π Tech news roundup: GDPR turns 1, and who makes the best apps? π
π Read
via "Security on TechRepublic".
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law in the US?π Read
via "Security on TechRepublic".
TechRepublic
Tech news roundup: GDPR turns 1, and who makes the best apps?
Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law inβ¦
ATENTIONβΌ New - CVE-2018-1991
π Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10750
π Read
via "National Vulnerability Database".
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.π Read
via "National Vulnerability Database".
β Critical Flaws in Khan Academy Opened Door to Account Takeovers β
π Read
via "Threatpost".
The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.π Read
via "Threatpost".
Threat Post
Critical Flaws in Khan Academy Opened Door to Account Takeovers
The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.
π΄ DDoS Attacks Up in Q1 After Months of Steady Decline π΄
π Read
via "Dark Reading: ".
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.π Read
via "Dark Reading: ".
Darkreading
DDoS Attacks Up in Q1 After Months of Steady Decline
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.
π΄ Proving the Value of Security Awareness with Metrics that 'Deserve More' π΄
π Read
via "Dark Reading: ".
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.π Read
via "Dark Reading: ".
Dark Reading
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
π΄ Google Alerts Admins to Unhashed Password Storage π΄
π Read
via "Dark Reading: ".
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.π Read
via "Dark Reading: ".
Dark Reading
Google Alerts Admins to Unhashed Password Storage
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.
π΄ Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack π΄
π Read
via "Dark Reading: ".
The city's mayor says there's no 'exact timeline on when all systems will be restored.'π Read
via "Dark Reading: ".
Darkreading
Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack
The city's mayor says there's no 'exact timeline on when all systems will be restored.'
π Lithuanian DPA Hopes First GDPR Fine Is A Wake Up Call π
π Read
via "Subscriber Blog RSS Feed ".
It took a year but Lithuania's data protection authority issued its first fine, to a fintech company, for breaching three provisions of the GDPR.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Lithuanian DPA Hopes First GDPR Fine Is A Wake Up Call
It took a year but Lithuania's data protection authority issued its first fine, to a fintech company, for breaching three provisions of the GDPR.
β WannaCry-Infested Laptop Starts at $1.13M in Art Auction β
π Read
via "Threatpost".
The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.π Read
via "Threatpost".
Threat Post
WannaCry-Infested Laptop Starts at $1.13M in Art Auction
The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.
ATENTIONβΌ New - CVE-2018-7202
π Read
via "National Vulnerability Database".
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14729
π Read
via "National Vulnerability Database".
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12886
π Read
via "National Vulnerability Database".
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9809
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6514 (wordpress)
π Read
via "National Vulnerability Database".
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.π Read
via "National Vulnerability Database".
π΄ Data Asset Management: What Do You Really Need? π΄
π Read
via "Dark Reading: ".
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.π Read
via "Dark Reading: ".
Dark Reading
Data Asset Management: What Do You Really Need?
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
π΄ New Software Skims Credit Card Info From Online Credit Card Transactions π΄
π Read
via "Dark Reading: ".
The new exploit builds a fake frame around legitimate portions of an online commerce website.π Read
via "Dark Reading: ".
Darkreading
New Software Skims Credit Card Info From Online Credit Card Transactions
The new exploit builds a fake frame around legitimate portions of an online commerce website.
ATENTIONβΌ New - CVE-2017-9808
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8777
π Read
via "National Vulnerability Database".
Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8341
π Read
via "National Vulnerability Database".
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8340
π Read
via "National Vulnerability Database".
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.π Read
via "National Vulnerability Database".