🔐 How to secure your Zoom conference line from hackers 🔐
📖 Read
via "Security on TechRepublic".
A Zero Day vulnerability allows any website to open up a video-enabled call on a Mac with the Zoom app installed. Here's how to patch it.📖 Read
via "Security on TechRepublic".
❌ Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking ❌
📖 Read
via "Threatpost".
The vulnerability can be exploited on a drive-by basis by a malicious website.📖 Read
via "Threatpost".
Threat Post
Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking
The vulnerability can be exploited on a drive-by basis by a malicious website.
❌ Marriott Hit With $123M Fine For Massive 2018 Data Breach ❌
📖 Read
via "Threatpost".
The data breach fine against Marriott by the Information Commissioner's Office comes a day after British Airways was also penalized.📖 Read
via "Threatpost".
Threat Post
Marriott Hit With $123M Fine For Massive 2018 Data Breach
The data breach fine against Marriott by the Information Commissioner's Office comes a day after British Airways was also penalized.
🕴 Marriott Faces $124 Million GDPR Fine in UK 🕴
📖 Read
via "Dark Reading: ".
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.📖 Read
via "Dark Reading: ".
Dark Reading
Marriott Faces $124 Million GDPR Fine in UK
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
🕴 Cybercriminals Target Budding Cannabis Retailers 🕴
📖 Read
via "Dark Reading: ".
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.📖 Read
via "Dark Reading: ".
Darkreading
Cybercriminals Target Budding Cannabis Retailers
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
ATENTION‼ New - CVE-2018-14866 (odoo)
📖 Read
via "National Vulnerability Database".
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-14833
📖 Read
via "National Vulnerability Database".
Intuit Lacerte 2017 has Incorrect Access Control.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8407 (dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.📖 Read
via "National Vulnerability Database".
⚠ Zoom flaw could force Mac users into meetings, expose video feed ⚠
📖 Read
via "Naked Security".
Its local web server reportedly also automatically reinstalls Zoom if a user removes the app and joins a meeting.📖 Read
via "Naked Security".
Naked Security
Zoom flaw could force you into a meeting, expose your video feed
Its local web server reportedly also automatically reinstalls Zoom if a user removes the app and joins a meeting.
🕴 Edge Feature Section 🕴
📖 Read
via "Dark Reading: ".
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book📖 Read
via "Dark Reading: ".
Dark Reading
Edge Feature Section - Dark Reading
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book
❌ 1,300 Popular Android Apps Access Data Without Proper Permissions ❌
📖 Read
via "Threatpost".
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.📖 Read
via "Threatpost".
Threat Post
1,300 Popular Android Apps Access Data Without Proper Permissions
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.
🕴 Cloud Security and Risk Mitigation 🕴
📖 Read
via "Dark Reading: ".
Just because your data isn't on-premises doesn't mean you're not responsible for security.📖 Read
via "Dark Reading: ".
Darkreading
Cloud Security and Risk Mitigation
Just because your data isn't on-premises doesn't mean you're not responsible for security.
ATENTION‼ New - CVE-2018-11307
📖 Read
via "National Vulnerability Database".
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8414 (dcs-1100_firmware, dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8410 (dcs-1100_firmware, dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTSP header and stores it on the stack. The number of bytes to be copied are calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data then it can hold on stack and this results in corrupting the registers for the caller function sub_F6CC which results in memory corruption. The severity of this attack is enlarged by the fact that the same value is then copied on the stack in the function 0x00011378 and this allows to overflow the buffer allocated and thus control the PC register which will result in arbitrary code execution on the device.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8409 (dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8406 (dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-8405 (dcs-1100_firmware, dcs-1130_firmware)
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.📖 Read
via "National Vulnerability Database".
🔐 How to securely and completely delete files in Windows 10 without third-party software 🔐
📖 Read
via "Security on TechRepublic".
Deleting files in Windows 10 does not really delete the file. Security best practice requires deleted files to be completely overwritten more than once.📖 Read
via "Security on TechRepublic".
TechRepublic
How to securely and completely delete files in Windows 10 without third-party software | TechRepublic
Deleting files in Windows 10 does not really delete the file. Security best practice requires deleted files to be completely overwritten more than once.
🔏 Hotel Chain Fined $123 Million in Second Major GDPR Fine of Week 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
The massive fine comes one day after the ICO's fine of British Airways.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Hotel Chain Fined $123 Million in Second Major GDPR Fine of Week
The massive fine comes one day after the ICO's fine of British Airways.
🕴 What the AppSec Penetration Test Found 🕴
📖 Read
via "Dark Reading: ".
New data drills down on the types of security misconfigurations and challenges dogging application developers.📖 Read
via "Dark Reading: ".
Dark Reading
What the AppSec Penetration Test Found
New data drills down on the types of security misconfigurations and challenges dogging application developers.