ATENTIONβΌ New - CVE-2015-9272
π Read
via "National Vulnerability Database".
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-10076
π Read
via "National Vulnerability Database".
The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-10075
π Read
via "National Vulnerability Database".
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7465
π Read
via "National Vulnerability Database".
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.π Read
via "National Vulnerability Database".
β Googleβs Intra app secures older Androids with encrypted DNS β
π Read
via "Naked Security".
DNS encryption is the Next Big Thing in web encryption and Google doesn't want Android users to miss out.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Facebook doubles cooling off period to cash in on your FOMO β
π Read
via "Naked Security".
Facebook has doubled its grace period because so many leavers are getting cold feet.π Read
via "Naked Security".
Naked Security
Facebook doubles cooling off period to cash in on your FOMO
Facebook has doubled its grace period because so many leavers are getting cold feet.
β Wi-Fi versions to get names people can actually understand β
π Read
via "Naked Security".
The high priests of Wi-Fi just made your life - and the lives of wireless network equipment vendors everywhere - a little easier.π Read
via "Naked Security".
Naked Security
Wi-Fi versions to get names people can actually understand
The high priests of Wi-Fi just made your life β and the lives of wireless network equipment vendors everywhere β a little easier.
β Prison smuggler busted by his own drone camera β
π Read
via "Naked Security".
It turns out that drones advertised off the back of beautiful aerial shots also take great videos of murky drug dens.π Read
via "Naked Security".
Naked Security
Prison smuggler busted by his own drone camera
It turns out that drones advertised off the back of beautiful aerial shots also take great videos of murky drug dens.
π΄ Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Technology such as Apple's device trust score that decides you is not you is a good thing. But only if it works well.
β Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem β
π Read
via "The first stop for security news | Threatpost ".
The business of fake likes and followers turns out to be a sprawling enterprise -- likely tied back to IoT botnet activity.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem
The business of fake likes and followers turns out to be a sprawling enterprise β likely tied back to IoT botnet activity.
π΄ 12 AppSec Activities Enterprises Can't Afford to Skip π΄
π Read
via "Dark Reading: ".
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.π Read
via "Dark Reading: ".
Dark Reading
12 AppSec Activities Enterprises Can't Afford to Skip
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.
β Threatpost New Wrap Podcast For Oct. 5 β
π Read
via "The first stop for security news | Threatpost ".
Threatpost editors discuss the highlights and biggest breaking news from this past week.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Threatpost New Wrap Podcast For Oct. 5
Threatpost editors discuss the highlights and biggest breaking news from this past week.
β D-Link Patches RCE Bugs in Wireless Access Point Gear β
π Read
via "The first stop for security news | Threatpost ".
D-Link has released the beta version of the controller which addresses the reported vulnerabilities.π Read
via "The first stop for security news | Threatpost ".
Threat Post
D-Link Patches RCE Bugs in Wireless Access Point Gear
D-Link has released the beta version of the controller which addresses the reported vulnerabilities.
π΄ Successful Scammers Call After Lunch π΄
π Read
via "Dark Reading: ".
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how hackers operate.π Read
via "Dark Reading: ".
Darkreading
Successful Scammers Call After Lunch
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
β Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat β
π Read
via "The first stop for security news | Threatpost ".
A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat
A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic.
π΄ Most Home Routers Are Full of Vulnerabilities π΄
π Read
via "Dark Reading: ".
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.π Read
via "Dark Reading: ".
Dark Reading
Most Home Routers Are Full of Vulnerabilities
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
β Sony Smart TV Bug Allows Remote Access, Root Privileges β
π Read
via "The first stop for security news | Threatpost ".
Software patching becomes a new reality for smart TV owners.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Sony Smart TV Bug Allows Remote Access, Root Privileges
Software patching becomes a new reality for smart TV owners.
π΄ Mandia: Tipping Point Now Here for Rules of Cyber Engagement π΄
π Read
via "Dark Reading: ".
FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.π Read
via "Dark Reading: ".
Dark Reading
Mandia: Tipping Point Now Here for Rules of Cyber Engagement
FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.
π Cybersecurity investments: Why ROI calculations may not tell the whole story π
π Read
via "Security on TechRepublic".
Cybersecurity spends are about loss prevention not earnings, suggests security expert Bruce Schneier. Thankfully, there are better options to ensure cybersecurity investments are maximized.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2015-9273
π Read
via "National Vulnerability Database".
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6710
π Read
via "National Vulnerability Database".
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.π Read
via "National Vulnerability Database".