❌ PoS Malware Exposes Customer Data of Catch Restaurants ❌
📖 Read
via "Threatpost".
A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems.📖 Read
via "Threatpost".
Threat Post
PoS Malware Exposes Customer Data of Catch Restaurants
A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems.
🕴 New: 2019 State of the Internet / Security: Financial Services Attack Economy 🕴
📖 Read
via "Dark Reading: ".
Every organization should be paying attention to the attacks targeting financial services systems.📖 Read
via "Dark Reading: ".
Dark Reading
New: 2019 State of the Internet / Security: Financial Services Attack Economy
Every organization should be paying attention to the attacks targeting financial services systems.
🕴 Home Safe: 20 Cybersecurity Tips for Your Remote Workers 🕴
📖 Read
via "Dark Reading: ".
How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.📖 Read
via "Dark Reading: ".
Dark Reading
Home Safe: 20 Cybersecurity Tips for Your Remote Workers
How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.
🔏 Meet Harlan Carvey, Digital Guardian's New Senior Threat Hunter 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
In this Q&A, we sit down with Harlan Carvey, Digital Guardian's new Senior Threat Hunter, to dig into how he approaches threat hunting, incident response, and more.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Meet Harlan Carvey, Digital Guardian's New Senior Threat Hunter
In this Q&A, we sit down with Harlan Carvey, Digital Guardian's new Senior Threat Hunter, to dig into how he approaches threat hunting, incident response, and more.
ATENTION‼ New - CVE-2011-4924
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-2924 (debian_linux, fedora, foomatic-filters)
📖 Read
via "National Vulnerability Database".
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-2923 (debian_linux, foomatic-filters)
📖 Read
via "National Vulnerability Database".
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.📖 Read
via "National Vulnerability Database".
❌ NYPD Fingerprint Database Taken Offline to Thwart Ransomware ❌
📖 Read
via "Threatpost".
The malware was introduced to the police network via a contractor who was installing a digital display.📖 Read
via "Threatpost".
Threat Post
NYPD Fingerprint Database Taken Offline to Thwart Ransomware
The malware was introduced to the police network via a contractor who was installing a digital display.
🕴 T-Mobile Prepaid Hit by Significant Data Breach 🕴
📖 Read
via "Dark Reading: ".
The breach, estimated to have affected more than a million customers, came from malicious external actors.📖 Read
via "Dark Reading: ".
Darkreading
T-Mobile Prepaid Hit by Significant Data Breach
The breach, estimated to have affected more than a million customers, came from malicious external actors.
🕴 Most Organizations Have Incomplete Vulnerability Information 🕴
📖 Read
via "Dark Reading: ".
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.📖 Read
via "Dark Reading: ".
Dark Reading
Most Organizations Have Incomplete Vulnerability Information
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
🕴 Tushu, Take Twoshu: Malicious SDK Reappears in Google Play 🕴
📖 Read
via "Dark Reading: ".
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.📖 Read
via "Dark Reading: ".
Dark Reading
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
❌ TrickBot Evolves to Go After SSH Keys ❌
📖 Read
via "Threatpost".
The info-stealing malware has updated its password-grabbing module.📖 Read
via "Threatpost".
Threat Post
TrickBot Evolves to Go After SSH Keys
The info-stealing malware has updated its password-grabbing module.
ATENTION‼ New - CVE-2011-3351
📖 Read
via "National Vulnerability Database".
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.📖 Read
via "National Vulnerability Database".
🔐 How to use per-host SSH configuration 🔐
📖 Read
via "Security on TechRepublic".
Learn how to make your SSH use more efficient and convenient with per-host configurations.📖 Read
via "Security on TechRepublic".
TechRepublic
How to use per-host SSH configuration
Learn how to make your SSH use more efficient and convenient with per-host configurations.
ATENTION‼ New - CVE-2011-3596
📖 Read
via "National Vulnerability Database".
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3584
📖 Read
via "National Vulnerability Database".
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3583
📖 Read
via "National Vulnerability Database".
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3374
📖 Read
via "National Vulnerability Database".
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3373
📖 Read
via "National Vulnerability Database".
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3355
📖 Read
via "National Vulnerability Database".
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-4090
📖 Read
via "National Vulnerability Database".
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.📖 Read
via "National Vulnerability Database".