β Update WhatsApp now: MP4 video bug exposes your messages β
π Read
via "Naked Security".
A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.π Read
via "Naked Security".
Naked Security
Update WhatsApp now: MP4 video bug exposes your messages
A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.
β Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online β
π Read
via "Threatpost".
A data breach left personal information--including email and IP addresses and first and last namesβexposed in public databases, according to Troy Hunt.π Read
via "Threatpost".
Threat Post
Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online
The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.
π Macy's holiday breach highlights retailer need for encryption and scrutiny of third party systems π
π Read
via "Security on TechRepublic".
Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.π Read
via "Security on TechRepublic".
TechRepublic
Macy's holiday breach highlights retailer's need for encryption and scrutiny of third-party systems
Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.
π΄ Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones π΄
π Read
via "Dark Reading: ".
Vulnerability could allow an attacker to control the camera and storage without user knowledge or permission.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
π΄ Why Multifactor Authentication Is Now a Hacker Target π΄
π Read
via "Dark Reading: ".
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.π Read
via "Dark Reading: ".
Darkreading
Why Multifactor Authentication Is Now a Hacker Target
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
ATENTIONβΌ New - CVE-2010-4657 (debian_linux, enterprise_linux, php)
π Read
via "National Vulnerability Database".
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.π Read
via "National Vulnerability Database".
π Want to attain and retain customers? Adopt data privacy policies π
π Read
via "Security on TechRepublic".
Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.π Read
via "Security on TechRepublic".
TechRepublic
Want to attain and retain customers? Adopt data privacy policies
Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.
β ThreatList: Admin Rights for Third Parties is the Norm β
π Read
via "Threatpost".
The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.π Read
via "Threatpost".
Threat Post
ThreatList: Admin Rights for Third Parties is the Norm
The majority give outside partners, contractors and suppliers administrative access β without strong security policies in place.
β High-Severity Windows UAC Flaw Enables Privilege Escalation β
π Read
via "Threatpost".
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.π Read
via "Threatpost".
Threat Post
High-Severity Windows UAC Flaw Enables Privilege Escalation
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.
ATENTIONβΌ New - CVE-2011-1028
π Read
via "National Vulnerability Database".
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-0529
π Read
via "National Vulnerability Database".
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-4660
π Read
via "National Vulnerability Database".
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..π Read
via "National Vulnerability Database".
π΄ Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments π΄
π Read
via "Dark Reading: ".
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.π Read
via "Dark Reading: ".
Dark Reading
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.
π΄ Former White House CIO Shares Enduring Security Strategies π΄
π Read
via "Dark Reading: ".
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Employee Privacy in a Mobile Workplace π΄
π Read
via "Dark Reading: ".
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.π Read
via "Dark Reading: ".
Dark Reading
Employee Privacy in a Mobile Workplace
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
ATENTIONβΌ New - CVE-2011-1490 (debian_linux, opensuse, rsyslog)
π Read
via "National Vulnerability Database".
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one rulesetπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-1489 (debian_linux, opensuse, rsyslog)
π Read
via "National Vulnerability Database".
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-4659
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.π Read
via "National Vulnerability Database".
β Apache Solr Bug Gets Bumped Up to High Severity β
π Read
via "Threatpost".
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.π Read
via "Threatpost".
Threat Post
Apache Solr Bug Gets Bumped Up to High Severity
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.
π NSA Reiterates Risks of Transport Layer Security Inspection π
π Read
via "Subscriber Blog RSS Feed ".
In an advisory published this week, the NSA outlined the risks of Transport Layer Security Inspection (TLSI) and provided security mitigations for organizations.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NSA Reiterates Risks of Transport Layer Security Inspection
In an advisory published this week, the NSA outlined the risks of Transport Layer Security Inspection (TLSI) and provided security mitigations for organizations.
β Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor β
π Read
via "Threatpost".
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.π Read
via "Threatpost".
Threat Post
Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.