π΄ The Myths of Multifactor Authentication π΄
π Read
via "Dark Reading: ".
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?π Read
via "Dark Reading: ".
Dark Reading
The Myths of Multifactor Authentication
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
β Plugging the Data Leak in Manufacturing β
π Read
via "Threatpost".
IIoT-generated data β calibrations, measurements and other parameters β still need to be stored, managed and shared securely.π Read
via "Threatpost".
Threat Post
Plugging the Data Leak in Manufacturing
IIoT-generated data β calibrations, measurements and other parameters β still need to be stored, managed and shared securely.
π΄ New DDoS Attacks Leverage TCP Amplification π΄
π Read
via "Dark Reading: ".
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.π Read
via "Dark Reading: ".
Darkreading
New DDoS Attacks Leverage TCP Amplification
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.
β Microsoft Patches RCE Bug Actively Under Attack β
π Read
via "Threatpost".
Microsoft tackles 74 bugs as part of its November Patch Tuesday security bulletin.π Read
via "Threatpost".
Threat Post
Microsoft Patches RCE Bug Actively Under Attack
Microsoft tackles 74 bugs as part of its November Patch Tuesday security bulletin.
β Insider Threats, a Cybercriminal Favorite, Not East to Mitigate β
π Read
via "Threatpost".
Rogue employees -- not just external threat groups -- pose a formidable threat to incident response teams.π Read
via "Threatpost".
Threat Post
Insider Threats, a Cybercriminal Favorite, Not Easy to Mitigate
Rogue employees -rather than external threat groups - pose a formidable threat to incident response teams.
π΄ Microsoft Patches IE Zero-Day Among 74 Vulnerabilities π΄
π Read
via "Dark Reading: ".
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Companies Increasingly Fail Interim Security Test, But Gap Narrows π΄
π Read
via "Dark Reading: ".
Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.π Read
via "Dark Reading: ".
Dark Reading
Companies Increasingly Fail Interim Security Test, But Gap Narrows
Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.
ATENTIONβΌ New - CVE-2010-2247 (makepasswd)
π Read
via "National Vulnerability Database".
makepasswd 1.10 default settings generate insecure passwordsπ Read
via "National Vulnerability Database".
π΄ While CISOs Fret, Business Leaders Tout Security Robustness π΄
π Read
via "Dark Reading: ".
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.π Read
via "Dark Reading: ".
Dark Reading
While CISOs Fret, Business Leaders Tout Security Robustness
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
β No, YouTube isnβt planning to jettison your unprofitable channel β
π Read
via "Naked Security".
Or your small/new channel, or to shut you down if you use an ad blocker, though a clause in its new ToS is leading people to fear the worst.π Read
via "Naked Security".
Naked Security
No, YouTube isnβt planning to jettison your unprofitable channel
Or your small/new channel, or to shut you down if you use an ad blocker, though a clause in its new ToS is leading people to fear the worst.
β Microsoft says it will honor Californiaβs new privacy law across US β
π Read
via "Naked Security".
Microsoft said CCPA is good news, given the failure of Congress to pass a comprehensive privacy protection law at the federal level.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Federal Court: Suspicionless Search of Traveler Devices by Border Agents Is Unconstitutional β
π Read
via "Threatpost".
U.S. Customs agents now must have reasonable cause and suspicion to search traveler devices at points of entry.π Read
via "Threatpost".
Threat Post
Federal Court: Suspicionless Search of Traveler Devices by Border Agents Is Unconstitutional
U.S. Customs agents now must have reasonable cause and suspicion to search traveler devices at points of entry.
β US-CERT warns of critical flaws in Medtronic equipment β
π Read
via "Naked Security".
Medtronic's latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.π Read
via "Naked Security".
Naked Security
US-CERT warns of critical flaws in Medtronic equipment
Medtronicβs latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.
β Apple pulls Instagram-watching app from store β
π Read
via "Naked Security".
Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friendsβ activities on the social network.π Read
via "Naked Security".
Naked Security
Apple pulls Instagram-watching app from store
Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friendsβ activities on the social network.
π Five reasons healthcare data security is at Ebola crisis levels π
π Read
via "Security on TechRepublic".
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.π Read
via "Security on TechRepublic".
TechRepublic
Five reasons healthcare data security is at Ebola crisis levels
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.
π΄ Unreasonable Security Best Practices vs. Good Risk Management π΄
π Read
via "Dark Reading: ".
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.π Read
via "Dark Reading: ".
Darkreading
Unreasonable Security Best Practices vs. Good Risk Management
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
π How cybercriminals trick you into giving your information over the phone π
π Read
via "Security on TechRepublic".
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.π Read
via "Security on TechRepublic".
TechRepublic
How cybercriminals trick you into giving your information over the phone
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.
π How to manage Siri privacy settings in iOS 13.2 π
π Read
via "Security on TechRepublic".
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.π Read
via "Security on TechRepublic".
TechRepublic
How to manage Siri privacy settings in iOS 13.2
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.
β IoT Security Woes Plague Healthcare Industry β
π Read
via "Threatpost".
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.π Read
via "Threatpost".
Threat Post
IoT Security Woes Plague Healthcare Industry
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.
ATENTIONβΌ New - CVE-2009-5046 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5045 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
Dump Servlet information leak in jetty before 6.1.22.π Read
via "National Vulnerability Database".