🛡 Cybersecurity & Privacy 🛡 - News

Cyber Risk recent news | Dark Reading

Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading

128 views23:45

❌ ThreatList: Attacks on Industrial Control Systems on the Rise ❌

The main source of infection on industrial control systems was the internet, researchers at Kaspersky Lab found in a new report.

📖 Read

via "The first stop for security news | Threatpost ".

ThreatList: Attacks on Industrial Control Systems on the Rise

The main source of infection on industrial control systems was the internet, researchers at Kaspersky Lab found in a new report.

67 views11:08

⚠ Dark web sites could be exposed by routine slip-up ⚠

A simple misconfiguration could expose the IP addresses of dark web sites.

📖 Read

via "Naked Security".

Dark web sites could be exposed by routine slip-up

A simple misconfiguration could expose the IP addresses of dark web sites.

63 views11:44

⚠ Firefox finally casts Windows XP users adrift ⚠

Mozilla's browser is waving goodbye to millions of XP holdouts.

📖 Read

via "Naked Security".

Firefox finally casts Windows XP users adrift

Mozilla’s browser is waving goodbye to millions of XP holdouts.

64 views11:59

❌ Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs ❌

A macOS App called Adware Doctor blocks ads, but share’s user browser history with a China-based domain.

📖 Read

via "The first stop for security news | Threatpost ".

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

A macOS App called Adware Doctor blocks ads, but shares user browser history with a China-based domain.

62 views12:08

⚠ Teen hacker admits to SWATting schools, airline flight ⚠

The teenager made bomb threats to schools, and to a flight between the UK and San Francisco while it was in mid-air.

📖 Read

via "Naked Security".

Teen hacker admits to SWATting schools, airline flight

The teenager made bomb threats to schools, and to a flight between the UK and San Francisco while it was in mid-air.

61 views13:14

❌ Threat Actors Eyeing IQY Files To Peddle Malspam ❌

The Necurs Botnet, DarkHydrus and other threat actors are turning to the inconspicuous files.

📖 Read

via "The first stop for security news | Threatpost ".

Threat Actors Eyeing IQY Files To Peddle Malspam

The Necurs Botnet, DarkHydrus and other threat actors are turning to the inconspicuous files.

65 views13:23

⚠ Former NASA contractor arrested on charges of sextorting seven women ⚠

Richard Gregory Bauer allegedly weaseled private information out of the women on Facebook by pretending to be working on a class project.

📖 Read

via "Naked Security".

Former NASA contractor arrested on charges of sextorting seven women

Richard Gregory Bauer allegedly weaseled private information out of the women on Facebook by pretending to be working on a class project.

61 views13:29

❌ Threatpost News Wrap Podcast For Sept. 7 ❌

The Threatpost team breaks down the biggest news from the week ended Sept. 7.

📖 Read

via "The first stop for security news | Threatpost ".

Threatpost News Wrap Podcast For Sept. 7

The Threatpost team breaks down the biggest news from the week ended Sept. 7.

59 views14:08

ATENTION‼ New - CVE-2016-9040

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

📖 Read

via "National Vulnerability Database".

59 views14:18

The Role of Incident Response in ICS Security Compliance

🕴 The Role of Incident Response in ICS Security Compliance 🕴

The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.

📖 Read

via "Dark Reading: ".

Darkreading

The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.

59 views14:45

🕴 British Airways Issues Apology for Severe Data Breach 🕴

The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers.

📖 Read

via "Dark Reading: ".

British Airways Issues Apology for Severe Data Breach

The airline is deeply sorry for its worst-ever cyberattack, which has affected 380,000 customers.

62 views15:15

❌ British Airways Website, Mobile App Breach Compromises 380k ❌

The airline said information like name, address and bank card details like CVC code were compromised.

📖 Read

via "The first stop for security news | Threatpost ".

British Airways Website, Mobile App Breach Compromises 380k

The airline said information like name, address and bank card details like CVC code were compromised.

61 views15:38

ATENTION‼ New - CVE-2017-1115

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.

📖 Read

via "National Vulnerability Database".

63 views16:18

ATENTION‼ New - CVE-2017-1114

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.

📖 Read

via "National Vulnerability Database".

142 views16:18

Palestinian, Middle East Targets Hit with New Surveillance Attacks

🕴 Palestinian, Middle East Targets Hit with New Surveillance Attacks 🕴

'Big Bang' group returns with new campaign after last year's RAT attacks.

📖 Read

via "Dark Reading: ".

Darkreading

'Big Bang' group returns with new campaign after last year's RAT attacks.

63 views18:30

ATENTION‼ New - CVE-2016-9044

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.

📖 Read

via "National Vulnerability Database".

68 views18:33

❌ Open .Git Directories Leave 390K Websites Vulnerable ❌

An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.

📖 Read

via "The first stop for security news | Threatpost ".

Open .Git Directories Leave 390K Websites Vulnerable

An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.

69 views19:08

8 Attack Vectors Puncturing Cloud Environments

🕴 8 Attack Vectors Puncturing Cloud Environments 🕴

These methods may not yet be on your security team's radar, but given their impact, they should be.

📖 Read

via "Dark Reading: ".

Darkreading

These methods may not yet be on your security team's radar, but given their impact, they should be.

76 views20:29

🕴 TLS 1.3 Won't Break Everything 🕴

The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.

📖 Read

via "Dark Reading: ".

TLS 1.3 Won't Break Everything

The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.

83 views21:08

🕴 Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories 🕴

The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.

📖 Read

via "Dark Reading: ".