π UK Sees Steep Jump in Cyber Attacks on Financial Services Firms π
π Read
via "Subscriber Blog RSS Feed ".
According to a regulator, retail banks in the region took the biggest hit last year.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
UK Sees Steep Jump in Cyber Attacks on Financial Services Firms
According to a regulator, retail banks in the region took the biggest hit last year.
π΄ Disarming Employee Weaponization π΄
π Read
via "Dark Reading: ".
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.π Read
via "Dark Reading: ".
Darkreading
Disarming Employee Weaponization
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
π DevOps will fail unless security and developer teams communicate better π
π Read
via "Security on TechRepublic".
DevOps initiatives have become important for 74% of organizations over the past year, but communication must improve for DevOps to be successful, according to Trend Micro.π Read
via "Security on TechRepublic".
TechRepublic
DevOps will fail unless security and developer teams communicate better
DevOps initiatives have become important for 74% of organizations over the past year, but communication must improve for DevOps to be successful, according to Trend Micro.
β Amazon Admits Alexa Voice Recordings Saved Indefinitely β
π Read
via "Threatpost".
Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.π Read
via "Threatpost".
Threat Post
Amazon Admits Alexa Voice Recordings Saved Indefinitely
Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.
β Serious Security: Beware eBay scrapers promising to help you with βviral promotionsβ β
π Read
via "Naked Security".
Selling items online? Watch our for people who suddenly offer to help!π Read
via "Naked Security".
Naked Security
Serious Security: Beware eBay scrapers promising to help you
Selling items online? Watch out for people who suddenly offer to help!
π Amazon Prime Day, EA gaming service's vulnerabilities, and the basics of multicloud π
π Read
via "Security on TechRepublic".
This week's TechRepublic and ZDNet news stories include the brand battle between Apple and Microsoft, Word documents containing malicious links, and the future of on-premises databases.π Read
via "Security on TechRepublic".
TechRepublic
Amazon Prime Day, EA gaming service's vulnerabilities, and the basics of multicloud
This week's TechRepublic and ZDNet news stories include the brand battle between Apple and Microsoft, Word documents containing malicious links, and the future of on-premises databases.
β Apple Transparency Report Now Includes App Store Takedown Requests β
π Read
via "Threatpost".
Apple report now includes data on requests by governments to take down apps from the tech giant's app store.π Read
via "Threatpost".
Threat Post
Apple Transparency Report Now Includes App Store Takedown Requests
Apple report now includes data on requests by governments to take down apps from the tech giants app store.
π Tech news roundup: Amazon Prime Day, EA gaming service's vulnerabilities, and the basics of multicloud π
π Read
via "Security on TechRepublic".
This week's TechRepublic and ZDNet news stories include the brand battle between Apple and Microsoft, Word documents containing malicious links, and the future of on-premises databases.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2018-11427
π Read
via "National Vulnerability Database".
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11426
π Read
via "National Vulnerability Database".
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.π Read
via "National Vulnerability Database".
π΄ 20 Questions to Ask During a Real (or Manufactured) Security Crisis π΄
π Read
via "Dark Reading: ".
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.π Read
via "Dark Reading: ".
Darkreading
20 Questions to Ask During a Real (or Manufactured) Security Crisis
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
π΄ More Than Half of SMB Devices Run Outdated Operating Systems π΄
π Read
via "Dark Reading: ".
66% of devices in small-to midsized businesses are based on expired or about-to-expire Microsoft OS versions, Alert Logic study found.π Read
via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
π΄ Sodin Ransomware Exploits Windows Privilege Escalation Bug π΄
π Read
via "Dark Reading: ".
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.π Read
via "Dark Reading: ".
Darkreading
Sodin Ransomware Exploits Windows Privilege Escalation Bug
Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.
ATENTIONβΌ New - CVE-2017-9327
π Read
via "National Vulnerability Database".
Secret data of processes managed by CM is not secured by file permissions.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9326
π Read
via "National Vulnerability Database".
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9325
π Read
via "National Vulnerability Database".
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6900
π Read
via "National Vulnerability Database".
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6216
π Read
via "National Vulnerability Database".
novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code executionπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18346
π Read
via "National Vulnerability Database".
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-17972
π Read
via "National Vulnerability Database".
packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362.π Read
via "National Vulnerability Database".
π΄ New 'WannaHydra' Malware a Triple Threat to Android π΄
π Read
via "Dark Reading: ".
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.π Read
via "Dark Reading: ".
Darkreading
New 'WannaHydra' Malware a Triple Threat to Android
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.