π΄ Attacker Mistake Botches Cyborg Ransomware Campaign π΄
π Read
via "Dark Reading: ".
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.π Read
via "Dark Reading: ".
Darkreading
Attacker Mistake Botches Cyborg Ransomware Campaign
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
ATENTIONβΌ New - CVE-2011-1145 (debian_linux, enterprise_linux, opensuse, unixodbc)
π Read
via "National Vulnerability Database".
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.π Read
via "National Vulnerability Database".
π΄ Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats π΄
π Read
via "Dark Reading: ".
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.π Read
via "Dark Reading: ".
Darkreading
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
β Adobe Acrobat and Reader 2015 reach end of support β
π Read
via "Naked Security".
If you've been happily using Adobe Reader 2015 software for the last few years, you're in for a rude awakening.π Read
via "Naked Security".
Naked Security
Adobe Acrobat and Reader 2015 reach end of support
If youβve been happily using Adobe Reader 2015 software for the last few years, youβre in for a rude awakening.
β XSS security hole in Gmailβs dynamic email β
π Read
via "Naked Security".
The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.π Read
via "Naked Security".
Naked Security
XSS security hole in Gmailβs dynamic email
The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.
β Instagram stalker app Ghosty yanked from Play store β
π Read
via "Naked Security".
It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.π Read
via "Naked Security".
Naked Security
Instagram stalker app Ghosty yanked from Play store
It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.
β Update WhatsApp now: MP4 video bug exposes your messages β
π Read
via "Naked Security".
A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.π Read
via "Naked Security".
Naked Security
Update WhatsApp now: MP4 video bug exposes your messages
A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.
β Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online β
π Read
via "Threatpost".
A data breach left personal information--including email and IP addresses and first and last namesβexposed in public databases, according to Troy Hunt.π Read
via "Threatpost".
Threat Post
Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online
The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.
π Macy's holiday breach highlights retailer need for encryption and scrutiny of third party systems π
π Read
via "Security on TechRepublic".
Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.π Read
via "Security on TechRepublic".
TechRepublic
Macy's holiday breach highlights retailer's need for encryption and scrutiny of third-party systems
Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.
π΄ Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones π΄
π Read
via "Dark Reading: ".
Vulnerability could allow an attacker to control the camera and storage without user knowledge or permission.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
π΄ Why Multifactor Authentication Is Now a Hacker Target π΄
π Read
via "Dark Reading: ".
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.π Read
via "Dark Reading: ".
Darkreading
Why Multifactor Authentication Is Now a Hacker Target
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
ATENTIONβΌ New - CVE-2010-4657 (debian_linux, enterprise_linux, php)
π Read
via "National Vulnerability Database".
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.π Read
via "National Vulnerability Database".
π Want to attain and retain customers? Adopt data privacy policies π
π Read
via "Security on TechRepublic".
Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.π Read
via "Security on TechRepublic".
TechRepublic
Want to attain and retain customers? Adopt data privacy policies
Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.
β ThreatList: Admin Rights for Third Parties is the Norm β
π Read
via "Threatpost".
The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.π Read
via "Threatpost".
Threat Post
ThreatList: Admin Rights for Third Parties is the Norm
The majority give outside partners, contractors and suppliers administrative access β without strong security policies in place.
β High-Severity Windows UAC Flaw Enables Privilege Escalation β
π Read
via "Threatpost".
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.π Read
via "Threatpost".
Threat Post
High-Severity Windows UAC Flaw Enables Privilege Escalation
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.
ATENTIONβΌ New - CVE-2011-1028
π Read
via "National Vulnerability Database".
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-0529
π Read
via "National Vulnerability Database".
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-4660
π Read
via "National Vulnerability Database".
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..π Read
via "National Vulnerability Database".
π΄ Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments π΄
π Read
via "Dark Reading: ".
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.
π΄ Former White House CIO Shares Enduring Security Strategies π΄
π Read
via "Dark Reading: ".
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Employee Privacy in a Mobile Workplace π΄
π Read
via "Dark Reading: ".
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.π Read
via "Dark Reading: ".
Dark Reading
Employee Privacy in a Mobile Workplace
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.