π Friday Five: 9/6 Edition π
π Read
via "Subscriber Blog RSS Feed ".
iPhone hacking levels up, military veterans targeted in an identity fraud scam, and more - catch up on the week's biggest stories with the Friday Five!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 9/6 Edition
iPhone hacking levels up, military veterans targeted in an identity fraud scam, and more - catch up on the week's biggest stories with the Friday Five!
β News Wrap: Deepfake CEO Voice Scam, Facebook Phone Data Exposed β
π Read
via "Threatpost".
From deepfake to data exposures, the Threatpost team talks about the top security trends driving this week's biggest news stories.π Read
via "Threatpost".
Threat Post
News Wrap: Deepfake CEO Voice Scam, Facebook Phone Data Exposed
From deepfake to data exposures, the Threatpost team talks about the top security trends driving this week's biggest news stories.
π΄ Mail System Vulnerability Delivers Root Privileges π΄
π Read
via "Dark Reading: ".
The vulnerability in Exim could allow an attacker to remotely execute code with root privileges.π Read
via "Dark Reading: ".
Darkreading
Mail System Vulnerability Delivers Root Privileges
The vulnerability in Exim could allow an attacker to remotely execute code with root privileges.
β Back-to-School Scams Target Students with Library-Themed Emails β
π Read
via "Threatpost".
Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.π Read
via "Threatpost".
Threat Post
Back-to-School Scams Target Students with Library-Themed Emails
Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online resources laced with malware, researchers warn.
β Chinaβs APT3 Pilfers Cyberweapons from the NSA β
π Read
via "Threatpost".
Large portions of APT3's remote code-execution package were likely reverse-engineered from prior attack artifacts.π Read
via "Threatpost".
Threat Post
Chinaβs APT3 Pilfers Cyberweapons from the NSA
Large portions of APT3's remote code-execution package were likely reverse-engineered from prior attack artifacts.
β ThreatList: Police Use of Facial Recognition is Just Fine, Say Most Americans β
π Read
via "Threatpost".
A survey by Pew Research Center finds that Americans support use of facial recognition by law enforcement , but not by tech or advertising companies.π Read
via "Threatpost".
Threat Post
ThreatList: Police Use of Facial Recognition is Just Fine, Say Most Americans
A survey by Pew Research Center finds that Americans support use of facial recognition by law enforcement , but not by tech or advertising companies.
ATENTIONβΌ New - CVE-2016-7398
π Read
via "National Vulnerability Database".
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.π Read
via "National Vulnerability Database".
π΄ Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Darkreading
Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool
APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.
ATENTIONβΌ New - CVE-2018-11198
π Read
via "National Vulnerability Database".
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10937
π Read
via "National Vulnerability Database".
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.π Read
via "National Vulnerability Database".
β Patch early, patch often β and patch everything! β
π Read
via "Naked Security".
Here's our latest Naked Security Live video - all about WordPress, plugins and patching.π Read
via "Naked Security".
Naked Security
Patch early, patch often β and patch everything!
Hereβs our latest Naked Security Live video β all about WordPress, plugins and patching.
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. Itβs weekly roundup time.
β US city balks at paying $5.3 million ransomware demand β
π Read
via "Naked Security".
The attack quickly encrypted 158 workstations - and would have been worse had it struck later in the working day.π Read
via "Naked Security".
Naked Security
US city balks at paying $5.3 million ransomware demand
The attack quickly encrypted 158 workstations β and would have been worse had it struck later in the working day.
β Facebook launches $10m deepfake detection project β
π Read
via "Naked Security".
If you're worried about the evil potential of deepfake video, you're not alone; so is Facebook.π Read
via "Naked Security".
Naked Security
Facebook launches $10m deepfake detection project
If youβre worried about the evil potential of deepfake video, youβre not alone; so is Facebook.
β Brave accuses Google of sidestepping GDPR β
π Read
via "Naked Security".
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.π Read
via "Naked Security".
Naked Security
Brave accuses Google of sidestepping GDPR
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.
β WordPress 5.2.3 fixes new clutch of security vulnerabilities β
π Read
via "Naked Security".
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.π Read
via "Naked Security".
Naked Security
WordPress 5.2.3 fixes new clutch of security vulnerabilities
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.
β Apple Claims Google is Spreading FUD Over Patched iPhone Bugs β
π Read
via "Threatpost".
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involvedπ Read
via "Threatpost".
Threat Post
Apple Claims Google is Spreading FUD Over Patched iPhone Bugs
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involved
π΄ Phishers' Latest Tricks for Reeling in New Victims π΄
π Read
via "Dark Reading: ".
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.π Read
via "Dark Reading: ".
Dark Reading
Phishers' Latest Tricks for Reeling in New Victims
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.
π Google hopes to protect users with open source differential privacy library π
π Read
via "Security on TechRepublic".
Google's differential privacy library will give organizations a way to study their data while protecting people's information.π Read
via "Security on TechRepublic".
TechRepublic
Google hopes to protect users with open source differential privacy library
Google's differential privacy library will give organizations a way to study their data while protecting people's information.
β Critical Exim Flaw Opens Millions of Servers to Takeover β
π Read
via "Threatpost".
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.π Read
via "Threatpost".
Threat Post
Critical Exim Flaw Opens Millions of Servers to Takeover
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.