β Goodbye Passwords: Hello Identity Management β
π Read
via "Threatpost".
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.π Read
via "Threatpost".
Threat Post
Goodbye Passwords: Hello Identity Management
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.
ATENTIONβΌ New - CVE-2017-13667
π Read
via "National Vulnerability Database".
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11560
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11559
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11557
π Read
via "National Vulnerability Database".
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-11365
π Read
via "National Vulnerability Database".
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9969
π Read
via "National Vulnerability Database".
In libwebp 0.5.1, there is a double free bug in libwebpmux.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8901
π Read
via "National Vulnerability Database".
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8899
π Read
via "National Vulnerability Database".
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-8897
π Read
via "National Vulnerability Database".
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7550
π Read
via "National Vulnerability Database".
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).π Read
via "National Vulnerability Database".
π΄ Moody's Downgrade of Equifax: A Wakeup Call to Boards π΄
π Read
via "Dark Reading: ".
The event provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ To Manage Security Risk, Manage Data First π΄
π Read
via "Dark Reading: ".
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
π΄ Moody's Downgrade of Equifax: A Wake-up Call to Boards π΄
π Read
via "Dark Reading: ".
The event provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.π Read
via "Dark Reading: ".
Darkreading
Moody's Outlook Downgrade of Equifax: A Wake-up Call to Boards
The move provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.
π΄ Researcher Publishes Four Zero-Day Exploits in Three Days π΄
π Read
via "Dark Reading: ".
The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π GDPR: A cheat sheet π
π Read
via "Security on TechRepublic".
Enforcement of the EU General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. Here's your GDPR go-to guide.π Read
via "Security on TechRepublic".
TechRepublic
GDPR: A cheat sheet
Enforcement of the EU General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. Here's your GDPR go-to guide.
β Google Ad Exchange in data privacy probe β
π Read
via "Naked Security".
It was triggered by a complaint filed by Dr. Johnny Ryan, CPO of privacy-focused Brave browser, which is fighting Google's search domination.π Read
via "Naked Security".
Naked Security
Google Ad Exchange in data privacy probe
It was triggered by a complaint filed by Dr. Johnny Ryan, CPO of privacy-focused Brave browser, which is fighting Googleβs search domination.
β Batterygate news: Apple to warn users if iOS updates throttle iPhones β
π Read
via "Naked Security".
Competition regulators investigated Apple due to concerns that people were needlessly repairing or replacing slow phones.π Read
via "Naked Security".
Naked Security
Batterygate news: Apple to warn users if iOS updates throttle iPhones
Competition regulators investigated Apple due to concerns that people were needlessly repairing or replacing slow phones.
β Safari test points to a future with tracker-free ads β
π Read
via "Naked Security".
Apple thinks it has come up with a way for advertisers to track how well their ads are doing without compromising user privacy.π Read
via "Naked Security".
Naked Security
Safari test points to a future with tracker-free ads
Apple thinks it has come up with a way for advertisers to track how well their ads are doing without compromising user privacy.
β Any advance on $1.2m for this virus-infested netbook? β
π Read
via "Naked Security".
Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.π Read
via "Naked Security".
Naked Security
Any advance on $1.2m for this virus-infested netbook?
Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.
π Nessus expands vulnerability scanner offerings to 16 IPs in commercial environments π
π Read
via "Security on TechRepublic".
Tenable introduced the free Nessus Essentials product, and also discussed the wisdom of building apps in Electron, along with fixes for Spectre and Meltdown.π Read
via "Security on TechRepublic".
TechRepublic
Nessus expands vulnerability scanner offerings to 16 IPs in commercial environments
Tenable introduced the free Nessus Essentials product, and also discussed the wisdom of building apps in Electron, along with fixes for Spectre and Meltdown.