π΄ Federal Photos Filched in Contractor Breach π΄
π Read
via "Dark Reading: ".
Data should never have been on subcontractor's servers, says Customs and Border Protection.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Cognitive Bias Can Hamper Security Decisions π΄
π Read
via "Dark Reading: ".
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.π Read
via "Dark Reading: ".
Darkreading
Cognitive Bias Can Hamper Security Decisions
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
ATENTIONβΌ New - CVE-2017-13718
π Read
via "National Vulnerability Database".
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-13717
π Read
via "National Vulnerability Database".
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.π Read
via "National Vulnerability Database".
β Researchers crack digital safe using HSM flaw β
π Read
via "Naked Security".
French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.π Read
via "Naked Security".
β Researchers crack digital safe using HSM flaw β
π Read
via "Naked Security".
French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.π Read
via "Naked Security".
β Researchers crack digital safe using HSM flaw β
π Read
via "Naked Security".
French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.π Read
via "Naked Security".
β Itβs a SCAM: Send Bitcoin or your companyβs reputation is TOAST! β
π Read
via "Naked Security".
"I will insult people. And everyone will not care that it's not you." But it's social-disaster baloney!π Read
via "Naked Security".
Naked Security
Itβs a SCAM: Send Bitcoin or your companyβs reputation is TOAST!
βI will insult people. And everyone will not care that itβs not you.β But itβs social-disaster baloney!
β iOS 13 will map the apps that are tracking you β
π Read
via "Naked Security".
A map will display the snail-slime trails that we all leave behind in our daily travels and through which background tracking apps follow us.π Read
via "Naked Security".
Naked Security
iOS 13 will map the apps that are tracking you
A map will display the snail-slime trails that we all leave behind in our daily travels and through which background tracking apps follow us.
β Critical flaws found in Amcrest security cameras β
π Read
via "Naked Security".
The Amcrest 721 family of security cameras features six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.π Read
via "Naked Security".
Naked Security
Critical flaws found in Amcrest security cameras
The Amcrest 721 family of security cameras features six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.
β Data Breach Exposes 100K U.S. Traveler Photos, License Plates β
π Read
via "Threatpost".
A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.π Read
via "Threatpost".
Threat Post
Data Breach Exposes 100K U.S. Traveler Photos, License Plates
A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.
π More than 3B fake emails sent daily as phishing attacks persist π
π Read
via "Security on TechRepublic".
Some 140,000 more domains are using DMARC records since the start of 2019, though DMARC-based enforcement remains complex to implement.π Read
via "Security on TechRepublic".
TechRepublic
More than 3B fake emails sent daily as phishing attacks persist
Some 140,000 more domains are using DMARC records since the start of 2019, though DMARC-based enforcement remains complex to implement.
π΄ Getting Up to Speed on Magecart π΄
π Read
via "Dark Reading: ".
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.π Read
via "Dark Reading: ".
Darkreading
Getting Up to Speed on Magecart
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
β Troy Hunt Looks to Sell Have I Been Pwned β
π Read
via "Threatpost".
"Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service.π Read
via "Threatpost".
Threat Post
Troy Hunt Looks to Sell Have I Been Pwned
"Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service.
β Critical Adobe Flash, ColdFusion Vulnerabilities Patched β
π Read
via "Threatpost".
Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.π Read
via "Threatpost".
Threat Post
Critical Adobe Flash, ColdFusion Vulnerabilities Patched
Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.
β Linux Command-Line Editors Vulnerable to High-Severity Bug β
π Read
via "Threatpost".
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.π Read
via "Threatpost".
Threat Post
Linux Command-Line Editors Vulnerable to High-Severity Bug
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.
β Near-Ubiquitous Critical Microsoft RCE Bugs Affect All Versions of Windows β
π Read
via "Threatpost".
The two CVEs allow bypasses to get around NTLM relay attack mitigations.π Read
via "Threatpost".
Threat Post
Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows
The two CVEs allow bypasses to get around NTLM relay attack mitigations.
π΄ FBI Warns of Dangers in 'Safe' Websites π΄
π Read
via "Dark Reading: ".
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.π Read
via "Dark Reading: ".
Darkreading
FBI Warns of Dangers in 'Safe' Websites
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
π How to protect your network against security flaws in Microsoft's NTLM protocol π
π Read
via "Security on TechRepublic".
Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication.π Read
via "Security on TechRepublic".
π΄ What 3 Powerful GoT Women Teach Us about Cybersecurity π΄
π Read
via "Dark Reading: ".
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
β Google Calendar Attacks Target Unwitting Mobile Users β
π Read
via "Threatpost".
Automatic invite notifications are spreading malicious links.π Read
via "Threatpost".
Threat Post
Google Calendar Attacks Target Unwitting Mobile Users
Automatic invite notifications are spreading malicious links.