β Ransomware Sees Triple-Digit Spike in Corporate Detections β
π Read
via "Threatpost".
A pair of reports released at Black Hat mark the huge shift away from targeting consumers.π Read
via "Threatpost".
Threat Post
Ransomware Sees Triple-Digit Spike in Corporate Detections
A pair of reports released at Black Hat mark the huge shift away from targeting consumers.
π΄ Yes, FaceApp Really Could Be Sending Your Data to Russia π΄
π Read
via "Dark Reading: ".
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.π Read
via "Dark Reading: ".
Dark Reading
Yes, FaceApp Really Could Be Sending Your Data to Russia
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
π Russian phishing campaign using AWS to host landing pages designed to avoid detection π
π Read
via "Security on TechRepublic".
Assets used as part of phishing campaigns are being hosted on AWS, with heavy XOR obfuscation to limit detection, according to a Proofpoint report.π Read
via "Security on TechRepublic".
TechRepublic
Russian phishing campaign using AWS to host landing pages designed to avoid detection
Assets used as part of phishing campaigns are being hosted on AWS, with heavy XOR obfuscation to limit detection, according to a Proofpoint report.
π Ransomware attacks on businesses up 365% this year π
π Read
via "Security on TechRepublic".
Cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout, according to Malwarebytes.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware attacks on businesses up 365% this year
Cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout, according to Malwarebytes.
β Update your iPhone β remote control holes revealed by researchers β
π Read
via "Naked Security".
You might not think your phone is as exposed as an internet server - but it's handling plenty of untrusted data from unknown sources!π Read
via "Naked Security".
Naked Security
Update your iPhone β remote control holes revealed by researchers
You might not think your phone is as exposed as an internet server β but itβs handling plenty of untrusted data from unknown sources!
β Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ β
π Read
via "Threatpost".
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.π Read
via "Threatpost".
Threat Post
Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.
π Huawei doesn't see open source as the fix for spying accusations (but they should) π
π Read
via "Security on TechRepublic".
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.π Read
via "Security on TechRepublic".
TechRepublic
Huawei doesn't see open source as the fix for spying accusations (but they should)
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.
ATENTIONβΌ New - CVE-2014-8184 (liblouis)
π Read
via "National Vulnerability Database".
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.π Read
via "National Vulnerability Database".
π΄ Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find π΄
π Read
via "Dark Reading: ".
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.π Read
via "Dark Reading: ".
Dark Reading
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
β Critical RCE Bug Found Lurking in Avaya VoIP Phones β
π Read
via "Threatpost".
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.π Read
via "Threatpost".
Threat Post
Critical RCE Bug Found Lurking in Avaya VoIP Phones
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.
β Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says β
π Read
via "Threatpost".
LAS VEGAS β Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agencyβs network and pivot to their customers. That incident pointed out that supply-chain risk should be thought of in a much more holistic fashion than it usually is, [β¦]π Read
via "Threatpost".
Threat Post
Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says
Hardware, software, services and people make up supply-chain risk β but the latter should be the guiding focus.
β State Farm Falls Victim to Credential-Stuffing Attack β
π Read
via "Threatpost".
The insurance giant serves at least 83 million U.S. households.π Read
via "Threatpost".
Threat Post
State Farm Falls Victim to Credential-Stuffing Attack
The insurance giant serves at least 83 million U.S. households.
π Using GDPR Subject Access Requests to Harvest Data π
π Read
via "Subscriber Blog RSS Feed ".
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Using GDPR Subject Access Requests to Harvest Data
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.
π΄ Ransomware Shifts Focus from Consumers to Businesses π΄
π Read
via "Dark Reading: ".
In addition, ransomware seems likely to continue its evolution in the second half of 2019.π Read
via "Dark Reading: ".
Darkreading
Ransomware Shifts Focus from Consumers to Businesses
In addition, ransomware seems likely to continue its evolution in the second half of 2019.
ATENTIONβΌ New - CVE-2015-9292
π Read
via "National Vulnerability Database".
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).π Read
via "National Vulnerability Database".
π΄ How Behavioral Data Shaped a Security Training Makeover π΄
π Read
via "Dark Reading: ".
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.π Read
via "Dark Reading: ".
Dark Reading
How Behavioral Data Shaped a Security Training Makeover
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
π΄ Equifax CISO: 'Trust Starts and Ends with You' π΄
π Read
via "Dark Reading: ".
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.π Read
via "Dark Reading: ".
Darkreading
Equifax CISO: 'Trust Starts and Ends with You'
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.
β Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward β
π Read
via "Threatpost".
Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS.π Read
via "Threatpost".
Threat Post
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS.
π Black Hat 2019: Social media influence campaigns, ATM hacking, and big business π
π Read
via "Security on TechRepublic".
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.π Read
via "Security on TechRepublic".
TechRepublic
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.
π Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking π
π Read
via "Security on TechRepublic".
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.π Read
via "Security on TechRepublic".
TechRepublic
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.
π Microsoft's new vulnerability tracking service is about IT productivity π
π Read
via "Security on TechRepublic".
With so many threats and vulnerabilities to deal with, just knowing which actions you should prioritize can be hard. The new Threat & Vulnerability Management service from Microsoft should help.π Read
via "Security on TechRepublic".