β Serious SSH bug lets crooks log in just by asking nicelyβ¦ β
π Read
via "Naked Security".
A serious bug in libssh could allow crooks to connect to your server - with no password requested or required. Here's what you need to know.π Read
via "Naked Security".
Naked Security
Serious SSH bug lets crooks log in just by asking nicelyβ¦
A serious bug in libssh could allow crooks to connect to your server β with no password requested or required. Hereβs what you need to know.
β Podcast: A Utility Ransomware Attack Post-Hurricane β
π Read
via "The first stop for security news | Threatpost ".
A βcritical water utilityβ was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a βsophisticated ransomware attackβ¦ has left the utility with limited computer capabilities.β While customer data [β¦]π Read
via "The first stop for security news | Threatpost ".
Threat Post
Podcast: A Utility Ransomware Attack, Post-Hurricane
What are utility and power companies, and federal agencies, doing to ready themselves for potential ransomware attacks? Threatpost discusses.
ATENTIONβΌ New - CVE-2017-17176
π Read
via "National Vulnerability Database".
The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone.π Read
via "National Vulnerability Database".
β Weirdo Twitter messages were a glitch, not a hack β
π Read
via "Naked Security".
Were you one of the dozens of people who got a bizarre Twitter message yesterday? It's OK. It wasn't a disturbance in the Matrix.π Read
via "Naked Security".
Naked Security
Weirdo Twitter messages were a glitch, not a hack
Were you one of the dozens of people who got a bizarre Twitter message yesterday? Itβs OK. It wasnβt a disturbance in the Matrix.
β libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers β
π Read
via "The first stop for security news | Threatpost ".
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.π Read
via "The first stop for security news | Threatpost ".
Threat Post
libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.
π΄ Startup Spun Out of Securosis Secures $2.5 Million Seed Investment π΄
π Read
via "Dark Reading: ".
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.π Read
via "Dark Reading: ".
Dark Reading
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
π΄ SEC Warns Public Companies on Accounting Control Use π΄
π Read
via "Dark Reading: ".
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.π Read
via "Dark Reading: ".
Darkreading
SEC Warns Public Companies on Accounting Control Use
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
π΄ Cybercrime-as-a-Service: No End in Sight π΄
π Read
via "Dark Reading: ".
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.π Read
via "Dark Reading: ".
Darkreading
Cybercrime-as-a-Service: No End in Sight
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
β Oracle Fixes 301 Flaws in October Critical Patch Update β
π Read
via "The first stop for security news | Threatpost ".
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Oracle Fixes 301 Flaws in October Critical Patch Update
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.
π΄ (ISC) 2 : Global Cybersecurity Workforce Short 3 Million People π΄
π Read
via "Dark Reading: ".
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.π Read
via "Dark Reading: ".
Dark Reading
(ISC) 2 : Global Cybersecurity Workforce Short 3 Million People
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
π΄ Oracle Issues Massive Collection of Critical Security Updates π΄
π Read
via "Dark Reading: ".
The software updates from Oracle address a record number of vulnerabilities.π Read
via "Dark Reading: ".
Dark Reading
Oracle Issues Massive Collection of Critical Security Updates
The software updates from Oracle address a record number of vulnerabilities.
π΄ 3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat π΄
π Read
via "Dark Reading: ".
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.π Read
via "Dark Reading: ".
Darkreading
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
β Twitter publishes data on Iranian and Russian troll farms β
π Read
via "Naked Security".
Over 1m tweets show that we're suckers for funny/sarcastic/edgy, not so much for blah-blah-blah βnewsβ spreaders.π Read
via "Naked Security".
Naked Security
Twitter publishes data on Iranian and Russian troll farms
Over 1m tweets show that weβre suckers for funny/sarcastic/edgy, not so much for blah-blah-blah βnewsβ spreaders.
β You donβt have to sequence your DNA to be identifiable by your DNA β
π Read
via "Naked Security".
If you have European ancestry, there's a 60% chance that somebody vaguely related to you can be used to find out who you are.π Read
via "Naked Security".
Naked Security
You donβt have to sequence your DNA to be identifiable by your DNA
If you have European ancestry, thereβs a 60% chance that somebody vaguely related to you can be used to find out who you are.
β Is Googleβs Android app unbundling good for security? β
π Read
via "Naked Security".
If you live in the EU, turning on a new Android device after 29 October 2018 could look quite different...π Read
via "Naked Security".
Naked Security
Is Googleβs Android app unbundling good for security?
If you live in the EU, turning on a new Android device after 29 October 2018 could look quite differentβ¦
β The libssh βlogin with no passwordβ bug β what you need to know [VIDEO] β
π Read
via "Naked Security".
Here's a video that explains the libssh "no password needed" bug - jargon-free and in plain English. Enjoy...π Read
via "Naked Security".
Naked Security
The libssh βlogin with no passwordβ bug β what you need to know [VIDEO]
Hereβs a video that explains the libssh βno password neededβ bug β jargon-free and in plain English. Enjoyβ¦
π State of Washington has new laws and the Air National Guard to help secure 2018 midterm election π
π Read
via "Security on TechRepublic".
Washington state aims to stay protected this election season via anti-hacking efforts of the Air National Guard, as well as strengthened audit proceduresπ Read
via "Security on TechRepublic".
TechRepublic
State of Washington has new laws and the Air National Guard to help secure 2018 midterm election
Washington state aims to stay protected this election season via anti-hacking efforts of the Air National Guard, as well as strengthened audit procedures
π΄ Inside the Dark Web's 'Help Wanted' Ads π΄
π Read
via "Dark Reading: ".
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.π Read
via "Dark Reading: ".
Darkreading
Inside the Dark Web's 'Help Wanted' Ads
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
ATENTIONβΌ New - CVE-2016-9069
π Read
via "National Vulnerability Database".
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.π Read
via "National Vulnerability Database".
π΄ Apache Access Vulnerability Could Affect Thousands of Applications π΄
π Read
via "Dark Reading: ".
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.π Read
via "Dark Reading: ".
Dark Reading
Apache Access Vulnerability Could Affect Thousands of Applications
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
β GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure β
π Read
via "The first stop for security news | Threatpost ".
The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.π Read
via "The first stop for security news | Threatpost ".
Threat Post
GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
The group is a successor to BlackEnergy and a subset of the TeleBots gangβand its activity is potentially a prelude to a much more destructive attack.