π Cybersecurity investments: Why ROI calculations may not tell the whole story π
π Read
via "Security on TechRepublic".
Cybersecurity spends are about loss prevention not earnings, suggests security expert Bruce Schneier. Thankfully, there are better options to ensure cybersecurity investments are maximized.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2015-9273
π Read
via "National Vulnerability Database".
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6710
π Read
via "National Vulnerability Database".
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.π Read
via "National Vulnerability Database".
β PoC Attack Escalates MikroTik Router Bug to βAs Bad As It Getsβ β
π Read
via "The first stop for security news | Threatpost ".
Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers.π Read
via "The first stop for security news | Threatpost ".
Threat Post
PoC Attack Escalates MikroTik Router Bug to βAs Bad As It Getsβ
Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers.
β Monday review β the hot 19 stories of the week β
π Read
via "Naked Security".
From the iOS lockscreen bypass to Facebook using your 2FA phone number to target market you, and everything we wrote in between. Catch up with the news from the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 19 stories of the week
From the iOS lockscreen bypass to Facebook using your 2FA phone number to target market you, and everything we wrote in between. Catch up with the news from the last seven days β itβs wβ¦
β Seven Russian cyberspies indicted for hacking, wire fraud, ID theft β
π Read
via "Naked Security".
"Bungling" Russian GRU operatives picked up by Dutch police, linked to OPCW and World Anti-Doping Agency hacks.π Read
via "Naked Security".
Naked Security
Seven Russian cyberspies indicted for hacking, wire fraud, ID theft
βBunglingβ Russian GRU operatives picked up by Dutch police, linked to OPCW and World Anti-Doping Agency hacks.
β Fitbit data leads to arrest of 90-year-old in stepdaughterβs murder β
π Read
via "Naked Security".
Her device recorded her heart rate slowing rapidly, then stopping about five minutes before her stepfather left the house.π Read
via "Naked Security".
Naked Security
Fitbit data leads to arrest of 90-year-old in stepdaughterβs murder
Her device recorded her heart rate slowing rapidly, then stopping about five minutes before her stepfather left the house.
β Attackers use voicemail hack to steal WhatsApp accounts β
π Read
via "Naked Security".
The Israeli National Cybersecurity Authority issued an alert warning that WhatsApp users could lose control of their accounts.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Phantom Secure CEO sold encrypted phones to drug cartels β
π Read
via "Naked Security".
The CEO of βuncrackableβ phone seller, Phantom Secure, has pleaded guilty to helping drug sellers keep their business locked away from the eyes of law enforcement.π Read
via "Naked Security".
Naked Security
Phantom Secure CEO sold encrypted phones to drug cartels
The CEO of βuncrackableβ phone seller, Phantom Secure, has pleaded guilty to helping drug sellers keep their business locked away from the eyes of law enforcement.
π΄ Teach Your AI Well: A Potential New Bottleneck for Cybersecurity π΄
π Read
via "Dark Reading: ".
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.π Read
via "Dark Reading: ".
Dark Reading
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
π 5 tips to secure your supply chain from cyberattacks π
π Read
via "Security on TechRepublic".
It's nearly impossible to secure supply chains from attacks like the alleged Chinese chip hack that was reported last week. But here are some tips to protect your company.π Read
via "Security on TechRepublic".
TechRepublic
5 tips to secure your supply chain from cyberattacks
It's nearly impossible to secure supply chains from attacks like the alleged Chinese chip hack that was reported last week. But here are some tips to protect your company.
β Unpatched routers bad, doubly unpatched routers worse β much, much worse! β
π Read
via "Naked Security".
Two bugs can be four times the trouble! If you missed the last Microtik router patch, you're at risk, but if you're *two* patches behind ...π Read
via "Naked Security".
Naked Security
Unpatched routers bad, doubly unpatched routers worse β much, much worse!
Two bugs can be four times the trouble! If you missed the last Microtik router patch, youβre at risk, but if youβre *two* patches behind β¦
ATENTIONβΌ New - CVE-2016-7475
π Read
via "National Vulnerability Database".
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.π Read
via "National Vulnerability Database".
β Youβve Been Hit By Ransomware. Now What? β
π Read
via "Quick Heal Blog | Latest computer security news, tips, and advice".
