🛡 Cybersecurity & Privacy 🛡 - News

Black Hat Q&A: Inside the Black Hat NOC

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

37 views13:18

⚠ Happy SysAdminDay 2019! ⚠

Hey sysadmin, nice tee.

📖 Read

via "Naked Security".

Naked Security

Happy SysAdminDay 2019!

Hey sysadmin, nice tee.

35 views13:42

3 Takeaways from the First American Financial Breach

🕴 3 Takeaways from the First American Financial Breach 🕴

Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.

📖 Read

via "Dark Reading: ".

Darkreading

Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.

36 views14:14

ATENTION‼ New - CVE-2018-20857

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.

📖 Read

via "National Vulnerability Database".

35 views14:31

🕴 Black Hat Q&A: Inside the Black Hat NOC 🕴

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

📖 Read

via "Dark Reading: ".

Black Hat Q&A: Inside the Black Hat NOC

Cybersecurity expert Bart Stump explains what it's like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.

37 views14:43

66% of SMBs don't believe they are vulnerable to cyberattacks

🔐 66% of SMBs don't believe they are vulnerable to cyberattacks 🔐

SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.

📖 Read

via "Security on TechRepublic".

TechRepublic

SMBs aren't prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.

38 views14:43

Sysadmins need to know – how DO you pronounce “sudo”?

⚠ Sysadmins need to know – how DO you pronounce “sudo”? ⚠

We take on one of #SysAdminDay's thorny issues.

📖 Read

via "Naked Security".

Naked Security

We take on one of #SysAdminDay’s thorny issues.

41 views14:57

🕴 FormGet Storage Bucket Leaks Passport Scans, Bank Details 🕴

Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.

📖 Read

via "Dark Reading: ".

FormGet Storage Bucket Leaks Passport Scans, Bank Details

Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.

39 views15:53

Friday Five: 7/26 Edition

🔏 Friday Five: 7/26 Edition 🔏

News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.

📖 Read

via "Subscriber Blog RSS Feed ".

Digital Guardian

News about a new phishing campaign targeting Office 365 admins, the FTC's big Facebook fine, and the latest data breach statistics are all covered in this week's Friday Five.

37 views16:05

ATENTION‼ New - CVE-2018-17210 (central_print_services)

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests.

📖 Read

via "National Vulnerability Database".

32 views16:31

❌ ‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves ❌

A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.

📖 Read

via "Threatpost".

‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves

A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.

35 views16:37

🕴 Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs 🕴

New study found that any database containing 15 pieces of demographic data could be used to identify individuals.

📖 Read

via "Dark Reading: ".

Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs

New study found that any database containing 15 pieces of demographic data could be used to identify individuals.

32 views16:53

🕴 Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web 🕴

The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.

📖 Read

via "Dark Reading: ".

Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web

The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.

35 views17:43

❌ Gamers Are Easy Prey for Credential Thieves ❌

Gamers are easy pickings for credential crooks, thanks to lax security hygiene and poor gaming company practices.

📖 Read

via "Threatpost".

Gamers Are Easy Prey for Credential Thieves

Gamers are easy pickings for credential crooks, thanks to lax security hygiene and poor gaming company practices.

35 views18:42

❌ Rare Steganography Hack Can Compromise Fully Patched Websites ❌

Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.

📖 Read

via "Threatpost".

Rare Steganography Hack Can Compromise Fully Patched Websites

Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.

36 views19:22

Malware Researcher Hutchins Sentenced to Supervised Release

🕴 Malware Researcher Hutchins Sentenced to Supervised Release 🕴

Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.

📖 Read

via "Dark Reading: ".

Darkreading

Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.

47 views19:23

❌ Louisiana Gov Declares Emergency After Cyberattacks Plague Schools ❌

Attacks on at least three school districts and likely others have prompted the state's first emergency due to cyberattack.

📖 Read

via "Threatpost".

Louisiana Gov Declares Emergency After Cyberattacks Plague Schools

Attacks on at least three school districts and likely others have prompted the state's first emergency due to cyberattack.

66 views19:52

WannaCry hero avoids prison

⚠ WannaCry hero gets off lightly, avoids prison – was justice done? ⚠

Wrote malware for money, went straight, got busted, didn't go to prison. Has US cybercrime enforcement gone soft?

📖 Read

via "Naked Security".

Naked Security

Marcus Hutchins, known as @MalwareTechBlog on Twitter, has been spared jail over malware charges. British-born Hutchins, who was credited with creating a “kill switch” for WannaCry, was arrested in…

68 views00:56

ATENTION‼ New - CVE-2017-18379

In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.

📖 Read

via "National Vulnerability Database".

58 views01:25

ATENTION‼ New - CVE-2016-10764

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.

📖 Read

via "National Vulnerability Database".

53 views01:25