ATENTIONβΌ New - CVE-2018-16074
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16073
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16070
π Read
via "National Vulnerability Database".
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16069
π Read
via "National Vulnerability Database".
Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16064
π Read
via "National Vulnerability Database".
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-15557
π Read
via "National Vulnerability Database".
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-15556
π Read
via "National Vulnerability Database".
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-5028
π Read
via "National Vulnerability Database".
Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
π Report: Still Work To Be Done Safeguarding Federal Agencies π
π Read
via "Subscriber Blog RSS Feed ".
Many federal agencies are unprepared to "confront the dynamic cyber threats of today," according to a Senate investigation this week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Report: Still Work To Be Done Safeguarding Federal Agencies
Many federal agencies are unprepared to "confront the dynamic cyber threats of today," according to a Senate investigation this week.
π΄ How Hackers Infiltrate Open Source Projects π΄
π Read
via "Dark Reading: ".
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.π Read
via "Dark Reading: ".
Darkreading
How Hackers Infiltrate Open Source Projects
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
β Scammers Prey on Instagram Vanity and βVerified Accountβ Status β
π Read
via "Threatpost".
Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.π Read
via "Threatpost".
Threat Post
Scammers Prey on Instagram Vanity and βVerified Accountβ Status
Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.
π΄ 7 Ways to Mitigate Supply Chain Attacks π΄
π Read
via "Dark Reading: ".
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations.π Read
via "Dark Reading: ".
Dark Reading
7 Ways to Mitigate Supply Chain Attacks
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations.
π΄ Inside MLS, the New Protocol for Secure Enterprise Messaging π΄
π Read
via "Dark Reading: ".
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.π Read
via "Dark Reading: ".
Dark Reading
Inside MLS, the New Protocol for Secure Enterprise Messaging
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.
β Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank β
π Read
via "Threatpost".
Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.π Read
via "Threatpost".
Threat Post
Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank
Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.
π΄ Former Equifax CIO Sentenced to Prison for Insider Trading π΄
π Read
via "Dark Reading: ".
Jun Ying is the second Equifax employee found guilty of insider trading related to the massive 2017 data breach.π Read
via "Dark Reading: ".
Darkreading
Former Equifax CIO Sentenced to Prison for Insider Trading
Jun Ying is the second Equifax employee found guilty of insider trading related to the massive 2017 data breach.
π΄ NIST Issues IoT Risk Guidelines π΄
π Read
via "Dark Reading: ".
A new report offers the first step toward understanding and managing IoT cybersecurity risks.π Read
via "Dark Reading: ".
Dark Reading
NIST Issues IoT Risk Guidelines
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
β Smart Lock Turns Out to be Not So Smart, or Secure β
π Read
via "Threatpost".
Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.π Read
via "Threatpost".
Threat Post
Smart Lock Turns Out to be Not So Smart, or Secure
Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.
π΄ Chronicle Folds into Google π΄
π Read
via "Dark Reading: ".
Alphabet's enterprise cybersecurity division will become part of the Google security portfolio.π Read
via "Dark Reading: ".
Dark Reading
Chronicle Folds into Google
Alphabet's enterprise cybersecurity division will become part of the Google security portfolio.
π΄ New Exploit for Microsoft Excel Power Query π΄
π Read
via "Dark Reading: ".
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure.π Read
via "Dark Reading: ".
Darkreading
New Exploit for Microsoft Excel Power Query
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure.
β Cryptocurrency phish dials back the fear, cranks up the politeness β
π Read
via "Naked Security".
Spammers and scammers are getting better at spelling and grammar - so make sure you aren't relying on language alone to spot phishes...π Read
via "Naked Security".
Naked Security
Cryptocurrency phish dials back the fear, cranks up the politeness
Spammers and scammers are getting better at spelling and grammar β so make sure you arenβt relying on language alone to spot phishesβ¦
β Google Maps shortcut turns into 100-car mud pie in farmerβs field β
π Read
via "Naked Security".
Trying to save 20 minutes, 100 drivers took a Google Maps shortcut... into a field, where the mud-stuck cars then caused a 2-hour delay.π Read
via "Naked Security".
Naked Security
Google Maps shortcut turns into 100-car mud pie in farmerβs field
Trying to save 20 minutes, 100 drivers took a Google Maps shortcut⦠into a field, where the mud-stuck cars then caused a 2-hour delay.