β BlueKeep guides make imminent public exploit more likely β
π Read
via "Naked Security".
A public exploit for Microsoft's BlueKeep vulnerability is just days away. In fact, for those with deep pockets, it's already here.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Black Hat Q&A: Inside the Black Hat NOC π΄
π Read
via "Dark Reading: ".
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Inside the Black Hat NOC
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
π΄ 3 Takeaways from the First American Financial Breach π΄
π Read
via "Dark Reading: ".
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.π Read
via "Dark Reading: ".
Darkreading
3 Takeaways from the First American Financial Breach
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
ATENTIONβΌ New - CVE-2018-20857
π Read
via "National Vulnerability Database".
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.π Read
via "National Vulnerability Database".
π΄ Black Hat Q&A: Inside the Black Hat NOC π΄
π Read
via "Dark Reading: ".
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Inside the Black Hat NOC
Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
π 66% of SMBs don't believe they are vulnerable to cyberattacks π
π Read
via "Security on TechRepublic".
SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.π Read
via "Security on TechRepublic".
TechRepublic
66% of SMBs don't believe they are vulnerable to cyberattacks
SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.
β Sysadmins need to know β how DO you pronounce βsudoβ? β
π Read
via "Naked Security".
We take on one of #SysAdminDay's thorny issues.π Read
via "Naked Security".
Naked Security
Sysadmins need to know β how DO you pronounce βsudoβ?
We take on one of #SysAdminDayβs thorny issues.
π΄ FormGet Storage Bucket Leaks Passport Scans, Bank Details π΄
π Read
via "Dark Reading: ".
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.π Read
via "Dark Reading: ".
Dark Reading
FormGet Storage Bucket Leaks Passport Scans, Bank Details
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.
π Friday Five: 7/26 Edition π
π Read
via "Subscriber Blog RSS Feed ".
News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 7/26 Edition
News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.
ATENTIONβΌ New - CVE-2018-17210 (central_print_services)
π Read
via "National Vulnerability Database".
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.π Read
via "National Vulnerability Database".
β βGoogleβ Sites Are the Latest Ploy by Card-Skimming Thieves β
π Read
via "Threatpost".
A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.π Read
via "Threatpost".
Threat Post
βGoogleβ Sites Are the Latest Ploy by Card-Skimming Thieves
A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.
π΄ Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs π΄
π Read
via "Dark Reading: ".
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.π Read
via "Dark Reading: ".
Dark Reading
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
π΄ Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web π΄
π Read
via "Dark Reading: ".
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.π Read
via "Dark Reading: ".
Dark Reading
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
β Gamers Are Easy Prey for Credential Thieves β
π Read
via "Threatpost".
Gamers are easy pickings for credential crooks, thanks to lax security hygiene and poor gaming company practices.π Read
via "Threatpost".
Threat Post
Gamers Are Easy Prey for Credential Thieves
Gamers are easy pickings for credential crooks, thanks to lax security hygiene and poor gaming company practices.
β Rare Steganography Hack Can Compromise Fully Patched Websites β
π Read
via "Threatpost".
Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.π Read
via "Threatpost".
Threat Post
Rare Steganography Hack Can Compromise Fully Patched Websites
Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.
π΄ Malware Researcher Hutchins Sentenced to Supervised Release π΄
π Read
via "Dark Reading: ".
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.π Read
via "Dark Reading: ".
Darkreading
Malware Researcher Hutchins Sentenced to Supervised Release
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.
β Louisiana Gov Declares Emergency After Cyberattacks Plague Schools β
π Read
via "Threatpost".
Attacks on at least three school districts and likely others have prompted the state's first emergency due to cyberattack.π Read
via "Threatpost".
Threat Post
Louisiana Gov Declares Emergency After Cyberattacks Plague Schools
Attacks on at least three school districts and likely others have prompted the state's first emergency due to cyberattack.
β WannaCry hero gets off lightly, avoids prison β was justice done? β
π Read
via "Naked Security".
Wrote malware for money, went straight, got busted, didn't go to prison. Has US cybercrime enforcement gone soft?π Read
via "Naked Security".
Naked Security
WannaCry hero avoids prison
Marcus Hutchins, known as @MalwareTechBlog on Twitter, has been spared jail over malware charges. British-born Hutchins, who was credited with creating a βkill switchβ for WannaCry, was arrested inβ¦
ATENTIONβΌ New - CVE-2017-18379
π Read
via "National Vulnerability Database".
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.π Read
via "National Vulnerability Database".