π΄ Senate Report: US Election Security 'Sorely Lacking' in 2016 π΄
π Read
via "Dark Reading: ".
Senate Intelligence Committee report released today cites weaknesses, but finds no evidence of vote-tampering.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2019-0202
π Read
via "National Vulnerability Database".
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11779
π Read
via "National Vulnerability Database".
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.π Read
via "National Vulnerability Database".
β S2 Ep1: FaceApp, logic bombs and stranger danger β Naked Security Podcast β
π Read
via "Naked Security".
Weβre finally back with Series 2 of the Naked Security Podcast. While youβve been missing us, weβve been working out how to improve the show and kitting out a dedicated studio. Youβll now find longer episodes with more opportunities to get involved. Send us your general cybersecurity questions and join the discussion via social media [β¦]π Read
via "Naked Security".
Naked Security
S2 Ep1: FaceApp, logic bombs and stranger danger β Naked Security Podcast
Weβre finally back with Series 2 of the Naked Security Podcast. Listen now!
β Browser plug-ins peddled personal data from over 4m browsers β
π Read
via "Naked Security".
Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons - and those who bought it can keep it.π Read
via "Naked Security".
Naked Security
Browser plug-ins peddled personal data from over 4m browsers
Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons β and those who bought it can keep it.
ATENTIONβΌ New - CVE-2018-20856
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20855
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20854
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.π Read
via "National Vulnerability Database".
π΄ What Every Security Team Should Know About Internet Threats π΄
π Read
via "Dark Reading: ".
Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.π Read
via "Dark Reading: ".
Dark Reading
What Every Security Team Should Know About Internet Threats
Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.
β BlueKeep guides make imminent public exploit more likely β
π Read
via "Naked Security".
A public exploit for Microsoft's BlueKeep vulnerability is just days away. In fact, for those with deep pockets, it's already here.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Black Hat Q&A: Inside the Black Hat NOC π΄
π Read
via "Dark Reading: ".
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Inside the Black Hat NOC
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
π΄ 3 Takeaways from the First American Financial Breach π΄
π Read
via "Dark Reading: ".
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.π Read
via "Dark Reading: ".
Darkreading
3 Takeaways from the First American Financial Breach
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
ATENTIONβΌ New - CVE-2018-20857
π Read
via "National Vulnerability Database".
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.π Read
via "National Vulnerability Database".
π΄ Black Hat Q&A: Inside the Black Hat NOC π΄
π Read
via "Dark Reading: ".
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Inside the Black Hat NOC
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
π 66% of SMBs don't believe they are vulnerable to cyberattacks π
π Read
via "Security on TechRepublic".
SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.π Read
via "Security on TechRepublic".
TechRepublic
66% of SMBs don't believe they are vulnerable to cyberattacks
SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.
β Sysadmins need to know β how DO you pronounce βsudoβ? β
π Read
via "Naked Security".
We take on one of #SysAdminDay's thorny issues.π Read
via "Naked Security".
Naked Security
Sysadmins need to know β how DO you pronounce βsudoβ?
We take on one of #SysAdminDayβs thorny issues.
π΄ FormGet Storage Bucket Leaks Passport Scans, Bank Details π΄
π Read
via "Dark Reading: ".
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.π Read
via "Dark Reading: ".
Dark Reading
FormGet Storage Bucket Leaks Passport Scans, Bank Details
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.
π Friday Five: 7/26 Edition π
π Read
via "Subscriber Blog RSS Feed ".
News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 7/26 Edition
News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.
ATENTIONβΌ New - CVE-2018-17210 (central_print_services)
π Read
via "National Vulnerability Database".
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.π Read
via "National Vulnerability Database".