🛡 Cybersecurity & Privacy 🛡 - News

S2 Ep1: FaceApp, logic bombs and stranger danger – Naked Security Podcast

We’re finally back with Series 2 of the Naked Security Podcast. Listen now!

47 views10:32

⚠ Browser plug-ins peddled personal data from over 4m browsers ⚠

Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons - and those who bought it can keep it.

📖 Read

via "Naked Security".

Browser plug-ins peddled personal data from over 4m browsers

Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons – and those who bought it can keep it.

40 views11:07

ATENTION‼ New - CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

📖 Read

via "National Vulnerability Database".

37 views11:11

ATENTION‼ New - CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

📖 Read

via "National Vulnerability Database".

32 views11:11

ATENTION‼ New - CVE-2018-20854

An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.

📖 Read

via "National Vulnerability Database".

34 views11:11

🕴 What Every Security Team Should Know About Internet Threats 🕴

Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.

📖 Read

via "Dark Reading: ".

What Every Security Team Should Know About Internet Threats

Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.

36 views11:18

Naked Security – Sophos News

⚠ BlueKeep guides make imminent public exploit more likely ⚠

A public exploit for Microsoft's BlueKeep vulnerability is just days away. In fact, for those with deep pockets, it's already here.

📖 Read

via "Naked Security".

Sophos News

41 views11:42

🕴 Trends 🕴

📖 Read

via "Dark Reading: ".

Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

In Depth - Dark Reading

40 views11:53

🕴 Black Hat Q&A: Inside the Black Hat NOC 🕴

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

📖 Read

via "Dark Reading: ".

Black Hat Q&A: Inside the Black Hat NOC

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

37 views13:18

⚠ Happy SysAdminDay 2019! ⚠

Hey sysadmin, nice tee.

📖 Read

via "Naked Security".

Happy SysAdminDay 2019!

Hey sysadmin, nice tee.

35 views13:42

3 Takeaways from the First American Financial Breach

🕴 3 Takeaways from the First American Financial Breach 🕴

Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.

📖 Read

via "Dark Reading: ".

Darkreading

Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.

36 views14:14

ATENTION‼ New - CVE-2018-20857

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.

📖 Read

via "National Vulnerability Database".

35 views14:31

🕴 Black Hat Q&A: Inside the Black Hat NOC 🕴

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

📖 Read

via "Dark Reading: ".

Black Hat Q&A: Inside the Black Hat NOC

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

37 views14:43

66% of SMBs don't believe they are vulnerable to cyberattacks

🔐 66% of SMBs don't believe they are vulnerable to cyberattacks 🔐

SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.

📖 Read

via "Security on TechRepublic".

TechRepublic

SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.

38 views14:43

⚠ Sysadmins need to know – how DO you pronounce “sudo”? ⚠

We take on one of #SysAdminDay's thorny issues.

📖 Read

via "Naked Security".

Sysadmins need to know – how DO you pronounce “sudo”?

We take on one of #SysAdminDay’s thorny issues.

41 views14:57

🕴 FormGet Storage Bucket Leaks Passport Scans, Bank Details 🕴

Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.

📖 Read

via "Dark Reading: ".

FormGet Storage Bucket Leaks Passport Scans, Bank Details

Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.

39 views15:53

Friday Five: 7/26 Edition

🔏 Friday Five: 7/26 Edition 🔏

News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.

📖 Read

via "Subscriber Blog RSS Feed ".

Digital Guardian

News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.

37 views16:05

ATENTION‼ New - CVE-2018-17210 (central_print_services)

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.

📖 Read

via "National Vulnerability Database".

32 views16:31

‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves

❌ ‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves ❌

A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.

📖 Read

via "Threatpost".

Threat Post

A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.

35 views16:37

🕴 Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs 🕴

New study found that any database containing 15 pieces of demographic data could be used to identify individuals.

📖 Read

via "Dark Reading: ".

Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs

New study found that any database containing 15 pieces of demographic data could be used to identify individuals.

32 views16:53

🕴 Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web 🕴

The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.

📖 Read

via "Dark Reading: ".