepublic".
TechRepublic
How has GDPR actually affected businesses?
The EU's General Data Protection Regulation is now a year old, and has resulted in financial repercussions and changes to how businesses handle data.
π The current cybersecurity landscape of guerrilla warfare π
π Read
via "Security on TechRepublic".
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.π Read
via "Security on TechRepublic".
TechRepublic
The current cybersecurity landscape of guerrilla warfare
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.
π The current cybersecurity landscape of guerrilla warfare π
π Read
via "Security on TechRepublic".
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.π Read
via "Security on TechRepublic".
TechRepublic
The current cybersecurity landscape of guerrilla warfare
A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.
π California Consumer Privacy Act Amendment Blocked by Lawmakers π
π Read
via "Subscriber Blog RSS Feed ".
SB 561, a contested amendment to the California Consumer Privacy Act that could have expanded the right of consumers to sue companies over their handling of personal data, has been shelved by the state for now, likely giving businesses a sigh a relief.π Read
via "Subscriber Blog RSS Feed ".
β Windows 10 Update Bricks PCs, Microsoft Offers Workarounds β
π Read
via "Threatpost".
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.π Read
via "Threatpost".
Threat Post
Windows 10 Update Bricks PCs, Microsoft Offers Workarounds
A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.
β Sharing Threat Intelligence: Time for an Overhaul β
π Read
via "Threatpost".
All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.π Read
via "Threatpost".
Threat Post
Sharing Threat Intelligence: Time for an Overhaul
All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.
π΄ New Trickbot Variant Uses URL Redirection to Spread π΄
π Read
via "Dark Reading: ".
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.π Read
via "Dark Reading: ".
Darkreading
New Trickbot Variant Uses URL Redirection to Spread
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.
π΄ DHS Warns of Data Theft via Chinese-Made Drones π΄
π Read
via "Dark Reading: ".
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.π Read
via "Dark Reading: ".
Dark Reading
DHS Warns of Data Theft via Chinese-Made Drones
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.
π΄ TeamViewer Admits Breach from 2016 π΄
π Read
via "Dark Reading: ".
The company says it stopped the attack launched by a Chinese hacking group.π Read
via "Dark Reading: ".
Darkreading
TeamViewer Admits Breach from 2016
The company says it stopped the attack launched by a Chinese hacking group.
π΄ Think Data Security, Not Endpoint Security π΄
π Read
via "Dark Reading: ".
A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.π Read
via "Dark Reading: ".
Dark Reading
Think Data Security, Not Endpoint Security
A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.
β WordPress plugin sees second serious security bug in six weeks β
π Read
via "Naked Security".
Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.π Read
via "Naked Security".
Naked Security
WordPress plugin sees second serious security bug in six weeks
Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.
β Rats leave the sinking ship as hackersβ forum gets hacked β
π Read
via "Naked Security".
The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.π Read
via "Naked Security".
Naked Security
Rats leave the sinking ship as hackersβ forum gets hacked
The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.