π΄ Breaches Are Inevitable, So Embrace the Chaos π΄
π Read
via "Dark Reading: ".
Avoid sinking security with principles of shipbuilding known since the 15th century.π Read
via "Dark Reading: ".
Darkreading
Breaches Are Inevitable, So Embrace the Chaos
Avoid sinking security with principles of shipbuilding known since the 15th century.
ATENTIONβΌ New - CVE-2010-2450 (debian_linux, service_provider)
π Read
via "National Vulnerability Database".
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-6745 (clamav, debian_linux)
π Read
via "National Vulnerability Database".
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.π Read
via "National Vulnerability Database".
π΄ 2019 Trending as Worst Year on Record for Data Breaches π΄
π Read
via "Dark Reading: ".
New Risk Based Security report shows data breaches up 33.3% over last year so far.π Read
via "Dark Reading: ".
Darkreading
2019 Trending as Worst Year on Record for Data Breaches
New Risk Based Security report shows data breaches up 33.3% over last year so far.
π Insider Stole Billion Dollar Battery Trade Secrets π
π Read
via "Subscriber Blog RSS Feed ".
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Insider Stole Billion Dollar Battery Trade Secrets
Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.
π΄ The Ripple Effect of Data Breaches: How Damage Spreads π΄
π Read
via "Dark Reading: ".
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.π Read
via "Dark Reading: ".
Darkreading
The Ripple Effect of Data Breaches: How Damage Spreads
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
π Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs π
π Read
via "Security on TechRepublic".
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.π Read
via "Security on TechRepublic".
TechRepublic
Tracking endpoints and ensuring device security a vexing problem for healthcare CIOs
The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.
π΄ Cybersecurity: An Organizationwide Responsibility π΄
π Read
via "Dark Reading: ".
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.π Read
via "Dark Reading: ".
Darkreading
Cybersecurity: An Organizationwide Responsibility
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
ATENTIONβΌ New - CVE-2008-3278 (frysk)
π Read
via "National Vulnerability Database".
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.π Read
via "National Vulnerability Database".
β Consumer Data Privacy Rights: Emerging Tech Blurs Lines β
π Read
via "Threatpost".
Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.π Read
via "Threatpost".
Threat Post
Consumer Data Privacy Rights: Emerging Tech Blurs Lines
Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.
π΄ Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites π΄
π Read
via "Dark Reading: ".
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.π Read
via "Dark Reading: ".
Dark Reading
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
β Alleged mastermind behind $20m stolen-card site extradited to US β
π Read
via "Naked Security".
Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!π Read
via "Naked Security".
Naked Security
Alleged mastermind behind $20m stolen-card site extradited to US
Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!
β Warrantless searches of devices at US borders ruled unconstitutional β
π Read
via "Naked Security".
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers' devices.π Read
via "Naked Security".
Naked Security
Warrantless searches of devices at US borders ruled unconstitutional
The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelersβ devices.
β Innovative PureLocker Ransomware Emerges in Targeted Attacks β
π Read
via "Threatpost".
PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.π Read
via "Threatpost".
Threat Post
Innovative PureLocker Ransomware Emerges in Targeted Attacks
PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.
β Facebook fixes iPhone camera bug β
π Read
via "Naked Security".
Facebook was quick to reassure iPhone users this week that it wasnβt secretly spying on them via its app, after someone found the software keeping the phoneβs rear camera active in the background.π Read
via "Naked Security".
Naked Security
Facebook fixes iPhone camera bug
Facebook was quick to reassure iPhone users this week that it wasnβt secretly spying on them via its app, after someone found the software keeping the phoneβs rear camera active in the background.β¦
β ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks β
π Read
via "Threatpost".
Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.π Read
via "Threatpost".
Threat Post
ENFUSE 2019: Security Regulations, Insider Threats, and IoT Privacy Risks
Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.
β Download: The Comprehensive Compliance Guide β
π Read
via "Threatpost".
The Comprehensive Compliance Guide can help security leaders save time and resources from creating their own compliance evaluation methods.π Read
via "Threatpost".
Threat Post
Download: The Comprehensive Compliance Guide
The Comprehensive Compliance Guide can help security leaders save time and resources from creating their own compliance evaluation methods.
β Threat Actor Impersonates USPS to Deliver Backdoor Malware β
π Read
via "Threatpost".
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.π Read
via "Threatpost".
Threat Post
Threat Actor Impersonates USPS to Deliver Backdoor Malware
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.
π How retail companies can better protect themselves against cyberattacks π
π Read
via "Security on TechRepublic".
The sector has been hit by more data breaches than any other this year as criminal groups devise more advanced hacking methods, says threat intelligence company IntSights.π Read
via "Security on TechRepublic".
TechRepublic
How retail companies can better protect themselves against cyberattacks
The sector has been hit by more data breaches than any other this year as criminal groups devise more advanced hacking methods, says threat intelligence company IntSights.