β TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies β
π Read
via "Threatpost".
XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas.π Read
via "Threatpost".
Threat Post
TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies
XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas.
π΄ Better Cybersecurity Research Requires More Data Sharing π΄
π Read
via "Dark Reading: ".
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.π Read
via "Dark Reading: ".
Dark Reading
Better Cybersecurity Research Requires More Data Sharing
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.
β News Wrap: Amazon Privacy and Telegram DDoS Attack β
π Read
via "Threatpost".
Threatpost editors Tara Seals and Lindsey O'Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.π Read
via "Threatpost".
Threat Post
News Wrap: Amazon Privacy and Telegram DDoS Attack
Threatpost editors Tara Seals and Lindsey O'Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.
ATENTIONβΌ New - CVE-2017-8252
π Read
via "National Vulnerability Database".
Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130π Read
via "National Vulnerability Database".
β ThreatList: Ransomware Trojans Picking Up Steam in 2019 β
π Read
via "Threatpost".
Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.π Read
via "Threatpost".
Threat Post
ThreatList: Ransomware Trojans Picking Up Steam in 2019
Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.
π΄ Common Hacker Tool Hit with Hackable Vulnerability π΄
π Read
via "Dark Reading: ".
A researcher has found a significant exploit in one of the most frequently used text editors.π Read
via "Dark Reading: ".
Dark Reading
Common Hacker Tool Hit with Hackable Vulnerability
A researcher has found a significant exploit in one of the most frequently used text editors.
β Ransomware: A Persistent Scourge Requiring Corporate Action Now β
π Read
via "Threatpost".
ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.π Read
via "Threatpost".
Threat Post
Ransomware: A Persistent Scourge Requiring Corporate Action Now
ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.
π΄ 10 Notable Security Acquisitions of 2019 (So Far) π΄
π Read
via "Dark Reading: ".
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.π Read
via "Dark Reading: ".
Dark Reading
10 Notable Security Acquisitions of 2019 (So Far)
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
ATENTIONβΌ New - CVE-2013-7472
π Read
via "National Vulnerability Database".
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.π Read
via "National Vulnerability Database".
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From the GoldBrute botnet to Microsoft's battle with irresponsibly disclosed bugs - and everything in between. It's your weekly roundup.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Widely used medical infusion pump can be remotely hijacked β
π Read
via "Naked Security".
These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.π Read
via "Naked Security".
Naked Security
Widely used medical infusion pump can be remotely hijacked
These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.
β Iβd like to add you to my professional network of people to spy on β
π Read
via "Naked Security".
A deepfake was reportedly spotted in the wild: LinkedIn's well-connected, young, attractive Eurasia/Russia expert "Katie Jones."π Read
via "Naked Security".
Naked Security
Iβd like to add you to my professional network of people to spy on
A deepfake was reportedly spotted in the wild: LinkedInβs well-connected, young, attractive Eurasia/Russia expert βKatie Jones.β
β Privacy foul for soccer league app that eavesdropped on users β
π Read
via "Naked Security".
The LaLiga app used phones' GPS and microphones to sniff out bars that were broadcasting soccer matches illegally.π Read
via "Naked Security".
Naked Security
Privacy foul for soccer league app that eavesdropped on users
The LaLiga app used phonesβ GPS and microphones to sniff out bars that were broadcasting soccer matches illegally.
β Yubico recalls FIPS Yubikey tokens after flaw found β
π Read
via "Naked Security".
Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Find Your Next Favorite Cybersecurity Tool at the Black Hat USA Arsenal π΄
π Read
via "Dark Reading: ".
Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.π Read
via "Dark Reading: ".
Dark Reading
Find Your Next Favorite Cybersecurity Tool at the Black Hat USA Arsenal
Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.
π΄ The Life-Changing Magic of Tidying Up the Cloud π΄
π Read
via "Dark Reading: ".
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.π Read
via "Dark Reading: ".
Dark Reading
The Life-Changing Magic of Tidying Up the Cloud
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
π΄ Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers π΄
π Read
via "Dark Reading: ".
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.π Read
via "Dark Reading: ".
Darkreading
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
ATENTIONβΌ New - CVE-2009-5157 (wag54g2_firmware)
π Read
via "National Vulnerability Database".
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.π Read
via "National Vulnerability Database".
β Microsoft Pushes Azure Users to Patch Linux Systems β
π Read
via "Threatpost".
Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92.π Read
via "Threatpost".
Threat Post
Microsoft Pushes Azure Users to Patch Linux Systems
Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92.
π Business travelers, beware: Hackers looking over your shoulder can cause data breaches π
π Read
via "Security on TechRepublic".
Some 80% of business travelers say visual hacking is a threat, according to a 3M report.π Read
via "Security on TechRepublic".
TechRepublic
Business travelers, beware: Hackers looking over your shoulder can cause data breaches
Some 80% of business travelers say visual hacking is a threat, according to a 3M report.
ATENTIONβΌ New - CVE-2018-10239
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a weakness in the "support access" password generation algorithm. A locally authenticated administrative user may be able to exploit this vulnerability if the "support access" feature is enabled, they know the support access code for the current session, and they know the algorithm to generate the support access password from the support access code. "Support access" is disabled by default. When enabled, the access will be automatically disabled (and support access code will expire) after the 24 hours.π Read
via "National Vulnerability Database".