β Google suspends Trends emails after revealing murder suspectβs name β
π Read
via "Naked Security".
People subscribed to Google Trends in New Zealand were emailed the murder suspect's name in violation of a New Zealand court's order.π Read
via "Naked Security".
Naked Security
Google suspends Trends emails after revealing murder suspectβs name
People subscribed to Google Trends in New Zealand were emailed the murder suspectβs name in violation of a New Zealand courtβs order.
β Rapid Incident Response Now Available through Cynetβs Free IR Service Providers Offering β
π Read
via "Threatpost".
Cynet's 360 platform is ready out-of-the-box, for fast, easy deployment across all endpoints.π Read
via "Threatpost".
Threat Post
Rapid Incident Response Now Available through Cynetβs Free IR Service Providers Offering
Cynet's 360 platform is ready out-of-the-box, for fast, easy deployment across all endpoints.
π How financial services companies can protect against mobile threats π
π Read
via "Security on TechRepublic".
Financial services organizations face a variety of cyber threats. But mobile risks represent a major Achilles' heel for the industry, says a new report from Wandera.π Read
via "Security on TechRepublic".
TechRepublic
How financial services companies can protect against mobile threats
Financial services organizations face a variety of cyber threats. But mobile risks represent a major Achilles' heel for the industry, says a new report from Wandera.
π Cybersecurity incidents cost businesses $45B last year π
π Read
via "Security on TechRepublic".
Ransomware, cryptojacking, and business email compromise attacks all ramped up the financial losses due to cyber breaches, according to the Online Trust Alliance.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity incidents cost businesses $45B last year
Ransomware, cryptojacking, and business email compromise attacks all ramped up the financial losses due to cyber breaches, according to the Online Trust Alliance.
π΄ DevOps' Inevitable Disruption of Security Strategy π΄
π Read
via "Dark Reading: ".
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.π Read
via "Dark Reading: ".
Dark Reading
DevOps' Inevitable Disruption of Security Strategy
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
π΄ Insider Threats: An M&A Dealmaker's Nightmare π΄
π Read
via "Dark Reading: ".
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.π Read
via "Dark Reading: ".
Dark Reading
Insider Threats: An M&A Dealmaker's Nightmare
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
β Backdoor discovered in Ruby strong_password library β
π Read
via "Naked Security".
An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or βgemβ) used by Ruby on Rails (RoR) web apps to check password strength.π Read
via "Naked Security".
Naked Security
Backdoor discovered in Ruby strong_password library
An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or βgemβ) used by Ruby on Rails (RoR) web apps to check password strength.
π How to secure your Zoom conference line from hackers π
π Read
via "Security on TechRepublic".
A Zero Day vulnerability allows any website to open up a video-enabled call on a Mac with the Zoom app installed. Here's how to patch it.π Read
via "Security on TechRepublic".
β Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking β
π Read
via "Threatpost".
The vulnerability can be exploited on a drive-by basis by a malicious website.π Read
via "Threatpost".
Threat Post
Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking
The vulnerability can be exploited on a drive-by basis by a malicious website.
β Marriott Hit With $123M Fine For Massive 2018 Data Breach β
π Read
via "Threatpost".
The data breach fine against Marriott by the Information Commissioner's Office comes a day after British Airways was also penalized.π Read
via "Threatpost".
Threat Post
Marriott Hit With $123M Fine For Massive 2018 Data Breach
The data breach fine against Marriott by the Information Commissioner's Office comes a day after British Airways was also penalized.
π΄ Marriott Faces $124 Million GDPR Fine in UK π΄
π Read
via "Dark Reading: ".
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.π Read
via "Dark Reading: ".
Dark Reading
Marriott Faces $124 Million GDPR Fine in UK
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
π΄ Cybercriminals Target Budding Cannabis Retailers π΄
π Read
via "Dark Reading: ".
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Target Budding Cannabis Retailers
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
ATENTIONβΌ New - CVE-2018-14866 (odoo)
π Read
via "National Vulnerability Database".
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14833
π Read
via "National Vulnerability Database".
Intuit Lacerte 2017 has Incorrect Access Control.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8407 (dcs-1130_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.π Read
via "National Vulnerability Database".
β Zoom flaw could force Mac users into meetings, expose video feed β
π Read
via "Naked Security".
Its local web server reportedly also automatically reinstalls Zoom if a user removes the app and joins a meeting.π Read
via "Naked Security".
Naked Security
Zoom flaw could force you into a meeting, expose your video feed
Its local web server reportedly also automatically reinstalls Zoom if a user removes the app and joins a meeting.
π΄ Edge Feature Section π΄
π Read
via "Dark Reading: ".
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen bookπ Read
via "Dark Reading: ".
Dark Reading
Edge Feature Section - Dark Reading
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book
β 1,300 Popular Android Apps Access Data Without Proper Permissions β
π Read
via "Threatpost".
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.π Read
via "Threatpost".
Threat Post
1,300 Popular Android Apps Access Data Without Proper Permissions
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.
π΄ Cloud Security and Risk Mitigation π΄
π Read
via "Dark Reading: ".
Just because your data isn't on-premises doesn't mean you're not responsible for security.π Read
via "Dark Reading: ".
Darkreading
Cloud Security and Risk Mitigation
Just because your data isn't on-premises doesn't mean you're not responsible for security.
ATENTIONβΌ New - CVE-2018-11307
π Read
via "National Vulnerability Database".
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8414 (dcs-1100_firmware, dcs-1130_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.π Read
via "National Vulnerability Database".