β Official Monero site delivers malicious cash-grabbing wallet β
π Read
via "Naked Security".
If you downloaded the Monero command line wallet recently, check it before using it.π Read
via "Naked Security".
Naked Security
Official Monero site delivers malicious cash-grabbing wallet
If you downloaded the Monero command line wallet recently, check it before using it.
π΄ Anatomy of a BEC Scam π΄
π Read
via "Dark Reading: ".
A look at the characteristics of real-world business email compromise attacks - and what makes them tick.π Read
via "Dark Reading: ".
Darkreading
Anatomy of a BEC Scam
A look at the characteristics of real-world business email compromise attacks β and what makes them tick.
β Download: 2019 Security Team Assessment Template β
π Read
via "Threatpost".
The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security teamβs main pillars.π Read
via "Threatpost".
Threat Post
Download: 2019 Security Team Assessment Template
The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security teamβs main pillars.
β Android camera bug could have turned phones against their users β
π Read
via "Naked Security".
Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.π Read
via "Naked Security".
Naked Security
Android camera bug could have turned phones against their users
Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.
π΄ The 'Department of No': Why CISOs Need to Cultivate a Middle Way π΄
π Read
via "Dark Reading: ".
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.π Read
via "Dark Reading: ".
Dark Reading
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
β DNS-over-HTTPS is coming to Windows 10 β
π Read
via "Naked Security".
Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 6 Top Nontechnical Degrees for Cybersecurity π΄
π Read
via "Dark Reading: ".
A computer science degree isn't the only path into a cybersecurity career.π Read
via "Dark Reading: ".
Dark Reading
6 Top Nontechnical Degrees for Cybersecurity
A computer science degree isn't the only path into a cybersecurity career.
β Gnip Banking Trojan Shows Ongoing, Aggressive Development β
π Read
via "Threatpost".
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.π Read
via "Threatpost".
Threat Post
Gnip Banking Trojan Shows Ongoing, Aggressive Development
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
β Linux Webmin Servers Under Attack by Roboto P2P Botnet β
π Read
via "Threatpost".
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.π Read
via "Threatpost".
Threat Post
Linux Webmin Servers Under Attack by Roboto P2P Botnet
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Webmin Linux servers.
π 75% of developers worry about app security, but half lack dedicated security experts on their team π
π Read
via "Security on TechRepublic".
The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.π Read
via "Security on TechRepublic".
TechRepublic
75% of developers worry about app security, but half lack dedicated security experts on their team
The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.
ATENTIONβΌ New - CVE-2009-5047 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.π Read
via "National Vulnerability Database".
π΄ Google Increases Top Android Hacking Prize to $1M π΄
π Read
via "Dark Reading: ".
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.π Read
via "Dark Reading: ".
Dark Reading
Google Increases Top Android Hacking Prize to $1M
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
π΄ 3 Fundamentals for Better Security and IT Management π΄
π Read
via "Dark Reading: ".
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.π Read
via "Dark Reading: ".
Darkreading
3 Fundamentals for Better Security and IT Management
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
β Microsoft Outlook for Android Bug Opens Door to XSS β
π Read
via "Threatpost".
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.π Read
via "Threatpost".
Threat Post
Microsoft Outlook for Android Bug Opens Door to XSS
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.
π Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it π
π Read
via "Security on TechRepublic".
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).π Read
via "Security on TechRepublic".
TechRepublic
Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
π Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it π
π Read
via "Security on TechRepublic".
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).π Read
via "Security on TechRepublic".
TechRepublic
Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
π΄ In the Market for a MSSP? Ask These Questions First π΄
π Read
via "Dark Reading: ".
Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.π Read
via "Dark Reading: ".
Dark Reading
In the Market for a MSSP? Ask These Questions First
Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.
π΄ Government Agency Partners on New Tool for Election Security π΄
π Read
via "Dark Reading: ".
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.π Read
via "Dark Reading: ".
Dark Reading
Government Agency Partners on New Tool for Election Security
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
β Senators Demand Amazon Disclose Ring Privacy Policies β
π Read
via "Threatpost".
Amazon's Ring data collection policies are in the spotlight.π Read
via "Threatpost".
Threat Post
Senators Demand Amazon Disclose Ring Privacy Policies
Amazon's Ring data collection policies are in the spotlight.
π΄ Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities π΄
π Read
via "Dark Reading: ".
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.π Read
via "Dark Reading: ".
Darkreading
Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.