β Google Stored G Suite Passwords in Plaintext Since 2005 β
π Read
via "Threatpost".
Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.π Read
via "Threatpost".
Threat Post
Google Stored G Suite Passwords in Plaintext Since 2005
Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.
π΄ Consumer IoT Devices Are Compromising Enterprise Networks π΄
π Read
via "Dark Reading: ".
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.π Read
via "Dark Reading: ".
Dark Reading
Consumer IoT Devices Are Compromising Enterprise Networks
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
π Arm suspends cooperation with Huawei, endangering mobile and server business π
π Read
via "Security on TechRepublic".
UK-based Arm Holdings has issued a memo to staff indicating it must stop working with Chinese equipment manufacturer Huawei, following a US trade dispute.π Read
via "Security on TechRepublic".
TechRepublic
Arm suspends cooperation with Huawei, endangering mobile and server business
UK-based Arm Holdings has issued a memo to staff indicating it must stop working with Chinese equipment manufacturer Huawei, following a US trade dispute.
π΄ The 3 Cybersecurity Rules of Trust π΄
π Read
via "Dark Reading: ".
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.π Read
via "Dark Reading: ".
Darkreading
The 3 Cybersecurity Rules of Trust
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.
π Tech news roundup: GDPR turns 1, and who makes the best apps? π
π Read
via "Security on TechRepublic".
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law in the US?π Read
via "Security on TechRepublic".
TechRepublic
Tech news roundup: GDPR turns 1, and who makes the best apps?
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law inβ¦
β Windows Zero-Day Drops on Twitter, Developer Promises 4 More β
π Read
via "Threatpost".
SandboxEscaper has released her latest local privilege-escalation exploit for Windows.π Read
via "Threatpost".
Threat Post
Windows Zero-Day Drops on Twitter, Developer Promises 4 More
SandboxEscaper has released her latest local privilege-escalation exploit for Windows.
π Tech news roundup: GDPR turns 1, and who makes the best apps? π
π Read
via "Security on TechRepublic".
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law in the US?π Read
via "Security on TechRepublic".
TechRepublic
Tech news roundup: GDPR turns 1, and who makes the best apps?
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law inβ¦
ATENTIONβΌ New - CVE-2018-1991
π Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10750
π Read
via "National Vulnerability Database".
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.π Read
via "National Vulnerability Database".
β Critical Flaws in Khan Academy Opened Door to Account Takeovers β
π Read
via "Threatpost".
The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.π Read
via "Threatpost".
Threat Post
Critical Flaws in Khan Academy Opened Door to Account Takeovers
The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.
π΄ DDoS Attacks Up in Q1 After Months of Steady Decline π΄
π Read
via "Dark Reading: ".
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.π Read
via "Dark Reading: ".
Darkreading
DDoS Attacks Up in Q1 After Months of Steady Decline
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.
π΄ Proving the Value of Security Awareness with Metrics that 'Deserve More' π΄
π Read
via "Dark Reading: ".
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.π Read
via "Dark Reading: ".
Dark Reading
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
π΄ Google Alerts Admins to Unhashed Password Storage π΄
π Read
via "Dark Reading: ".
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.π Read
via "Dark Reading: ".
Dark Reading
Google Alerts Admins to Unhashed Password Storage
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.
π΄ Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack π΄
π Read
via "Dark Reading: ".
The city's mayor says there's no 'exact timeline on when all systems will be restored.'π Read
via "Dark Reading: ".
Darkreading
Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack
The city's mayor says there's no 'exact timeline on when all systems will be restored.'
π Lithuanian DPA Hopes First GDPR Fine Is A Wake Up Call π
π Read
via "Subscriber Blog RSS Feed ".
It took a year but Lithuania's data protection authority issued its first fine, to a fintech company, for breaching three provisions of the GDPR.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Lithuanian DPA Hopes First GDPR Fine Is A Wake Up Call
It took a year but Lithuania's data protection authority issued its first fine, to a fintech company, for breaching three provisions of the GDPR.
β WannaCry-Infested Laptop Starts at $1.13M in Art Auction β
π Read
via "Threatpost".
The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.π Read
via "Threatpost".
Threat Post
WannaCry-Infested Laptop Starts at $1.13M in Art Auction
The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.
ATENTIONβΌ New - CVE-2018-7202
π Read
via "National Vulnerability Database".
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14729
π Read
via "National Vulnerability Database".
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12886
π Read
via "National Vulnerability Database".
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9809
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6514 (wordpress)
π Read
via "National Vulnerability Database".
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.π Read
via "National Vulnerability Database".