β Black Hat 2019: WhatsApp Users Still Open to Message Manipulation β
π Read
via "Threatpost".
Attack vectors disclosed last year are still fully exploitable, researchers demoed at Black Hat USA 2019.π Read
via "Threatpost".
Threat Post
Black Hat 2019: WhatsApp Users Still Open to Message Manipulation
Attack vectors disclosed last year are still fully exploitable, researchers demoed at Black Hat USA 2019.
β S2 Ep3: Ransomware, surveillance and data theft β Naked Security Podcast β
π Read
via "Naked Security".
Episode 3 of the podcast is now live. This week, host Anna Brading is joined by Paul Ducklin, Mark Stockley and Ben Jones.π Read
via "Naked Security".
Naked Security
S2 Ep3: Ransomware, surveillance and data theft β Naked Security Podcast
Episode 3 of the podcast is now live. This week, host Anna Brading is joined by Paul Ducklin, Mark Stockley and Ben Jones.
β More than 2m AT&T phones illegally unlocked by bribed insiders β
π Read
via "Naked Security".
The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking.π Read
via "Naked Security".
Naked Security
More than 2m AT&T phones illegally unlocked by bribed insiders
The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking.
β Twitter may have shared your data with its ad partners without your permission β
π Read
via "Naked Security".
Some user data, such as country and device type, was exposed to some advertisers for over a year.π Read
via "Naked Security".
Naked Security
Twitter may have shared your data with its ad partners without your permission
Some user data, such as country and device type, was exposed to some advertisers for over a year.
π΄ Slow Your Roll Before Disclosing a Security Incident π΄
π Read
via "Dark Reading: ".
Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight.π Read
via "Dark Reading: ".
Darkreading
Slow Your Roll Before Disclosing a Security Incident
Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight.
β Cisco 220 Series Smart Switch owners told to apply urgent patch β
π Read
via "Naked Security".
Businesses running any of Ciscoβs 220 Series Smart Switches have some urgent patching work on their hands.π Read
via "Naked Security".
Naked Security
Cisco 220 Series Smart Switch owners told to apply urgent patch
Businesses running any of Ciscoβs 220 Series Smart Switches have some urgent patching work on their hands.
π΄ WhatsApp Messages Can Be Intercepted, Manipulated π΄
π Read
via "Dark Reading: ".
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.π Read
via "Dark Reading: ".
Dark Reading
WhatsApp Messages Can Be Intercepted, Manipulated
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
π΄ Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets π΄
π Read
via "Dark Reading: ".
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.π Read
via "Dark Reading: ".
Darkreading
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
β The Threat in the Cloud: Phishing Abuses Amazon AWS S3 Buckets β
π Read
via "Threatpost".
An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services -- a nascent trend meant to throw defenders off.π Read
via "Threatpost".
Threat Post
Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys
An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services β a nascent trend meant to throw defenders off.
β Ransomware Sees Triple-Digit Spike in Corporate Detections β
π Read
via "Threatpost".
A pair of reports released at Black Hat mark the huge shift away from targeting consumers.π Read
via "Threatpost".
Threat Post
Ransomware Sees Triple-Digit Spike in Corporate Detections
A pair of reports released at Black Hat mark the huge shift away from targeting consumers.
π΄ Yes, FaceApp Really Could Be Sending Your Data to Russia π΄
π Read
via "Dark Reading: ".
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.π Read
via "Dark Reading: ".
Dark Reading
Yes, FaceApp Really Could Be Sending Your Data to Russia
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
π Russian phishing campaign using AWS to host landing pages designed to avoid detection π
π Read
via "Security on TechRepublic".
Assets used as part of phishing campaigns are being hosted on AWS, with heavy XOR obfuscation to limit detection, according to a Proofpoint report.π Read
via "Security on TechRepublic".
TechRepublic
Russian phishing campaign using AWS to host landing pages designed to avoid detection
Assets used as part of phishing campaigns are being hosted on AWS, with heavy XOR obfuscation to limit detection, according to a Proofpoint report.
π Ransomware attacks on businesses up 365% this year π
π Read
via "Security on TechRepublic".
Cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout, according to Malwarebytes.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware attacks on businesses up 365% this year
Cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout, according to Malwarebytes.
β Update your iPhone β remote control holes revealed by researchers β
π Read
via "Naked Security".
You might not think your phone is as exposed as an internet server - but it's handling plenty of untrusted data from unknown sources!π Read
via "Naked Security".
Naked Security
Update your iPhone β remote control holes revealed by researchers
You might not think your phone is as exposed as an internet server β but itβs handling plenty of untrusted data from unknown sources!
β Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ β
π Read
via "Threatpost".
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.π Read
via "Threatpost".
Threat Post
Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.
π Huawei doesn't see open source as the fix for spying accusations (but they should) π
π Read
via "Security on TechRepublic".
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.π Read
via "Security on TechRepublic".
TechRepublic
Huawei doesn't see open source as the fix for spying accusations (but they should)
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.
ATENTIONβΌ New - CVE-2014-8184 (liblouis)
π Read
via "National Vulnerability Database".
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.π Read
via "National Vulnerability Database".
π΄ Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find π΄
π Read
via "Dark Reading: ".
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.π Read
via "Dark Reading: ".
Dark Reading
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
β Critical RCE Bug Found Lurking in Avaya VoIP Phones β
π Read
via "Threatpost".
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.π Read
via "Threatpost".
Threat Post
Critical RCE Bug Found Lurking in Avaya VoIP Phones
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.
β Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says β
π Read
via "Threatpost".
LAS VEGAS β Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agencyβs network and pivot to their customers. That incident pointed out that supply-chain risk should be thought of in a much more holistic fashion than it usually is, [β¦]π Read
via "Threatpost".
Threat Post
Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says
Hardware, software, services and people make up supply-chain risk β but the latter should be the guiding focus.
β State Farm Falls Victim to Credential-Stuffing Attack β
π Read
via "Threatpost".
The insurance giant serves at least 83 million U.S. households.π Read
via "Threatpost".
Threat Post
State Farm Falls Victim to Credential-Stuffing Attack
The insurance giant serves at least 83 million U.S. households.