ATENTIONβΌ New - CVE-2010-2472 (drupal)
π Read
via "National Vulnerability Database".
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2471 (debian_linux, drupal)
π Read
via "National Vulnerability Database".
drupal6 version 6.16 has open redirectionπ Read
via "National Vulnerability Database".
β Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire β
π Read
via "Threatpost".
"Project Nightingale" is fully HIPAA-compliant, according to Google -- but researchers said they see big red flags for consumer data privacy.π Read
via "Threatpost".
Threat Post
Googleβs Plan to Crunch Health Data on Millions of Patients Draws Fire
"Project Nightingale" is fully HIPAA-compliant, according to Google β but researchers said they see big red flags for consumer data privacy.
π΄ Breaches Are Inevitable, So Embrace the Chaos π΄
π Read
via "Dark Reading: ".
Avoid sinking security with principles of shipbuilding known since the 15th century.π Read
via "Dark Reading: ".
Darkreading
Breaches Are Inevitable, So Embrace the Chaos
Avoid sinking security with principles of shipbuilding known since the 15th century.
ATENTIONβΌ New - CVE-2010-2450 (debian_linux, service_provider)
π Read
via "National Vulnerability Database".
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-6745 (clamav, debian_linux)
π Read
via "National Vulnerability Database".
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.π Read
via "National Vulnerability Database".
π΄ 2019 Trending as Worst Year on Record for Data Breaches π΄
π Read
via "Dark Reading: ".
New Risk Based Security report shows data breaches up 33.3% over last year so far.π Read
via "Dark Reading: ".
Darkreading
2019 Trending as Worst Year on Record for Data Breaches
New Risk Based Security report shows data breaches up 33.3% over last year so far.
π Insider Stole Billion Dollar Battery Trade Secrets π
π Read
via "Subscriber Blog RSS Feed ".
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Insider Stole Billion Dollar Battery Trade Secrets
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.
π΄ The Ripple Effect of Data Breaches: How Damage Spreads π΄
π Read
via "Dark Reading: ".
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.π Read
via "Dark Reading: ".
Darkreading
The Ripple Effect of Data Breaches: How Damage Spreads
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
π Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs π
π Read
via "Security on TechRepublic".
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.π Read
via "Security on TechRepublic".
TechRepublic
Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.
π΄ Cybersecurity: An Organizationwide Responsibility π΄
π Read
via "Dark Reading: ".
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.π Read
via "Dark Reading: ".
Darkreading
Cybersecurity: An Organizationwide Responsibility
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
ATENTIONβΌ New - CVE-2008-3278 (frysk)
π Read
via "National Vulnerability Database".
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.π Read
via "National Vulnerability Database".
β Consumer Data Privacy Rights: Emerging Tech Blurs Lines β
π Read
via "Threatpost".
Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.π Read
via "Threatpost".
Threat Post
Consumer Data Privacy Rights: Emerging Tech Blurs Lines
Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.
π΄ Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites π΄
π Read
via "Dark Reading: ".
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.π Read
via "Dark Reading: ".
Dark Reading
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
β Alleged mastermind behind $20m stolen-card site extradited to US β
π Read
via "Naked Security".
Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!π Read
via "Naked Security".
Naked Security
Alleged mastermind behind $20m stolen-card site extradited to US
Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!
β Warrantless searches of devices at US borders ruled unconstitutional β
π Read
via "Naked Security".
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers' devices.π Read
via "Naked Security".
Naked Security
Warrantless searches of devices at US borders ruled unconstitutional
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelersβ devices.
β Innovative PureLocker Ransomware Emerges in Targeted Attacks β
π Read
via "Threatpost".
PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.π Read
via "Threatpost".
Threat Post
Innovative PureLocker Ransomware Emerges in Targeted Attacks
PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.
β Facebook fixes iPhone camera bug β
π Read
via "Naked Security".
Facebook was quick to reassure iPhone users this week that it wasnβt secretly spying on them via its app, after someone found the software keeping the phoneβs rear camera active in the background.π Read
via "Naked Security".
Naked Security
Facebook fixes iPhone camera bug
Facebook was quick to reassure iPhone users this week that it wasnβt secretly spying on them via its app, after someone found the software keeping the phoneβs rear camera active in the background.β¦
β ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks β
π Read
via "Threatpost".
Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.π Read
via "Threatpost".
Threat Post
ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks
Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.