β βWannaCry Heroβ Avoids Jail Time in Kronos Malware Charges β
π Read
via "Threatpost".
Marcus Hutchins, also known by his online alias MalwareTech, has been spared jail time in his sentencing for the creation of the Kronos malware.π Read
via "Threatpost".
Threat Post
βWannaCry Heroβ Avoids Jail Time in Kronos Malware Charges
Marcus Hutchins, also known by his online alias MalwareTech, has been spared jail time in his sentencing for the creation of the Kronos malware.
π 100+ IT policies at your fingertips, ready for download π
π Read
via "Security on TechRepublic".
From BYOD and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.π Read
via "Security on TechRepublic".
TechRepublic
100+ IT Policies at Your Fingertips and Ready for Download | TechRepublic
From BYOD and social media to ergonomics and encryption, TechRepublic Premium has dozens of ready-made, downloadable IT policy templates.
π΄ 4 Network Security Mistakes Bound to Bite You π΄
π Read
via "Dark Reading: ".
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.π Read
via "Dark Reading: ".
Darkreading
4 Network Security Mistakes Bound to Bite You
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
β Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep β
π Read
via "Threatpost".
Fears of a WannaCry-level global attack grow as working exploit info starts to go public.π Read
via "Threatpost".
Threat Post
Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep
Fears of a WannaCry-level global attack grow as working exploit info starts to go public.
β βURGENT/11β Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks β
π Read
via "Threatpost".
Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare, critical infrastructure and more, setting the stage for widespread worm attacks.π Read
via "Threatpost".
Threat Post
βURGENT/11β Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks
Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare devices and more, setting the stage for widespread worm attacks.
π Vulnerability in VxWorks RTOS allows attackers to control internal networks π
π Read
via "Security on TechRepublic".
Internet-connected devices powered by VxWorks 6.5 and newer are affected by a vulnerability that allows remote attackers full control over targeted devices.π Read
via "Security on TechRepublic".
TechRepublic
Vulnerability in VxWorks RTOS allows attackers to control internal networks
Internet-connected devices powered by VxWorks 6.5 and newer are affected by a vulnerability that allows remote attackers full control over targeted devices.
β Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD β
π Read
via "Threatpost".
Threatpost talks to Jacob Serpa with Bitglass about how more enterprises are struggling with a cloud security conundrum when it comes to public cloud vs on prem.π Read
via "Threatpost".
Threat Post
Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD
Threatpost talks to Jacob Serpa with Bitglass about how more enterprises are struggling with a cloud security conundrum when it comes to public cloud vs on prem.
ATENTIONβΌ New - CVE-2016-10766
π Read
via "National Vulnerability Database".
edx-platform before 2016-06-06 allows CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10765
π Read
via "National Vulnerability Database".
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9288
π Read
via "National Vulnerability Database".
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentialsπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6960
π Read
via "National Vulnerability Database".
edx-platform before 2015-09-17 allows XSS via a team name.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6253
π Read
via "National Vulnerability Database".
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-5601
π Read
via "National Vulnerability Database".
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.π Read
via "National Vulnerability Database".
π What's the Cost of a Data Breach in 2019? π
π Read
via "Subscriber Blog RSS Feed ".
The answer ultimately depends on the country and industry but in general, can span anywhere from $1.25 million to $8.19 million.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
What's the Cost of a Data Breach in 2019?
The answer ultimately depends on the country and industry but in general, can span anywhere from $1.25 million to $8.19 million.
π΄ Sephora Offers Monitoring Services in Wake of Data Breach π΄
π Read
via "Dark Reading: ".
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.π Read
via "Dark Reading: ".
Darkreading
Sephora Offers Monitoring Services in Wake of Data Breach
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.
β ThreatList: DMARC Adoption Nonexistent at 80% of Orgs β
π Read
via "Threatpost".
Standard email authentication to prevent spoofing and phishing remains elusive for most.π Read
via "Threatpost".
Threat Post
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
Standard email authentication to prevent spoofing and phishing remains elusive for most.
ATENTIONβΌ New - CVE-2018-17213
π Read
via "National Vulnerability Database".
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17211
π Read
via "National Vulnerability Database".
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11774
π Read
via "National Vulnerability Database".
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11773
π Read
via "National Vulnerability Database".
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11772
π Read
via "National Vulnerability Database".
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.π Read
via "National Vulnerability Database".