β Update your iPhone β remote control holes revealed by researchers β
π Read
via "Naked Security".
You might not think your phone is as exposed as an internet server - but it's handling plenty of untrusted data from unknown sources!π Read
via "Naked Security".
Naked Security
Update your iPhone β remote control holes revealed by researchers
You might not think your phone is as exposed as an internet server β but itβs handling plenty of untrusted data from unknown sources!
β Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ β
π Read
via "Threatpost".
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.π Read
via "Threatpost".
Threat Post
Researchers Bypass Apple FaceID Using Biometrics βAchilles Heelβ
Researchers were able to bypass Apple's FaceID using a pair of glasses with tape on the lenses.
π Huawei doesn't see open source as the fix for spying accusations (but they should) π
π Read
via "Security on TechRepublic".
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.π Read
via "Security on TechRepublic".
TechRepublic
Huawei doesn't see open source as the fix for spying accusations (but they should)
The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.
ATENTIONβΌ New - CVE-2014-8184 (liblouis)
π Read
via "National Vulnerability Database".
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.π Read
via "National Vulnerability Database".
π΄ Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find π΄
π Read
via "Dark Reading: ".
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.π Read
via "Dark Reading: ".
Dark Reading
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
β Critical RCE Bug Found Lurking in Avaya VoIP Phones β
π Read
via "Threatpost".
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.π Read
via "Threatpost".
Threat Post
Critical RCE Bug Found Lurking in Avaya VoIP Phones
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant's most popular models.
β Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says β
π Read
via "Threatpost".
LAS VEGAS β Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agencyβs network and pivot to their customers. That incident pointed out that supply-chain risk should be thought of in a much more holistic fashion than it usually is, [β¦]π Read
via "Threatpost".
Threat Post
Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says
Hardware, software, services and people make up supply-chain risk β but the latter should be the guiding focus.
β State Farm Falls Victim to Credential-Stuffing Attack β
π Read
via "Threatpost".
The insurance giant serves at least 83 million U.S. households.π Read
via "Threatpost".
Threat Post
State Farm Falls Victim to Credential-Stuffing Attack
The insurance giant serves at least 83 million U.S. households.
π Using GDPR Subject Access Requests to Harvest Data π
π Read
via "Subscriber Blog RSS Feed ".
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Using GDPR Subject Access Requests to Harvest Data
In a talk at this year's Black Hat an Oxford University student explained how he used GDPR Access Requests and a Python script to steal a slew of sensitive information on another person.
π΄ Ransomware Shifts Focus from Consumers to Businesses π΄
π Read
via "Dark Reading: ".
In addition, ransomware seems likely to continue its evolution in the second half of 2019.π Read
via "Dark Reading: ".
Darkreading
Ransomware Shifts Focus from Consumers to Businesses
In addition, ransomware seems likely to continue its evolution in the second half of 2019.
ATENTIONβΌ New - CVE-2015-9292
π Read
via "National Vulnerability Database".
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).π Read
via "National Vulnerability Database".
π΄ How Behavioral Data Shaped a Security Training Makeover π΄
π Read
via "Dark Reading: ".
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.π Read
via "Dark Reading: ".
Dark Reading
How Behavioral Data Shaped a Security Training Makeover
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
π΄ Equifax CISO: 'Trust Starts and Ends with You' π΄
π Read
via "Dark Reading: ".
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.π Read
via "Dark Reading: ".
Darkreading
Equifax CISO: 'Trust Starts and Ends with You'
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.
β Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward β
π Read
via "Threatpost".
Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS.π Read
via "Threatpost".
Threat Post
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS.
π Black Hat 2019: Social media influence campaigns, ATM hacking, and big business π
π Read
via "Security on TechRepublic".
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.π Read
via "Security on TechRepublic".
TechRepublic
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.
π Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking π
π Read
via "Security on TechRepublic".
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.π Read
via "Security on TechRepublic".
TechRepublic
Black Hat 2019 trends: Social media influence campaigns, big business, ATM hacking
TechRepublic's Karen Roby interviews Dan Patterson about the top trends at the Black Hat USA 2019 cybersecurity conference.
π Microsoft's new vulnerability tracking service is about IT productivity π
π Read
via "Security on TechRepublic".
With so many threats and vulnerabilities to deal with, just knowing which actions you should prioritize can be hard. The new Threat & Vulnerability Management service from Microsoft should help.π Read
via "Security on TechRepublic".
β Your Skype Translator calls may be heard by humans β
π Read
via "Naked Security".
A Skype Translator insider claims it's good because humans are listening in and helping to train its artificial intelligence.π Read
via "Naked Security".
Naked Security
Your Skype Translator calls may be heard by humans
A Skype Translator insider claims itβs good because humans are listening in and helping to train its artificial intelligence.
β Election Security Threats: From Misinformation to Voting Machine Flaws β
π Read
via "Threatpost".
From insecure voting machines to social media misinformation, governments have alot to think about when it comes to securing elections.π Read
via "Threatpost".
Threat Post
Election Security Threats: From Misinformation to Voting Machine Flaws
From insecure voting machines to social media misinformation, governments have alot to think about when it comes to securing elections.
β Parents, itβs time to delete Pet Chat from your childβs LeapPad β
π Read
via "Naked Security".
LeapFrog has done lots to fix the security of the LeapPad. Now all that's left is for parents to scrape Pet Chat off of older tablets.π Read
via "Naked Security".
Naked Security
Parents, itβs time to delete Pet Chat from your childβs LeapPad
LeapFrog has done lots to fix the security of the LeapPad. Now all thatβs left is for parents to scrape Pet Chat off of older tablets.
β Instagram boots ad partner for location tracking and scraping stories β
π Read
via "Naked Security".
A βpreferred Facebook Marketing Partnerβ is alleged to have tracked millions of Instagram users' locations and stories.π Read
via "Naked Security".
Naked Security
Instagram boots ad partner for location tracking and scraping stories
A βpreferred Facebook Marketing Partnerβ is alleged to have tracked millions of Instagram usersβ locations and stories.