π΄ Cisco Buys Sentryo π΄
π Read
via "Dark Reading: ".
Cisco is adding the French company's network visibility products to its IoT network lineup.π Read
via "Dark Reading: ".
Dark Reading
Cisco Buys Sentryo
Cisco is adding the French company's network visibility products to its IoT network lineup.
β The FBI is sitting on more than 641m photos of peopleβs faces β
π Read
via "Naked Security".
Its already massive facial recognition databases have ballooned, and government watchdog GAO found that the FBI isn't checking accuracy.π Read
via "Naked Security".
Naked Security
The FBI is sitting on more than 641m photos of peopleβs faces
Its already massive facial recognition databases have ballooned, and government watchdog GAO found that the FBI isnβt checking accuracy.
β Researchers eavesdrop on smartphone finger taps β
π Read
via "Naked Security".
Researchers have been experimenting with a novel way to eavesdrop on what you're typing on your smartphone - by listening to the taps of your fingers.π Read
via "Naked Security".
Naked Security
Researchers eavesdrop on smartphone finger taps
Researchers have been experimenting with a novel way to eavesdrop on what youβre typing on your smartphone β by listening to the taps of your fingers.
π΄ The Minefield of Corporate Email π΄
π Read
via "Dark Reading: ".
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.π Read
via "Dark Reading: ".
Darkreading
The Minefield of Corporate Email
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
β Whatβs the best approach to patching vulnerabilities? β
π Read
via "Naked Security".
Researchers ask: with only 1 in 20 vulnerabilities exploited, what's the best approach to patching?π Read
via "Naked Security".
Naked Security
Whatβs the best approach to patching vulnerabilities?
Researchers ask: with only 1 in 20 vulnerabilities exploited, whatβs the best approach to patching?
β Action required! Exim mail servers need urgent patching β
π Read
via "Naked Security".
Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internetβs most popular mail server, Exim.π Read
via "Naked Security".
Naked Security
Action required! Exim mail servers need urgent patching
Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internetβs most popular mail server, Exim.
π Friday Five: 6/7 Edition π
π Read
via "Subscriber Blog RSS Feed ".
The latest trade secret case, a more strict privacy bill for New York State, and the European Data Protection Supervisor's warning - catch up on the week's news with this recap!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 6/7 Edition
The latest trade secret case, a more strict privacy bill for New York State, and the European Data Protection Supervisor's warning - catch up on the week's news with this recap!
π΄ Learn the Latest Hacking Techniques at Black Hat Trainings Virginia π΄
π Read
via "Dark Reading: ".
At Black Hat's upcoming Trainings-only October event you'll have opportunities to get up to speed on the newest hacking tricks for operating systems and cloud providers.π Read
via "Dark Reading: ".
Dark Reading
Learn the Latest Hacking Techniques at Black Hat Trainings Virginia
At Black Hat's upcoming Trainings-only October event you'll have opportunities to get up to speed on the newest hacking tricks for operating systems and cloud providers.
β Troy Hunt: βMessyβ Password Problem Isnβt Getting Better β
π Read
via "Threatpost".
Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe.π Read
via "Threatpost".
Threat Post
Troy Hunt: βMessyβ Password Problem Isnβt Getting Better
Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe.
β Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web β
π Read
via "Threatpost".
One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.π Read
via "Threatpost".
Threat Post
Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web
One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.
π΄ End User Lockdown: Dark Reading Caption Contest Winners π΄
π Read
via "Dark Reading: ".
Phishing, cybersecurity training, biometrics and casual Fridays. And the winners are ...π Read
via "Dark Reading: ".
Dark Reading
End User Lockdown: Dark Reading Caption Contest Winners
Phishing, cybersecurity training, biometrics and casual Fridays. And the winners are ...
β News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety β
π Read
via "Threatpost".
The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week.π Read
via "Threatpost".
Threat Post
News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety
The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week.
π Autonomous versus automated: What each means and why it matters π
π Read
via "Security on TechRepublic".
The terms autonomous and automated often get mixed up. When designing security strategies, knowing the distinctions between the two has its perks.π Read
via "Security on TechRepublic".
TechRepublic
Autonomous versus automated: What each means and why it matters
The terms autonomous and automated often get mixed up. When designing security strategies, knowing the distinctions between the two has its perks.
β SandboxEscaper Debuts ByeBear Windows Patch Bypass β
π Read
via "Threatpost".
SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.π Read
via "Threatpost".
Threat Post
SandboxEscaper Debuts ByeBear Windows Patch Bypass
SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.
β Forget BlueKeep: Beware the GoldBrute β
π Read
via "Threatpost".
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days β and counting.π Read
via "Threatpost".
Threat Post
Forget BlueKeep: Beware the GoldBrute
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days β and counting.
ATENTIONβΌ New - CVE-2018-6185
π Read
via "National Vulnerability Database".
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-5798
π Read
via "National Vulnerability Database".
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-5265
π Read
via "National Vulnerability Database".
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20135
π Read
via "National Vulnerability Database".
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20091
π Read
via "National Vulnerability Database".
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.π Read
via "National Vulnerability Database".
π΄ Massive Changes to Tech and Platforms, But Cybercrime? Not So Much π΄
π Read
via "Dark Reading: ".
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.π Read
via "Dark Reading: ".
Darkreading
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.