π Shattering myths and misperceptions about biometric debit and credit cards π
π Read
via "Security on TechRepublic".
Biometric cards could make a strong dent against credit card fraud, but several myths surround the technology.π Read
via "Security on TechRepublic".
TechRepublic
Shattering myths and misperceptions about biometric debit and credit cards
Biometric cards could make a strong dent against credit card fraud, but several myths surround the technology.
β No βSilver Bulletβ Fix for Alexa, Google Smart Speaker Hacks β
π Read
via "Threatpost".
Karsten Nohl, who was behind this week's research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.π Read
via "Threatpost".
Threat Post
No βSilver Bulletβ Fix for Alexa, Google Smart Speaker Hacks
Karsten Nohl, who was behind this week's research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
π΄ Autoclerk Database Spills 179GB of Customer, US Government Data π΄
π Read
via "Dark Reading: ".
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.π Read
via "Dark Reading: ".
Dark Reading
Autoclerk Database Spills 179GB of Customer, US Government Data
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
π΄ NordVPN Breached Via Data Center Provider's Error π΄
π Read
via "Dark Reading: ".
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.π Read
via "Dark Reading: ".
Dark Reading
NordVPN Breached Via Data Center Provider's Error
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
π Lack of Controls, User Negligence Exposed PII of Veterans π
π Read
via "Subscriber Blog RSS Feed ".
A recent VA inspector general report discovered veterans' medical records among a cache of data left exposed on shared drives.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Lack of Controls, User Negligence Exposed PII of Veterans
A recent VA inspector general report discovered veterans' medical records among a cache of data left exposed on shared drives.
ATENTIONβΌ New - CVE-2017-8087
π Read
via "National Vulnerability Database".
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.π Read
via "National Vulnerability Database".
π΄ The AI (R)evolution: Why Humans Will Always Have a Place in the SOC π΄
π Read
via "Dark Reading: ".
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.π Read
via "Dark Reading: ".
Darkreading
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
β Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing β
π Read
via "Threatpost".
The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.π Read
via "Threatpost".
Threat Post
Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing
The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.
β FTC Cracks Down on Stalkerware With Retina-X App Bans β
π Read
via "Threatpost".
The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.π Read
via "Threatpost".
Threat Post
FTC Cracks Down on Stalkerware With Retina-X App Bans
The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.
π΄ FIDO-Based Authentication Arrives for Smartwatches π΄
π Read
via "Dark Reading: ".
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.π Read
via "Dark Reading: ".
Dark Reading
FIDO-Based Authentication Arrives for Smartwatches
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
ATENTIONβΌ New - CVE-2015-9500
π Read
via "National Vulnerability Database".
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9499
π Read
via "National Vulnerability Database".
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9498
π Read
via "National Vulnerability Database".
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9497
π Read
via "National Vulnerability Database".
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9496
π Read
via "National Vulnerability Database".
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9495
π Read
via "National Vulnerability Database".
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9494
π Read
via "National Vulnerability Database".
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9493
π Read
via "National Vulnerability Database".
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.π Read
via "National Vulnerability Database".
π΄ Alliance Forms to Focus on Securing Operational Technology π΄
π Read
via "Dark Reading: ".
While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.π Read
via "Dark Reading: ".
Dark Reading
Alliance Forms to Focus on Securing Operational Technology - Dark Reading
While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.
π΄ About 50% of Apps Are Accruing Unaddressed Vulnerabilities π΄
π Read
via "Dark Reading: ".
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.π Read
via "Dark Reading: ".
Dark Reading
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
ATENTIONβΌ New - CVE-2015-9501
π Read
via "National Vulnerability Database".
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.π Read
via "National Vulnerability Database".