β Microsoft says it will honor Californiaβs new privacy law across US β
π Read
via "Naked Security".
Microsoft said CCPA is good news, given the failure of Congress to pass a comprehensive privacy protection law at the federal level.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Federal Court: Suspicionless Search of Traveler Devices by Border Agents Is Unconstitutional β
π Read
via "Threatpost".
U.S. Customs agents now must have reasonable cause and suspicion to search traveler devices at points of entry.π Read
via "Threatpost".
Threat Post
Federal Court: Suspicionless Search of Traveler Devices by Border Agents Is Unconstitutional
U.S. Customs agents now must have reasonable cause and suspicion to search traveler devices at points of entry.
β US-CERT warns of critical flaws in Medtronic equipment β
π Read
via "Naked Security".
Medtronic's latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.π Read
via "Naked Security".
Naked Security
US-CERT warns of critical flaws in Medtronic equipment
Medtronicβs latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.
β Apple pulls Instagram-watching app from store β
π Read
via "Naked Security".
Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friendsβ activities on the social network.π Read
via "Naked Security".
Naked Security
Apple pulls Instagram-watching app from store
Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friendsβ activities on the social network.
π Five reasons healthcare data security is at Ebola crisis levels π
π Read
via "Security on TechRepublic".
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.π Read
via "Security on TechRepublic".
TechRepublic
Five reasons healthcare data security is at Ebola crisis levels
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.
π΄ Unreasonable Security Best Practices vs. Good Risk Management π΄
π Read
via "Dark Reading: ".
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.π Read
via "Dark Reading: ".
Darkreading
Unreasonable Security Best Practices vs. Good Risk Management
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
π How cybercriminals trick you into giving your information over the phone π
π Read
via "Security on TechRepublic".
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.π Read
via "Security on TechRepublic".
TechRepublic
How cybercriminals trick you into giving your information over the phone
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.
π How to manage Siri privacy settings in iOS 13.2 π
π Read
via "Security on TechRepublic".
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.π Read
via "Security on TechRepublic".
TechRepublic
How to manage Siri privacy settings in iOS 13.2
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.
β IoT Security Woes Plague Healthcare Industry β
π Read
via "Threatpost".
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.π Read
via "Threatpost".
Threat Post
IoT Security Woes Plague Healthcare Industry
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.
ATENTIONβΌ New - CVE-2009-5046 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5045 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
Dump Servlet information leak in jetty before 6.1.22.π Read
via "National Vulnerability Database".
π΄ Cardplanet Operator Extradited for Facilitating Credit Card Fraud π΄
π Read
via "Dark Reading: ".
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.π Read
via "Dark Reading: ".
Darkreading
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
β November 2019 Patch Tuesday fixes 13 critical flaws and one zero day β
π Read
via "Naked Security".
Novemberβs Patch Tuesday arrived to plug 73 CVE-level vulnerabilities across Microsoftβs software products, including 13 'criticals'.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2010-2473 (drupal)
π Read
via "National Vulnerability Database".
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2472 (drupal)
π Read
via "National Vulnerability Database".
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2471 (debian_linux, drupal)
π Read
via "National Vulnerability Database".
drupal6 version 6.16 has open redirectionπ Read
via "National Vulnerability Database".
β Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire β
π Read
via "Threatpost".
"Project Nightingale" is fully HIPAA-compliant, according to Google -- but researchers said they see big red flags for consumer data privacy.π Read
via "Threatpost".
Threat Post
Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire
"Project Nightingale" is fully HIPAA-compliant, according to Google β but researchers said they see big red flags for consumer data privacy.
π΄ Breaches Are Inevitable, So Embrace the Chaos π΄
π Read
via "Dark Reading: ".
Avoid sinking security with principles of shipbuilding known since the 15th century.π Read
via "Dark Reading: ".
Darkreading
Breaches Are Inevitable, So Embrace the Chaos
Avoid sinking security with principles of shipbuilding known since the 15th century.
ATENTIONβΌ New - CVE-2010-2450 (debian_linux, service_provider)
π Read
via "National Vulnerability Database".
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-6745 (clamav, debian_linux)
π Read
via "National Vulnerability Database".
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.π Read
via "National Vulnerability Database".