ATENTIONβΌ New - CVE-2017-14852
π Read
via "National Vulnerability Database".
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-14851
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-14850
π Read
via "National Vulnerability Database".
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-14728
π Read
via "National Vulnerability Database".
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.π Read
via "National Vulnerability Database".
π΄ Baltimore Ransomware Attacker Was Behind Now-Suspended Twitter Account π΄
π Read
via "Dark Reading: ".
Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.π Read
via "Dark Reading: ".
Darkreading
Baltimore Ransomware Attacker Was Behind Now-Suspended Twitter Account
Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.
π΄ Microsoft Urges Businesses to Patch 'BlueKeep' Flaw π΄
π Read
via "Dark Reading: ".
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.π Read
via "Dark Reading: ".
Darkreading
Microsoft Urges Businesses to Patch 'BlueKeep' Flaw
Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.
ATENTIONβΌ New - CVE-2017-14854
π Read
via "National Vulnerability Database".
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.π Read
via "National Vulnerability Database".
π΄ Zebrocy APT Group Expands Malware Arsenal with New Backdoor Family π΄
π Read
via "Dark Reading: ".
Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.π Read
via "Dark Reading: ".
Darkreading
Zebrocy APT Group Expands Malware Arsenal with New Backdoor Family
Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.
β Apple sunsets iTunes β
π Read
via "Naked Security".
RIP iTunes, hello to the standalone Music, Podcasts and TV apps that are taking its place.π Read
via "Naked Security".
Naked Security
Apple sunsets iTunes
RIP iTunes, hello to the standalone Music, Podcasts and TV apps that are taking its place.
β Infosecurity Europe: Cryptojacking is Making a Comeback β
π Read
via "Threatpost".
At Infosecurity Europe, a security expert from Guardicore discusses a new cryptomining malware campaign called Nanshou and why the cryptojacking threat is set to get worse.π Read
via "Threatpost".
Threat Post
Infosecurity Europe: Cryptojacking is Making a Comeback
At Infosecurity Europe, a security expert from Guardicore discusses a new cryptomining malware campaign called Nanshou and why the cryptojacking threat is set to get worse.
β US visa applicants required to hand over social media info β
π Read
via "Naked Security".
As of Friday, it's no longer optional - the US is been asking for five years of social media information.π Read
via "Naked Security".
Naked Security
US visa applicants required to hand over social media info
As of Friday, itβs no longer optional β the US is asking for five years of social media information.
β GandCrab ransomware service shuts up shop β
π Read
via "Naked Security".
The authors of the GandCrab ransomware strain are shutting their ransomware-as-a-service portal, allegedly walking away with a cool $150m.π Read
via "Naked Security".
Naked Security
GandCrab ransomware crooks to shut up shop
GandCrabβs creators are giving themselves a βwell-deserved retirementβ after extorting (they say) $2 billion.
β Synthetic clicks and the macOS flaw Apple canβt seem to fix β
π Read
via "Naked Security".
A researcher has found a way to abuse synthetic clicks in macOS "Catalina", and it hasnβt even shipped yet.π Read
via "Naked Security".
Naked Security
Synthetic clicks and the macOS flaw Apple canβt seem to fix
A researcher has found a way to abuse synthetic clicks in macOS βCatalinaβ, and it hasnβt even shipped yet.
π Employees are almost as dangerous to business security as hackers and cybercriminals π
π Read
via "Security on TechRepublic".
Non-malicious insiders are among the top three threat actors, according to an ISACA report.π Read
via "Security on TechRepublic".
TechRepublic
Employees are almost as dangerous to business security as hackers and cybercriminals
Non-malicious insiders are among the top three threat actors, according to an ISACA report.
π How to protect your customers' personal identifiable information π
π Read
via "Security on TechRepublic".
Personal identifiable information (PII) was the leading type of data breach in 2018, accounting for 97% of all breaches, according to a ForgeRock report.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your customers' personal identifiable information
Personal identifiable information (PII) was the leading type of data breach in 2018, accounting for 97% of all breaches, according to a ForgeRock report.
π΄ What Cyber Skills Shortage? π΄
π Read
via "Dark Reading: ".
Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Here's how.π Read
via "Dark Reading: ".
Dark Reading
What Cyber Skills Shortage?
Employers can solve the skills gap by first recognizing that there isn't an archetypal cybersecurity job in the same way that there isn't an archetypal automotive job. Here's how.
β A New Approach for Combating Insider Threats β
π Read
via "Threatpost".
Threat detection tools don't take into account the emotional aspect of insider threats, a panel of experts said at Infosecurity Europe this week.π Read
via "Threatpost".
Threat Post
A New Approach for Combating Insider Threats
Threat detection tools don't take into account the emotional aspect of insider threats, a panel of experts said at Infosecurity Europe this week.
π΄ Imperva Snaps Up Distil Networks for API, App Security π΄
π Read
via "Dark Reading: ".
Distil Networks' technology will be integrated into Imperva's security stack following the acquisition.π Read
via "Dark Reading: ".
Dark Reading
Imperva Snaps Up Distil Networks for API, App Security
Distil Networks' technology will be integrated into Imperva's security stack following the acquisition.
β AI Isnβt Good Enough When Lives Are on the Line, Experts Warn β
π Read
via "Threatpost".
During Infosecurity Europe in London this week, cybersecurity experts sounded off on worries about artificial intelligence being used for nation state cyber weapons.π Read
via "Threatpost".
Threat Post
AI Isnβt Good Enough When Lives Are on the Line, Experts Warn
During Infosecurity Europe in London this week, cybersecurity experts sounded off on worries about artificial intelligence being used for nation state cyber weapons.
π΄ Medical Debt Collector Breach Highlights Supply Chain Dangers π΄
π Read
via "Dark Reading: ".
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.π Read
via "Dark Reading: ".
Darkreading
Medical Debt Collector Breach Highlights Supply Chain Dangers
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.
π GandCrab Ransomware Gang Calling It Quits π
π Read
via "Subscriber Blog RSS Feed ".
The cybercriminals are reportedly winding down operations around the ransomware after claiming to have made $2 billion in ransom paymentsπ Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
GandCrab Ransomware Gang Calling It Quits
The cybercriminals are reportedly winding down operations around the ransomware after claiming to have made $2 billion in ransom payments