π΄ Intelligent Authentication Market Grows to Meet Demand π΄
π Read
via "Dark Reading: ".
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.π Read
via "Dark Reading: ".
Darkreading
Intelligent Authentication Market Grows to Meet Demand
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
β WordPress Plugin WP Statistics Patches XSS Flaw β
π Read
via "Threatpost".
A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.π Read
via "Threatpost".
Threat Post
WordPress Plugin WP Statistics Patches XSS Flaw
A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.
π΄ UK Forensics Firm Paid Ransom in Cyberattack π΄
π Read
via "Dark Reading: ".
Victim firm Eurofins Scientific handles more than 70,000 criminal cases per year in the UK.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Data Breach Lessons from the Trenches β
π Read
via "Threatpost".
How companies can identify their own insecure data, remediate data breaches and proactively secure data against future attacks.π Read
via "Threatpost".
Threat Post
Data Breach Lessons from the Trenches
How companies can identify their own insecure data, remediate data breaches and proactively secure data against future attacks.
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From RDP BlueKeep's message for admins to Medtronic's recall of hackable insulin pumps - and everything in between.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From RDP BlueKeepβs message for admins to Medtronicβs recall of hackable insulin pumps β and everything in between.
β New Yearβs eve gaming DDoSer lulz himself into a 27-month sentence β
π Read
via "Naked Security".
Back in 2014, @DerpTrolling said he attacked sites simply based on requests from people who tweeted suggested targets.π Read
via "Naked Security".
Naked Security
New Yearβs eve gaming DDoSer lulz himself into a 27-month sentence
Back in 2014, @DerpTrolling said he attacked sites simply based on requests from people who tweeted suggested targets.
β ISPs call Mozilla βInternet Villainβ for promoting DNS privacy β
π Read
via "Naked Security".
ISPA has shortlisted Mozilla for the sort of award that, on the face of it, no tech company should be keen to win - 2019βs Internet Villain.π Read
via "Naked Security".
Naked Security
ISPs call Mozilla βInternet Villainβ for promoting DNS privacy
ISPA has shortlisted Mozilla for the sort of award that, on the face of it, no tech company should be keen to win β 2019βs Internet Villain.
π΄ 7 Hot Cybersecurity Trends to Be Highlighted at Black Hat π΄
π Read
via "Dark Reading: ".
Just some of the research and ideas worth checking out at this year's 'security summer camp.'π Read
via "Dark Reading: ".
Dark Reading
Slideshows - Dark Reading
Dark Reading: Connecting The Information Security Community. Explore our slideshows.
β Privacy and security risks as Sign In with Apple tweaks Open ID protocol β
π Read
via "Naked Security".
An open letter from the OpenID Foundation says that Apple introduced potential risks when it diverged from the OpenID Connect protocol.π Read
via "Naked Security".
Naked Security
Privacy and security risks as Sign In with Apple tweaks Open ID protocol
An open letter from the OpenID Foundation says that Apple introduced potential risks when it diverged from the OpenID Connect protocol.
π How to use multiplexing to speed up the SSH π
π Read
via "Security on TechRepublic".
Improve the speed SSH can run commands on remote servers with the help of multiplexing.π Read
via "Security on TechRepublic".
TechRepublic
How to use multiplexing to speed up the SSH login process
Improve the speed SSH can run commands on remote servers with the help of multiplexing.
β Researchers hack VR worlds β
π Read
via "Naked Security".
Hackers just infiltrated virtual reality, enabling them to manipulate users' immersive 3D worlds.π Read
via "Naked Security".
Naked Security
Researchers hack VR worlds
Hackers just infiltrated virtual reality, enabling them to manipulate usersβ immersive 3D worlds.
π British Airways hit with Β£183M GDPR fineβcould your business be next? π
π Read
via "Security on TechRepublic".
GDPR fines are finally coming down, and companies must be prepared to comply with the regulations or pay up.π Read
via "Security on TechRepublic".
TechRepublic
British Airways hit with Β£183M GDPR fineβcould your business be next?
GDPR fines are finally coming down, and companies must be prepared to comply with the regulations or pay up.
β Post-Data Breach, British Airways Slapped With Record $230M Fine β
π Read
via "Threatpost".
A proposed $230 million fine on British Airways after a data breach would be the biggest GDPR penalty yet.π Read
via "Threatpost".
Threat Post
Post-Data Breach, British Airways Slapped With Record $230M Fine
A proposed $230 million fine on British Airways after a data breach would be the biggest GDPR penalty yet.
π Why Apple should follow Microsoft's move to get rid of passwords π
π Read
via "Security on TechRepublic".
Apple is testing biometric authentication as a new way of signing in to iCloud.com.π Read
via "Security on TechRepublic".
π΄ Smash-and-Grab Crime Threatens Enterprise Security π΄
π Read
via "Dark Reading: ".
Getting your company smartphone or laptop stolen from your car isn't just a hassle; it can have large regulatory ramifications, too. Visibility is the answer.π Read
via "Dark Reading: ".
ATENTIONβΌ New - CVE-2018-11563
π Read
via "National Vulnerability Database".
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.π Read
via "National Vulnerability Database".
β Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software β
π Read
via "Threatpost".
Google Project Zero finds Apple iMessage bug that bricks iPhones running older versions of the company's iOS software.π Read
via "Threatpost".
Threat Post
Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software
Google Project Zero finds Apple iMessage bug that bricks iPhones running older versions of the company's iOS software.
π΄ Broadcom Moves Forward on Symantec Acquisition π΄
π Read
via "Dark Reading: ".
Reports indicate a deal could be made by mid-July as Broadcom secures financing for the purchase.π Read
via "Dark Reading: ".
Dark Reading
Broadcom Moves Forward on Symantec Acquisition
Reports indicate a deal could be made by mid-July as Broadcom secures financing for the purchase.
ATENTIONβΌ New - CVE-2017-8408 (dcs-1130_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "cgibox" is the one that has the vulnerable function "sub_7EAFC" that receives the values sent by the GET request. If we open this binary in IDA-pro we will notice that this follows a ARM little endian format. The function sub_7EAFC in IDA pro is identified to be receiving the values sent in the GET request and the value set in GET parameter "user" is extracted in function sub_7E49C which is then passed to the vulnerable system API call.π Read
via "National Vulnerability Database".
β GoBotKR Targets Pirate Torrents to Build a DDoS Botnet β
π Read
via "Threatpost".
The authors have tweaked a known piece of malware to specifically target Korean TV fans.π Read
via "Threatpost".
Threat Post
GoBotKR Targets Pirate Torrents to Build a DDoS Botnet
The authors have tweaked a known piece of malware to specifically target Korean TV fans.
π΄ NIST Sets Draft Guidelines for Government AI π΄
π Read
via "Dark Reading: ".
This is the first formal step in writing the standards that will guide the implementation of AI technologies within the federal government.π Read
via "Dark Reading: ".
Dark Reading
NIST Sets Draft Guidelines for Government AI
This is the first formal step in writing the standards that will guide the implementation of AI technologies within the federal government.