β Zero-Day No More: Windows Bug Gets a Fix β
π Read
via "Threatpost".
0patch has released an interim micropatch for the dangerous LPE bug while we wait for Microsoft's official patch.π Read
via "Threatpost".
Threat Post
Zero-Day No More: Windows Bug Gets a Fix
0patch has released an interim micropatch for the dangerous LPE bug from SandboxEscaper, while we wait for Microsoft's official patch.
π΄ 7 Container Components That Increase a Network's Security π΄
π Read
via "Dark Reading: ".
A proof of concept at Interop19 showed just how simple a container deployment can be.π Read
via "Dark Reading: ".
Dark Reading
7 Container Components That Increase a Network's Security
A proof of concept at Interop19 showed just how simple a container deployment can be.
π΄ Robbinhood: Inside the Ransomware That Slammed Baltimore π΄
π Read
via "Dark Reading: ".
Attackers appear to have used a ransomware-as-a-service platform to wage the attack.π Read
via "Dark Reading: ".
Dark Reading
Robbinhood: Inside the Ransomware That Slammed Baltimore
Attackers appear to have used a ransomware-as-a-service platform to wage the attack.
π΄ 2.8 Billion US Consumer Records Lost in 2018 π΄
π Read
via "Dark Reading: ".
Healthcare breaches grew 400%, study shows.π Read
via "Dark Reading: ".
Darkreading
2.8 Billion US Consumer Records Lost in 2018
Healthcare breaches grew 400%, study shows.
β Is βSign in with Appleβ Marketing Spin or Privacy Magic? Experts Weigh In β
π Read
via "Threatpost".
The login scheme promises it won't share data -- and will be required for all developers using third-party sign-ins.π Read
via "Threatpost".
Threat Post
Is βSign in with Appleβ Marketing Spin or Privacy Magic? Experts Weigh In
The login scheme promises it won't share data β and will be required for all developers using third-party sign-ins.
π΄ Carbanak Attack: Two Hours to Total Compromise π΄
π Read
via "Dark Reading: ".
Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.π Read
via "Dark Reading: ".
Darkreading
Carbanak Attack: Two Hours to Total Compromise
Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.
ATENTIONβΌ New - CVE-2018-13384
π Read
via "National Vulnerability Database".
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13382
π Read
via "National Vulnerability Database".
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13381
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13380
π Read
via "National Vulnerability Database".
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13379
π Read
via "National Vulnerability Database".
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.π Read
via "National Vulnerability Database".
π΄ Adware Hidden in Android Apps Downloaded More Than 440 Million Times π΄
π Read
via "Dark Reading: ".
The heavily obfuscated adware was found in 238 different apps on Google Play.π Read
via "Dark Reading: ".
Darkreading
Adware Hidden in Android Apps Downloaded More Than 440 Million Times
The heavily obfuscated adware was found in 238 different apps on Google Play.
β Apple battles Facebook and Google with rival sign in service β
π Read
via "Naked Security".
Apple's WWDC was full of surprises including a new feature designed to make signing up for websites more private: Sign In with Apple.π Read
via "Naked Security".
Naked Security
Apple battles Facebook and Google with rival sign in service
Appleβs WWDC was full of surprises including a new feature designed to make signing up for websites more private: Sign In with Apple.
β ATM skimming crook behind bars after draining bank accounts for 2 years β
π Read
via "Naked Security".
A multi-state ATM card-skimming spree netted his gang over $800k from 531 people's bank accounts.π Read
via "Naked Security".
Naked Security
ATM skimming crook behind bars after draining bank accounts for 2 years
A multi-state ATM card-skimming spree netted his gang over $800k from 531 peopleβs bank accounts.
β Apple bans ads, third-party tracking in apps meant for kids β
π Read
via "Naked Security".
The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store.π Read
via "Naked Security".
Naked Security
Apple bans ads, third-party tracking in apps meant for kids
The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store.
β Patch Android! June 2019 update fixes eight critical flaws β
π Read
via "Naked Security".
It's that time again. June's patches for Android are here.π Read
via "Naked Security".
Naked Security
Patch Android! June 2019 update fixes eight critical flaws
Itβs that time again. Juneβs patches for Android are here.
β Newly-Identified BEC Cybergang Targets U.S. Enterprise Victims β
π Read
via "Threatpost".
At Infosecurity Europe, researchers detailed a cybergang that grew from a one-man shop launching Craigslist scams to a full-on enterprise BEC group.π Read
via "Threatpost".
Threat Post
Newly-Identified BEC Cybergang Targets U.S. Enterprise Victims
At Infosecurity Europe, researchers detailed a cybergang that grew from a one-man shop launching Craigslist scams to a full-on enterprise BEC group.
β Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang β
π Read
via "Threatpost".
At Infosecurity Europe, Threatpost gets a behind-the-scenes look at the discovery of BEC cybergang Scattered Canary.π Read
via "Threatpost".
Threat Post
Podcast: Behind-the-Scenes Look at Scattered Canary BEC Cybergang
At Infosecurity Europe, Threatpost gets a behind-the-scenes look at the discovery of BEC cybergang Scattered Canary.
π iOS developers still failing to build end-to-end encryption into apps π
π Read
via "Security on TechRepublic".
Despite a mandate from Apple, 68% of developers disable ATS globally on their apps, according to a Wandera report.π Read
via "Security on TechRepublic".
TechRepublic
iOS developers still failing to build end-to-end encryption into apps
Despite a mandate from Apple, 68% of developers disable ATS globally on their apps, according to a Wandera report.
β Why Election Trust is Dwindling in a Post-Cambridge Analytica World β
π Read
via "Threatpost".
As more data is collected, shared and sold, people are growing increasingly distrustful of technology, an expert said at Infosecurity Europe Wednesday.π Read
via "Threatpost".
Threat Post
Why Election Trust is Dwindling in a Post-Cambridge Analytica World
As more data is collected, shared and sold, people are growing increasingly distrustful of technology, an expert said at Infosecurity Europe Wednesday.
β BlueKeep βMega-Wormβ Looms as Fresh PoC Shows Full System Takeover β
π Read
via "Threatpost".
A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.π Read
via "Threatpost".
Threat Post
BlueKeep βMega-Wormβ Looms as Fresh PoC Shows Full System Takeover
A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.