ATENTIONβΌ New - CVE-2018-11773
π Read
via "National Vulnerability Database".
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11772
π Read
via "National Vulnerability Database".
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.π Read
via "National Vulnerability Database".
π΄ Deutsche Bank Email Vulnerability Left Ex-Employees with Access π΄
π Read
via "Dark Reading: ".
Failures in computer and control systems are being blamed.π Read
via "Dark Reading: ".
Dark Reading
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Failures in computer and control systems are being blamed.
π΄ Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices π΄
π Read
via "Dark Reading: ".
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.π Read
via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2018-18570
π Read
via "National Vulnerability Database".
Planon before Live Build 41 has XSS.π Read
via "National Vulnerability Database".
π΄ How Can We Stop Ransomware From Spreading? π΄
π Read
via "Dark Reading: ".
Here's how to stop them - or at least limit the systems it can reach.π Read
via "Dark Reading: ".
Dark Reading
How Can We Stop Ransomware From Spreading?
Here's how to stop them - or at least limit the systems it can reach.
π΄ Farewell, Dear Password? The Future of Identity and Authorization π΄
π Read
via "Dark Reading: ".
Many organizations, along with their tech teams, are questioning whether eliminating passwords as an authentication tool might augment their overall security posture.π Read
via "Dark Reading: ".
Dark Reading
Farewell, Dear Password? The Future of Identity and Authorization
Many organizations, along with their tech teams, are questioning whether eliminating passwords as an authentication tool might augment their overall security posture.
π΄ Sextortion Email Scams Rise Sharply π΄
π Read
via "Dark Reading: ".
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.π Read
via "Dark Reading: ".
Darkreading
Sextortion Email Scams Rise Sharply
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
π It's 2019, and one third of businesses still have active Windows XP deployments π
π Read
via "Security on TechRepublic".
As end of support for the still-popular Windows 7 draws near, risks of unpatched operating systems are likely to be a significant security concern in the near future.π Read
via "Security on TechRepublic".
TechRepublic
It's 2019, and one third of businesses still have active Windows XP deployments
As end of support for the still-popular Windows 7 draws near, risks of unpatched operating systems are likely to be a significant security concern in the near future.
π 12 reasons why data breaches still happen π
π Read
via "Security on TechRepublic".
Half of IT security leaders don't know if their cybersecurity tools are working, according to a report from the Ponemon Institute and AttackIQ.π Read
via "Security on TechRepublic".
TechRepublic
12 reasons why data breaches still happen
Half of IT security leaders don't know if their cybersecurity tools are working, according to a report from the Ponemon Institute and AttackIQ.
β Former AWS Engineer Arrested as Capital One Admits Massive Data Breach β
π Read
via "Threatpost".
More than 100 million customers have had their data compromised by a hacker after a cloud misconfiguration at Capital One.π Read
via "Threatpost".
Threat Post
Former AWS Engineer Arrested as Capital One Admits Massive Data Breach
More than 100 million customers have had their data compromised by a hacker after a cloud misconfiguration at Capital One.
π΄ Black Hat Q&A: Cracking Apple's T2 Security Chip π΄
π Read
via "Dark Reading: ".
Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple T2 security chip, and why they're sharing it at Black Hat USA.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Q&A: Cracking Apple's T2 Security Chip
Duo Labs' Mikhail Davidow and Jeremy Erickson speak about their research on the Apple T2 security chip, and why they're sharing it at Black Hat USA.
β Post-Equifax settlement, NY updates data breach notification laws β
π Read
via "Naked Security".
Equifax is fined $675 million, while New York data breach notification law now covers biometrics, passwords, and more.π Read
via "Naked Security".
Naked Security
Post-Equifax settlement, NY updates data breach notification laws
Equifax is fined $675 million, while New York data breach notification law now covers biometrics, passwords, and more.
β US chases fraudulent bitcoin exchange BTC-e for $100m β
π Read
via "Naked Security".
Two years ago, the US government fined an international cybercriminal and his fraudulent bitcoin exchange over $100m. Now, it's going after them for the money.π Read
via "Naked Security".
Naked Security
US chases fraudulent bitcoin exchange BTC-e for $100m
Two years ago, the US government fined an international cybercriminal and his fraudulent bitcoin exchange over $100m. Now, itβs going after them for the money.
β Listening in: Humans hear the private info Siri accidentally records β
π Read
via "Naked Security".
Apple Watch and HomePod have the highest rate of inadvertent recordings, a whistleblower says.π Read
via "Naked Security".
Naked Security
Listening in: Humans hear the private info Siri accidentally records
Apple Watch and HomePod have the highest rate of inadvertent recordings, a whistleblower says.
β Hackers target Telegram accounts through voicemail backdoor β
π Read
via "Naked Security".
As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.π Read
via "Naked Security".
Naked Security
Hackers target Telegram accounts through voicemail backdoor
As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.
ATENTIONβΌ New - CVE-2017-18380
π Read
via "National Vulnerability Database".
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9290
π Read
via "National Vulnerability Database".
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.π Read
via "National Vulnerability Database".
π΄ CISOs Must Evolve to a Data-First Security Program π΄
π Read
via "Dark Reading: ".
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.π Read
via "Dark Reading: ".
Darkreading
CISOs Must Evolve to a Data-First Security Program
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
π΄ Suffering SOC Saga Continues π΄
π Read
via "Dark Reading: ".
New study exposes low confidence among security professionals in their security operations centers.π Read
via "Dark Reading: ".
Dark Reading
Suffering SOC Saga Continues
New study exposes low confidence among security professionals in their security operations centers.