Estimated reading time: 3 minutesβALL YOUR FILES HAVE BEEN ENCRYPTEDβ You see that line flashing on your laptop or desktop and suddenly your adrenaline level shoots up with hundreds of questions already hitting your mindβ¦ How Do I Remove that Message? Why Canβt I Access My System? Will I Lose All My Work? Whom Should I Approach For Help? Well, instead of entering the panic mode and instantly jumping on to Google for a quick help, itβs better to keep your calm and simply follow these simple steps: Disconnect From All Connected Systems β In case your system is connected to a Wi-Fi network or external drive, then the very first thing you can do is to disconnect your infected system from all of these. This may save the ransomware from spreading to other connected networks and devices since most cyberattacks spread from connected systems. Capture A Pic β Use a camera or smartphone to click a pic of the ransom note visible on your screen, as you may need it for making a police complaint later. Capture a screenshot of the ransomware screen if your system allows you to do so. Do A Quick Research β Once you have taken the few initial steps to isolate your infected system from other connected systems and collected some proofs, you can then invest some time in doing a quick research. Most often the ransom notes are transparent and contain the name of the ransomware along with an email address. However, at times there may be no name for the ransomware and there are huge chances that it may be a total bluff. At such times, it can prove really handy to do a little research on the name of the ransomware, to confirm its authenticity. Contact The Law Enforcement β Since, ransomware hacking is a big time crime, you can and should contact your local law enforcement agency to report the incidence. The best people to approach however, are the specialized cybercrime cells and cyber police stations available in most states, for handling cybercrime issues. These cells may be available in the form of Serious Fraud Investigation Office, Economic Offence Wing or State CID Department. Reboot To Safety β Before you try rebooting your system, be absolutely determined about not paying the ransom amount under the temptation of recovering your files. Once you have made up your mind, reboot your system into βSafe Modeβ simply by holding the S key on your keyboard and pressing the power button at the same time. Try Recovering Deleted Files β The way most of the encrypting ransomware work, is they make copies of your files, encrypt these copies and then simply delete the original files. At times, there are major chances of recovering the original deleted files using free or paid file recovery tools. Who knows, you may just be lucky enough to get back your files!! Look For Decryption Tools β Just in case you have an idea about the ransomware strain, simply check out the list of decryption tools available on web. Quick Heal is quick to assist at such critical times by releasing the decryption key publicly on our website or blog, as soon as our security lab professionals are through with decryption. We have done this in the past with decryption tools for CrySiS/XTBL Ransomware, TeslaCrypt Ransomware and more. So, regardless of the frustration we may go through as a result of these cyber-attacks, the truth is that these ransomware and malware are here to stay. Thus, instead of panicking about them, itβs better to fight back and simply update our security systems, to be well prepared for any future attacks. The post Youβve Been Hit By Ransomware. Now What? appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.π Read
via "Quick Heal Blog | Latest computer security news, tips, and advice".
Quick Heal Blog | Latest computer security news, tips, and advice
Youβve Been Hit By Ransomware. Now What?
βALL YOUR FILES HAVE BEEN ENCRYPTEDβ You see that line flashing on your laptop or desktop and suddenly your adrenaline level shoots up with hundreds of questions already hitting your mindβ¦ How Do I Remove that Message? Why Canβt I Access My System? Willβ¦
β Google ramps up G Suite protections against government-backed attacks β
π Read
via "Naked Security".
Security alerts become opt-out by default from 10 October because so few admins opted in.π Read
via "Naked Security".
Naked Security
Google ramps up G Suite protections against government-backed attacks
Security alerts become opt-out by default from 10 October because so few admins opted in.
π The Wall Street Journal is helping SMBs shore up cybersecurity π
π Read
via "Security on TechRepublic".
Beleagured SMBs looking for IT security tips should check out WSJ Pro Cybersecurity and WSJ Pro Cybersecurity Small Business Academy.π Read
via "Security on TechRepublic".
TechRepublic
The Wall Street Journal is helping SMBs shore up cybersecurity
Beleagured SMBs looking for IT security tips should check out WSJ Pro Cybersecurity and WSJ Pro Cybersecurity Small Business Academy.
β Hey Portal, whatβs that Facebook device in my kitchen? β
π Read
via "Naked Security".
The company that wants to move fast and break things is moving in!π Read
via "Naked Security".
Naked Security
Hey Portal, whatβs that Facebook device in my kitchen?
The company that wants to move fast and break things is moving in!
β Microsoft hits the brakes on latest Windows 10 update β what to do β
π Read
via "Naked Security".
Microsoft has paused the Windows 10 October 2018 update while it investigates reports of deleted profiles and missing files.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π West Virginia moves forward with first mobile voting app, despite fears from security experts π
π Read
via "Security on TechRepublic".
Other US states are piloting the blockchain-based Voatz app, but cybersecurity researchers say digital voting is rife with vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
West Virginia moves forward with first mobile voting app, despite fears from security experts
Other US states are piloting the blockchain-based Voatz app, but cybersecurity researchers say digital voting is rife with vulnerabilities.
π΄ Learn to Understand and Combat New Threats at Black Hat Europe π΄
π Read
via "Dark Reading: ".
As we begin to settle into autumn, Black Hat organizers are hard at work lining up a ton of great content for the premier information security event's return to London this December.π Read
via "Dark Reading: ".
Dark Reading
Learn to Understand and Combat New Threats at Black Hat Europe
As we begin to settle into autumn, Black Hat organizers are hard at work lining up a ton of great content for the premier information security event's return to London this December.
β Magecart Group Targets Shopper Approved in Latest Attack β
π Read
via "The first stop for security news | Threatpost ".
The breach also impacted hundreds of Shopper Approved's customers.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Magecart Group Targets Shopper Approved in Latest Attack
The breach also impacted hundreds of Shopper Approvedβs customers.