β S2 Ep 13: Weird Android zero day and other tech fails β Naked Security podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Palo Alto Networks discovers new cryptojacking worm mining for Monero π
π Read
via "Security on TechRepublic".
This is the first time that a cryptojacking attack has been observed on Docker.π Read
via "Security on TechRepublic".
TechRepublic
Palo Alto Networks discovers new cryptojacking worm mining for Monero
This is the first time that a cryptojacking attack has been observed on Docker.
π΄ Data Privacy Protections for the Most Vulnerable - Children π΄
π Read
via "Dark Reading: ".
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.π Read
via "Dark Reading: ".
Dark Reading
Data Privacy Protections for the Most Vulnerable - Children
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
β Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS β
π Read
via "Threatpost".
The flaws in the container technology, CVE-2019-16276 and CVE-2019-11253, are simple to exploit.π Read
via "Threatpost".
Threat Post
Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
A pair of bugs in the Kubernetes open-source cloud container software can be βhighly dangerousβ under some Kubernetes configurations, according to researchers. The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5β¦
β Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws β
π Read
via "Threatpost".
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.π Read
via "Threatpost".
Threat Post
Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.
β Trump Campaign Website Left Open to Email Server Hijack β
π Read
via "Threatpost".
A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trumpβs official campaign website.π Read
via "Threatpost".
Threat Post
Trump Campaign Website Left Open to Email Server Hijack
A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trumpβs official campaign website.
π Suricata IDPE 5.0.0 π
π Go!
via "Security Tool Files β Packet Storm".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Suricata IDPE 5.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Cozy Bear Emerges from Hibernation to Hack EU Ministries π΄
π Read
via "Dark Reading: ".
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.π Read
via "Dark Reading: ".
Darkreading
Cozy Bear Emerges from Hibernation to Hack EU Ministries
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
ATENTIONβΌ New - CVE-2015-9479 (acf_fronted_display)
π Read
via "National Vulnerability Database".
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.π Read
via "National Vulnerability Database".
π΄ Yahoo Breach Victims May Qualify for $358 Payout π΄
π Read
via "Dark Reading: ".
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.π Read
via "Dark Reading: ".
Dark Reading
Yahoo Breach Victims May Qualify for $358 Payout
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
β Hacking Back? BriansClub Dark Web Attack a Boon for Banks β
π Read
via "Threatpost".
The theft of 26 million card records from an underground site offers valuable intel for banks.π Read
via "Threatpost".
Threat Post
Hacking Back? BriansClub Dark Web Attack a Boon for Banks
The theft of 26 million card records from an underground site offers valuable intel for banks.
π 70 Percent of Healthcare Breach Data Could Lead to ID Theft π
π Read
via "Subscriber Blog RSS Feed ".
New research looks at 10 years of healthcare data breaches and breaks down the specific types of data exposed.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
70 Percent of Healthcare Breach Data Could Lead to ID Theft
New research looks at 10 years of healthcare data breaches and breaks down the specific types of data exposed.
π How to find the Firefox Certificate Viewer π
π Read
via "Security on TechRepublic".
Mozilla is set to launch a Certificate Viewer. Find out why and how to open it.π Read
via "Security on TechRepublic".
π΄ Smart Prevention: How Every Enterprise Can Create Human Firewalls π΄
π Read
via "Dark Reading: ".
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.π Read
via "Dark Reading: ".
Darkreading
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
π How to find the Firefox Certificate Viewer π
π Read
via "Security on TechRepublic".
Mozilla is set to launch a Certificate Viewer. Find out why and how to open it.π Read
via "Security on TechRepublic".
TechRepublic
How to find the Firefox Certificate Viewer
Mozilla is set to launch a Certificate Viewer. Find out why and how to open it.
ATENTIONβΌ New - CVE-2015-9482 (car_dealer_/_auto_dealer_responsive)
π Read
via "National Vulnerability Database".
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5334 (webclient)
π Read
via "National Vulnerability Database".
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.π Read
via "National Vulnerability Database".
π΄ State of SMB Insecurity by the Numbers π΄
π Read
via "Dark Reading: ".
SMBs still perceive themselves at low risk from cyberthreats - in spite of attack statistics that paint a different picture.π Read
via "Dark Reading: ".
Darkreading
State of SMB Insecurity by the Numbers
SMBs still perceive themselves at low risk from cyberthreats β in spite of attack statistics that paint a different picture.
π΄ Phishing Campaign Targets Stripe Credentials, Financial Data π΄
π Read
via "Dark Reading: ".
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.π Read
via "Dark Reading: ".
Darkreading
Phishing Campaign Targets Stripe Credentials, Financial Data
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
π How to add public SSH keys for users in Cockpit π
π Read
via "Security on TechRepublic".
Adding public SSH keys with Cockpit can easily be handled by a Cockpit admin.π Read
via "Security on TechRepublic".
β Phorpiex Botnet Shifts Gears From Ransomware to Sextortion β
π Read
via "Threatpost".
A decade-old botnet is using infected computers to send out sextortion emails, in a wide-scale campaign with the potential to reach millions of victims.π Read
via "Threatpost".
Threat Post
Phorpiex Botnet Shifts Gears From Ransomware to Sextortion
A decade-old botnet is using infected computers to send out sextortion emails, in a large-scale campaign with the potential to reach millions of victims.