ATENTIONβΌ New - CVE-2016-9040
π Read
via "National Vulnerability Database".
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.π Read
via "National Vulnerability Database".
π΄ The Role of Incident Response in ICS Security Compliance π΄
π Read
via "Dark Reading: ".
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.π Read
via "Dark Reading: ".
Darkreading
The Role of Incident Response in ICS Security Compliance
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
π΄ British Airways Issues Apology for Severe Data Breach π΄
π Read
via "Dark Reading: ".
The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers.π Read
via "Dark Reading: ".
Dark Reading
British Airways Issues Apology for Severe Data Breach
The airline is deeply sorry for its worst-ever cyberattack, which has affected 380,000 customers.
β British Airways Website, Mobile App Breach Compromises 380k β
π Read
via "The first stop for security news | Threatpost ".
The airline said information like name, address and bank card details like CVC code were compromised.π Read
via "The first stop for security news | Threatpost ".
Threat Post
British Airways Website, Mobile App Breach Compromises 380k
The airline said information like name, address and bank card details like CVC code were compromised.
ATENTIONβΌ New - CVE-2017-1115
π Read
via "National Vulnerability Database".
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1114
π Read
via "National Vulnerability Database".
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.π Read
via "National Vulnerability Database".
π΄ Palestinian, Middle East Targets Hit with New Surveillance Attacks π΄
π Read
via "Dark Reading: ".
'Big Bang' group returns with new campaign after last year's RAT attacks.π Read
via "Dark Reading: ".
Darkreading
Palestinian, Middle East Targets Hit with New Surveillance Attacks
'Big Bang' group returns with new campaign after last year's RAT attacks.
ATENTIONβΌ New - CVE-2016-9044
π Read
via "National Vulnerability Database".
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Open .Git Directories Leave 390K Websites Vulnerable β
π Read
via "The first stop for security news | Threatpost ".
An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Open .Git Directories Leave 390K Websites Vulnerable
An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.
π΄ 8 Attack Vectors Puncturing Cloud Environments π΄
π Read
via "Dark Reading: ".
These methods may not yet be on your security team's radar, but given their impact, they should be.π Read
via "Dark Reading: ".
Darkreading
8 Attack Vectors Puncturing Cloud Environments
These methods may not yet be on your security team's radar, but given their impact, they should be.
π΄ TLS 1.3 Won't Break Everything π΄
π Read
via "Dark Reading: ".
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.π Read
via "Dark Reading: ".
Dark Reading
TLS 1.3 Won't Break Everything
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.
π΄ Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories π΄
π Read
via "Dark Reading: ".
The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.π Read
via "Dark Reading: ".
Dark Reading
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
The fact that the app likely has been exfiltrating data for years is rather f#@&'d up, says the security researcher who reported the issue to Apple one month ago.
β βDomestic Kittenβ Mobile Spyware Campaign Aims at Iranian Targets β
π Read
via "The first stop for security news | Threatpost ".
Spreading via fake Android apps, the malware lifts a range of sensitive information from victims' devices.π Read
via "The first stop for security news | Threatpost ".
Threat Post
βDomestic Kittenβ Mobile Spyware Campaign Aims at Iranian Targets
Spreading via fake Android apps, the malware lifts a range of sensitive information from victimsβ devices.
π΄ Foreshadow, SGX & the Failure of Trusted Execution π΄
π Read
via "Dark Reading: ".
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.π Read
via "Dark Reading: ".
Darkreading
Foreshadow, SGX & the Failure of Trusted Execution
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
β’ Standard to protect against BGP hijack attacks gets first official draft β’
π Read
via "Latest topics for ZDNet in Security".
NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Standard to protect against BGP hijack attacks gets first official draft
NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.
β’ Australia's anti-encryption law will merely relocate the backdoors: Expert β’
π Read
via "Latest topics for ZDNet in Security".
If the Assistance and Access Bill becomes law as it stands, it could affect 'every website that is accessible from Australia' with relatively few constraints in the government's powers.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Australia's anti-encryption law will merely relocate the backdoors: Expert
If the Assistance and Access Bill becomes law as it stands, it could affect 'every website that is accessible from Australia' with relatively few constraints in the government's powers.
β’ Popular VPNs contain code execution security flaws, despite patches β’
π Read
via "Latest topics for ZDNet in Security".
ProtonVPN and NordVPN contain severe bugs which impact Windows users and threaten their privacy.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Popular VPNs contained code execution security flaws, despite patches
Updated: Patches applied to a vulnerability in ProtonVPN and NordVPN builds led to the discovery of separate bugs which had to be resolved quickly in recent updates.
β Monday review β the hot 24 stories of the week β
π Read
via "Naked Security".
From Google buying Mastercard card records and Google warning users of FBI snooping to Chrome making it harder to use Flash, and more!π Read
via "Naked Security".
Naked Security
Monday review β the hot 24 stories of the week
From Google buying Mastercard card records and Google warning users of FBI snooping to Chrome making it harder to use Flash, and more!
β’ Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits β’
π Read
via "Latest topics for ZDNet in Security".
The IoT botnets are back with a new arsenal containing a vast array of vulnerabilities.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits | ZDNet
The IoT botnets are back with a new arsenal containing a vast array of vulnerabilities.
β βOnly paper ballots by 2020!β call experts after election tampering β
π Read
via "Naked Security".
The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.π Read
via "Naked Security".
Naked Security
βOnly paper ballots by 2020!β call experts after election tampering
The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.
β Google Chrome will now generate unique passwords for you β
π Read
via "Naked Security".
Chrome will now generate a unique password for users as a part of the everyday credential creation process.π Read
via "Naked Security".
Naked Security
Google Chrome will now generate unique passwords for you
Chrome will now generate a unique password for users as a part of the everyday credential creation process.