β Latest FinSpy Modules Lift Data from Secure Messaging Apps β
π Read
via "Threatpost".
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.π Read
via "Threatpost".
Threat Post
Latest FinSpy Modules Lift Data from Secure Messaging Apps
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
π΄ Intel Releases Updates for Storage & Diagnostic Tools π΄
π Read
via "Dark Reading: ".
CISA released an alert telling users about the updates to firmware in Intel SSD and Processor Diagnostic products.π Read
via "Dark Reading: ".
Dark Reading
Intel Releases Updates for Storage & Diagnostic Tools
CISA released an alert telling users about the updates to firmware in Intel SSD and Processor Diagnostic products.
β Zoom Pushes Emergency Patch for Webcam Hijack Flaw β
π Read
via "Threatpost".
After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.π Read
via "Threatpost".
Threat Post
Zoom Pushes Emergency Patch for Webcam Hijack Flaw
After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.
ATENTIONβΌ New - CVE-2017-7189
π Read
via "National Vulnerability Database".
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6217
π Read
via "National Vulnerability Database".
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code executionπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12652
π Read
via "National Vulnerability Database".
libpng before 1.6.32 does not properly check the length of chunks against the user limit.π Read
via "National Vulnerability Database".
π΄ Vulnerability Found in GE Anesthesia Machines π΄
π Read
via "Dark Reading: ".
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Found in GE Anesthesia Machines
GE Healthcare has released a statement claiming the bug is not in the machine itself and does not pose direct risk to patients.
π΄ Why You Need a Global View of IT Assets π΄
π Read
via "Dark Reading: ".
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.π Read
via "Dark Reading: ".
Darkreading
Why You Need a Global View of IT Assets
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
ATENTIONβΌ New - CVE-2018-10531
π Read
via "National Vulnerability Database".
An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks.π Read
via "National Vulnerability Database".
π US Coast Guard Issues Cybersecurity Best Practices for Ships π
π Read
via "Subscriber Blog RSS Feed ".
In addition to a list of best practices, the Coast Guard confirmed in an alert this week that malware affected the shipboard network of a vessel in February.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
US Coast Guard Issues Cybersecurity Best Practices for Ships
In addition to a list of best practices, the Coast Guard confirmed in an alert this week that malware affected the shipboard network of a vessel in February.
π΄ New Ransomware Targets QNAP's Network-Attached Storage Devices π΄
π Read
via "Dark Reading: ".
More than 19,000 systems in the US are potentially at risk from eCh0raix.π Read
via "Dark Reading: ".
Darkreading
New Ransomware Targets QNAP's Network-Attached Storage Devices
More than 19,000 systems in the US are potentially at risk from eCh0raix.
β Bug in Anesthesia Respirators Allows Cyber-Tampering β
π Read
via "Threatpost".
GE Healthcare said an attacker could modify gas composition parameters within the devices' respirator function.π Read
via "Threatpost".
Threat Post
Bug in Anesthesia Respirators Allows Cyber-Tampering
GE Healthcare said an attacker could modify gas composition parameters within the devices' respirator function.
π΄ Financial Firms Face Threats from Employee Mobile Devices π΄
π Read
via "Dark Reading: ".
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.π Read
via "Dark Reading: ".
Darkreading
Financial Firms Face Threats from Employee Mobile Devices
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.
π΄ Industry Insight: Checking Up on Healthcare Security π΄
π Read
via "Dark Reading: ".
Modern threats putting healthcare organization at risk, how they're improving their security posture, and where many fall short.π Read
via "Dark Reading: ".
Dark Reading
Industry Insight: Checking Up on Healthcare Security
Modern threats putting healthcare organization at risk, how they're improving their security posture, and where many fall short.
β βMozilla arenβt villains after allβ β ISPs back down after public outcry β
π Read
via "Naked Security".
Mozilla was nominated for an "Internet Villain" award - and The People Of The Internet were not pleasedπ Read
via "Naked Security".
Naked Security
βMozilla arenβt villains after allβ β ISPs back down after public outcry
Mozilla was nominated for an βInternet Villainβ award β and The People Of The Internet were not pleased
β GDPR superpowers lead to whopper ICO fines for BA, Marriott β
π Read
via "Naked Security".
The ICO isn't pulling its punches: The penalty for BA's data breach is about 367 times higher than the previous record-setting fine.π Read
via "Naked Security".
Naked Security
GDPR superpowers lead to whopper ICO fines for BA, Marriott
The ICO isnβt pulling its punches: The penalty for BAβs data breach is about 367 times higher than the previous record-setting fine.
β Cyberattack lands ship in hot water β
π Read
via "Naked Security".
Less than two months after warning of cybersecurity problems on ships, the US Coast Guard has revealed that a large international vessel has suffered a cyberattack.π Read
via "Naked Security".
Naked Security
Cyberattack lands ship in hot water
Less than two months after warning of cybersecurity problems on ships, the US Coast Guard has revealed that a large international vessel has suffered a cyberattack.
π΄ Persistent Threats Can Last Inside SMB Networks for Years π΄
π Read
via "Dark Reading: ".
The average dwell time for riskware can be as much as 869 days.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery π
π Read
via "Security on TechRepublic".
Small and medium-sized businesses lack the IT staff needed to run comprehensive security detection and response, according to Infocyte.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery
Small and medium-sized businesses lack the IT staff needed to run comprehensive security detection and response, according to Infocyte.
β Implementing Bug Bounty Programs: The Right and Wrong Approaches β
π Read
via "Threatpost".
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.π Read
via "Threatpost".
Threat Post
Implementing Bug Bounty Programs: The Right and Wrong Approaches
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.