π΄ Unreasonable Security Best Practices vs. Good Risk Management π΄
π Read
via "Dark Reading: ".
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.π Read
via "Dark Reading: ".
Darkreading
Unreasonable Security Best Practices vs. Good Risk Management
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
π How cybercriminals trick you into giving your information over the phone π
π Read
via "Security on TechRepublic".
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.π Read
via "Security on TechRepublic".
TechRepublic
How cybercriminals trick you into giving your information over the phone
IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.
π How to manage Siri privacy settings in iOS 13.2 π
π Read
via "Security on TechRepublic".
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.π Read
via "Security on TechRepublic".
TechRepublic
How to manage Siri privacy settings in iOS 13.2
In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.
β IoT Security Woes Plague Healthcare Industry β
π Read
via "Threatpost".
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.π Read
via "Threatpost".
Threat Post
IoT Security Woes Plague Healthcare Industry
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.
ATENTIONβΌ New - CVE-2009-5046 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5045 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
Dump Servlet information leak in jetty before 6.1.22.π Read
via "National Vulnerability Database".
π΄ Cardplanet Operator Extradited for Facilitating Credit Card Fraud π΄
π Read
via "Dark Reading: ".
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.π Read
via "Dark Reading: ".
Darkreading
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
β November 2019 Patch Tuesday fixes 13 critical flaws and one zero day β
π Read
via "Naked Security".
Novemberβs Patch Tuesday arrived to plug 73 CVE-level vulnerabilities across Microsoftβs software products, including 13 'criticals'.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2010-2473 (drupal)
π Read
via "National Vulnerability Database".
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2472 (drupal)
π Read
via "National Vulnerability Database".
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2471 (debian_linux, drupal)
π Read
via "National Vulnerability Database".
drupal6 version 6.16 has open redirectionπ Read
via "National Vulnerability Database".
β Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire β
π Read
via "Threatpost".
"Project Nightingale" is fully HIPAA-compliant, according to Google -- but researchers said they see big red flags for consumer data privacy.π Read
via "Threatpost".
Threat Post
Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire
"Project Nightingale" is fully HIPAA-compliant, according to Google β but researchers said they see big red flags for consumer data privacy.
π΄ Breaches Are Inevitable, So Embrace the Chaos π΄
π Read
via "Dark Reading: ".
Avoid sinking security with principles of shipbuilding known since the 15th century.π Read
via "Dark Reading: ".
Darkreading
Breaches Are Inevitable, So Embrace the Chaos
Avoid sinking security with principles of shipbuilding known since the 15th century.
ATENTIONβΌ New - CVE-2010-2450 (debian_linux, service_provider)
π Read
via "National Vulnerability Database".
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-6745 (clamav, debian_linux)
π Read
via "National Vulnerability Database".
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.π Read
via "National Vulnerability Database".
π΄ 2019 Trending as Worst Year on Record for Data Breaches π΄
π Read
via "Dark Reading: ".
New Risk Based Security report shows data breaches up 33.3% over last year so far.π Read
via "Dark Reading: ".
Darkreading
2019 Trending as Worst Year on Record for Data Breaches
New Risk Based Security report shows data breaches up 33.3% over last year so far.
π Insider Stole Billion Dollar Battery Trade Secrets π
π Read
via "Subscriber Blog RSS Feed ".
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Insider Stole Billion Dollar Battery Trade Secrets
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.
π΄ The Ripple Effect of Data Breaches: How Damage Spreads π΄
π Read
via "Dark Reading: ".
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.π Read
via "Dark Reading: ".
Darkreading
The Ripple Effect of Data Breaches: How Damage Spreads
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
π Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs π
π Read
via "Security on TechRepublic".
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.π Read
via "Security on TechRepublic".
TechRepublic
Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.
π΄ Cybersecurity: An Organizationwide Responsibility π΄
π Read
via "Dark Reading: ".
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.π Read
via "Dark Reading: ".
Darkreading
Cybersecurity: An Organizationwide Responsibility
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.