ATENTIONβΌ New - CVE-2017-1115
π Read
via "National Vulnerability Database".
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1114
π Read
via "National Vulnerability Database".
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.π Read
via "National Vulnerability Database".
π΄ Palestinian, Middle East Targets Hit with New Surveillance Attacks π΄
π Read
via "Dark Reading: ".
'Big Bang' group returns with new campaign after last year's RAT attacks.π Read
via "Dark Reading: ".
Darkreading
Palestinian, Middle East Targets Hit with New Surveillance Attacks
'Big Bang' group returns with new campaign after last year's RAT attacks.
ATENTIONβΌ New - CVE-2016-9044
π Read
via "National Vulnerability Database".
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Open .Git Directories Leave 390K Websites Vulnerable β
π Read
via "The first stop for security news | Threatpost ".
An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Open .Git Directories Leave 390K Websites Vulnerable
An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.
π΄ 8 Attack Vectors Puncturing Cloud Environments π΄
π Read
via "Dark Reading: ".
These methods may not yet be on your security team's radar, but given their impact, they should be.π Read
via "Dark Reading: ".
Darkreading
8 Attack Vectors Puncturing Cloud Environments
These methods may not yet be on your security team's radar, but given their impact, they should be.
π΄ TLS 1.3 Won't Break Everything π΄
π Read
via "Dark Reading: ".
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.π Read
via "Dark Reading: ".
Dark Reading
TLS 1.3 Won't Break Everything
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.
π΄ Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories π΄
π Read
via "Dark Reading: ".
The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.π Read
via "Dark Reading: ".
Dark Reading
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
The fact that the app likely has been exfiltrating data for years is rather f#@&'d up, says the security researcher who reported the issue to Apple one month ago.
β βDomestic Kittenβ Mobile Spyware Campaign Aims at Iranian Targets β
π Read
via "The first stop for security news | Threatpost ".
Spreading via fake Android apps, the malware lifts a range of sensitive information from victims' devices.π Read
via "The first stop for security news | Threatpost ".
Threat Post
βDomestic Kittenβ Mobile Spyware Campaign Aims at Iranian Targets
Spreading via fake Android apps, the malware lifts a range of sensitive information from victimsβ devices.
π΄ Foreshadow, SGX & the Failure of Trusted Execution π΄
π Read
via "Dark Reading: ".
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.π Read
via "Dark Reading: ".
Darkreading
Foreshadow, SGX & the Failure of Trusted Execution
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
β’ Standard to protect against BGP hijack attacks gets first official draft β’
π Read
via "Latest topics for ZDNet in Security".
NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Standard to protect against BGP hijack attacks gets first official draft
NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.
β’ Australia's anti-encryption law will merely relocate the backdoors: Expert β’
π Read
via "Latest topics for ZDNet in Security".
If the Assistance and Access Bill becomes law as it stands, it could affect 'every website that is accessible from Australia' with relatively few constraints in the government's powers.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Australia's anti-encryption law will merely relocate the backdoors: Expert
If the Assistance and Access Bill becomes law as it stands, it could affect 'every website that is accessible from Australia' with relatively few constraints in the government's powers.
β’ Popular VPNs contain code execution security flaws, despite patches β’
π Read
via "Latest topics for ZDNet in Security".
ProtonVPN and NordVPN contain severe bugs which impact Windows users and threaten their privacy.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Popular VPNs contained code execution security flaws, despite patches
Updated: Patches applied to a vulnerability in ProtonVPN and NordVPN builds led to the discovery of separate bugs which had to be resolved quickly in recent updates.
β Monday review β the hot 24 stories of the week β
π Read
via "Naked Security".
From Google buying Mastercard card records and Google warning users of FBI snooping to Chrome making it harder to use Flash, and more!π Read
via "Naked Security".
Naked Security
Monday review β the hot 24 stories of the week
From Google buying Mastercard card records and Google warning users of FBI snooping to Chrome making it harder to use Flash, and more!
β’ Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits β’
π Read
via "Latest topics for ZDNet in Security".
The IoT botnets are back with a new arsenal containing a vast array of vulnerabilities.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits | ZDNet
The IoT botnets are back with a new arsenal containing a vast array of vulnerabilities.
β βOnly paper ballots by 2020!β call experts after election tampering β
π Read
via "Naked Security".
The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.π Read
via "Naked Security".
Naked Security
βOnly paper ballots by 2020!β call experts after election tampering
The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.
β Google Chrome will now generate unique passwords for you β
π Read
via "Naked Security".
Chrome will now generate a unique password for users as a part of the everyday credential creation process.π Read
via "Naked Security".
Naked Security
Google Chrome will now generate unique passwords for you
Chrome will now generate a unique password for users as a part of the everyday credential creation process.
β’ How to spot a fake ICO (in pictures) β’
π Read
via "Latest topics for ZDNet in Security".
Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fraudulent and what is legitimate?π Read
via "Latest topics for ZDNet in Security".
ZDNet
How to spot a fake ICO (in pictures) | ZDNet
Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fraudulent and what is legitimate?
β’ These are the warning signs of a fraudulent ICO β’
π Read
via "Latest topics for ZDNet in Security".
Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fake and what is legitimate?π Read
via "Latest topics for ZDNet in Security".
ZDNet
These are the warning signs of a fraudulent ICO | ZDNet
Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fake and what is legitimate?
β’ Researcher finds new malware persistence method leveraging Microsoft UWP apps β’
π Read
via "Latest topics for ZDNet in Security".
New malware persistence method works only on Windows 10 and abuses built-in UWP apps like the Cortana and People apps.π Read
via "Latest topics for ZDNet in Security".
ZDNET
Researcher finds new malware persistence method leveraging Microsoft UWP apps
New malware persistence method works only on Windows 10 and abuses built-in UWP apps like the Cortana and People apps.
β North Korean programmer charged for Sony, WannaCry attacks and more β
π Read
via "Naked Security".
Park Jin Hyok is allegedly with Lazarus Group, a hacking team connected to attacks on a wide array of industries and public utilities.π Read
via "Naked Security".
Naked Security
North Korean programmer charged for Sony, WannaCry attacks and more
Park Jin Hyok is allegedly with Lazarus Group, a hacking team connected to attacks on a wide array of industries and public utilities.