β Back-to-School Scams Target Students with Library-Themed Emails β
π Read
via "Threatpost".
Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.π Read
via "Threatpost".
Threat Post
Back-to-School Scams Target Students with Library-Themed Emails
Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online resources laced with malware, researchers warn.
β Chinaβs APT3 Pilfers Cyberweapons from the NSA β
π Read
via "Threatpost".
Large portions of APT3's remote code-execution package were likely reverse-engineered from prior attack artifacts.π Read
via "Threatpost".
Threat Post
Chinaβs APT3 Pilfers Cyberweapons from the NSA
Large portions of APT3's remote code-execution package were likely reverse-engineered from prior attack artifacts.
β ThreatList: Police Use of Facial Recognition is Just Fine, Say Most Americans β
π Read
via "Threatpost".
A survey by Pew Research Center finds that Americans support use of facial recognition by law enforcement , but not by tech or advertising companies.π Read
via "Threatpost".
Threat Post
ThreatList: Police Use of Facial Recognition is Just Fine, Say Most Americans
A survey by Pew Research Center finds that Americans support use of facial recognition by law enforcement , but not by tech or advertising companies.
ATENTIONβΌ New - CVE-2016-7398
π Read
via "National Vulnerability Database".
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.π Read
via "National Vulnerability Database".
π΄ Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Darkreading
Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool
APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.
ATENTIONβΌ New - CVE-2018-11198
π Read
via "National Vulnerability Database".
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10937
π Read
via "National Vulnerability Database".
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.π Read
via "National Vulnerability Database".
β Patch early, patch often β and patch everything! β
π Read
via "Naked Security".
Here's our latest Naked Security Live video - all about WordPress, plugins and patching.π Read
via "Naked Security".
Naked Security
Patch early, patch often β and patch everything!
Hereβs our latest Naked Security Live video β all about WordPress, plugins and patching.
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. Itβs weekly roundup time.
β US city balks at paying $5.3 million ransomware demand β
π Read
via "Naked Security".
The attack quickly encrypted 158 workstations - and would have been worse had it struck later in the working day.π Read
via "Naked Security".
Naked Security
US city balks at paying $5.3 million ransomware demand
The attack quickly encrypted 158 workstations β and would have been worse had it struck later in the working day.
β Facebook launches $10m deepfake detection project β
π Read
via "Naked Security".
If you're worried about the evil potential of deepfake video, you're not alone; so is Facebook.π Read
via "Naked Security".
Naked Security
Facebook launches $10m deepfake detection project
If youβre worried about the evil potential of deepfake video, youβre not alone; so is Facebook.
β Brave accuses Google of sidestepping GDPR β
π Read
via "Naked Security".
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.π Read
via "Naked Security".
Naked Security
Brave accuses Google of sidestepping GDPR
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.
β WordPress 5.2.3 fixes new clutch of security vulnerabilities β
π Read
via "Naked Security".
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.π Read
via "Naked Security".
Naked Security
WordPress 5.2.3 fixes new clutch of security vulnerabilities
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.
β Apple Claims Google is Spreading FUD Over Patched iPhone Bugs β
π Read
via "Threatpost".
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involvedπ Read
via "Threatpost".
Threat Post
Apple Claims Google is Spreading FUD Over Patched iPhone Bugs
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involved
π΄ Phishers' Latest Tricks for Reeling in New Victims π΄
π Read
via "Dark Reading: ".
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.π Read
via "Dark Reading: ".
Dark Reading
Phishers' Latest Tricks for Reeling in New Victims
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.
π Google hopes to protect users with open source differential privacy library π
π Read
via "Security on TechRepublic".
Google's differential privacy library will give organizations a way to study their data while protecting people's information.π Read
via "Security on TechRepublic".
TechRepublic
Google hopes to protect users with open source differential privacy library
Google's differential privacy library will give organizations a way to study their data while protecting people's information.
β Critical Exim Flaw Opens Millions of Servers to Takeover β
π Read
via "Threatpost".
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.π Read
via "Threatpost".
Threat Post
Critical Exim Flaw Opens Millions of Servers to Takeover
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.
π΄ From Spyware to Ninja Cable π΄
π Read
via "Dark Reading: ".
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.π Read
via "Dark Reading: ".
Darkreading
From Spyware to Ninja Cable
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
ATENTIONβΌ New - CVE-2019-10666
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10665
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.π Read
via "National Vulnerability Database".