ATENTIONβΌ New - CVE-2009-3552
π Read
via "National Vulnerability Database".
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-2802
π Read
via "National Vulnerability Database".
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-0035
π Read
via "National Vulnerability Database".
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.π Read
via "National Vulnerability Database".
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From hackable voice assistants to ISPs allegedly lying about encrypted DNS, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From hackable voice assistants to ISPs allegedly lying about encrypted DNS, and everything in between. Itβs weekly roundup time.
β Huge Airbnb scam leads to promise to vet every host, every listing β
π Read
via "Naked Security".
Shuffling people into - surprise! - cobwebby rat traps has been a snap. Actual vetting may help, plus a new guarantee of 100% refunds.π Read
via "Naked Security".
Naked Security
Huge Airbnb scam leads to promise to vet every host, every listing
Shuffling people into β surprise! β cobwebby rat traps has been a snap. Actual vetting may help, plus a new guarantee of 100% refunds.
β US military supplier in βMade in Americaβ fraud case β
π Read
via "Naked Security".
Aventura allegedly imported cheap cameras and network-enabled security gear from China, then slapped US flag stickers on them.π Read
via "Naked Security".
Naked Security
US military supplier in βMade in Americaβ fraud case
Aventura allegedly imported cheap cameras and network-enabled security gear from China, then slapped US flag stickers on them.
β AI wordsmith too dangerous to be releasedβ¦ has been released β
π Read
via "Naked Security".
The text-generating AI has only been released in neutered forms until now, for fear it would be used to mass-produce fake news and spam.π Read
via "Naked Security".
Naked Security
AI wordsmith too dangerous to be released⦠has been released
The text-generating AI has only been released in neutered forms until now, for fear it would be used to mass-produce fake news and spam.
π΄ New: 2019 State of the Internet / Security: Media Under Assault π΄
π Read
via "Dark Reading: ".
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.π Read
via "Dark Reading: ".
Dark Reading
New: 2019 State of the Internet / Security: Media Under Assault
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
β Adobe fixes SDK weakness affecting mobile apps β
π Read
via "Naked Security".
Researchers noticed that the main app configuration file, ADBMobileConfig.json, contained settings that could lead to security problems.π Read
via "Naked Security".
Naked Security
Adobe fixes SDK weakness affecting mobile apps
Researchers noticed that the main app configuration file, ADBMobileConfig.json, contained settings that could lead to security problems.
β Encrypted Emails on macOS Found Stored in Unprotected Way β
π Read
via "Threatpost".
Apple is investigating an issue raised by a Mac specialist discovered to be storing emails that are supposed to be S/MIME-encrypted as readable files.π Read
via "Threatpost".
Threat Post
Encrypted Emails on macOS Found Stored in Unprotected Way
Apple is investigating an issue raised by a Mac specialist discovered to be storing emails that are supposed to be S/MIME-encrypted as readable files.
π΄ 5 Security Processes You Shouldn't Overlook During M&A π΄
π Read
via "Dark Reading: ".
Security needs to be a central element of due diligence if a merger or acquisition is to succeedπ Read
via "Dark Reading: ".
Darkreading
5 Security Processes You Shouldn't Overlook During M&A
Security needs to be a central element of due diligence if a merger or acquisition is to succeed
π FBI: Engineer Stole, Emailed Tech Secrets to Iran π
π Read
via "Subscriber Blog RSS Feed ".
This engineer purportedly stole sensitive aerospace technology from his employer and emailed it his brother in the Iranian military.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI: Engineer Stole, Emailed Tech Secrets to Iran
This engineer purportedly stole sensitive aerospace technology from his employer and emailed it his brother in the Iranian military.
β Ransomware Attack Downs Hosting Service SmarterASP.NET β
π Read
via "Threatpost".
SmarterASP.NET said that it is in the middle of recovering accounts downed by the ransomware attack.π Read
via "Threatpost".
Threat Post
Ransomware Attack Downs Hosting Service SmarterASP.NET
SmarterASP.NET said that it is in the middle of recovering accounts downed by the ransomware attack.
π How to navigate cybersecurity in a 5G world π
π Read
via "Security on TechRepublic".
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, AT&T report finds.π Read
via "Security on TechRepublic".
TechRepublic
How to navigate cybersecurity in a 5G world
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, an AT&T Cybersecurity report finds.
π Open source is a heavily interdependent community, which is good and bad for security π
π Read
via "Security on TechRepublic".
Commentary: Open source is a tangled web of interdependencies. How can we do better to secure this web?π Read
via "Security on TechRepublic".
TechRepublic
Open source is a heavily interdependent community, which is good and bad for security
Commentary: Open source is a tangled web of interdependencies. How can we do better to secure this web?
β Microsoft urges us to patch after partially effective BlueKeep attack β
π Read
via "Naked Security".
Microsoft has urged people to patch their Windows systems following the appearance of mass BlueKeep exploits just over a week ago.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months β
π Read
via "Threatpost".
When it comes to bouncing back, long-term impact to share prices from a data breach incident is significant on average for large companies.π Read
via "Threatpost".
Threat Post
ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
When it comes to bouncing back, long-term impact to share prices from a data breach incident is significant on average for large companies.
π΄ Learn the Latest Exploit Techniques at Black Hat Europe π΄
π Read
via "Dark Reading: ".
Master new exploit techniques for Microsoft RDP, Java remote protocols at Black Hat Europe in London next month.π Read
via "Dark Reading: ".
Darkreading
Learn the Latest Exploit Techniques at Black Hat Europe
Master new exploit techniques for Microsoft RDP, Java remote protocols at Black Hat Europe in London next month.
π΄ Joker's Stash Puts $130M Price Tag on Credit Card Database π΄
π Read
via "Dark Reading: ".
A new analysis advises security teams on what they should know about the underground payment card seller.π Read
via "Dark Reading: ".
Dark Reading
Joker's Stash Puts $130M Price Tag on Credit Card Database
A new analysis advises security teams on what they should know about the underground payment card seller.
π Why we must strike a balance with AI to solve the cybersecurity skills gap π
π Read
via "Security on TechRepublic".
How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.π Read
via "Security on TechRepublic".
TechRepublic
Why we must strike a balance with AI to solve the cybersecurity skills gap
How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.
π Why we must strike a balance with AI to solve the cybersecurity skills gap π
π Read
via "Security on TechRepublic".
How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.π Read
via "Security on TechRepublic".
TechRepublic
Why we must strike a balance with AI to solve the cybersecurity skills gap
How to solve the cybersecurity skills gap by striking a balance with artificial intelligence.