β Top 10 Breaches and Leaky Server Screw Ups of 2019 β
π Read
via "Threatpost".
2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.π Read
via "Threatpost".
Threat Post
Top 10 Breaches and Leaky Server Screw Ups of 2019
2019 was a banner year for data exposures, with billions of people affected.
β Combining AI and Playbooks to Predict Cyberattacks β
π Read
via "Threatpost".
Mature machine learning can analyze attack strategies and look for underlying patterns that the AI system can use to predict an attacker's next move.π Read
via "Threatpost".
Threat Post
Combining AI and Playbooks to Predict Cyberattacks
Mature machine learning can analyze attack strategies and look for underlying patterns that the AI system can use to predict an attacker's next move.
β Apple iCloud βdata dumpβ extortionist avoids prison β
π Read
via "Naked Security".
He claimed to have logins for millions of iCloud accounts, and told Apple he'd shut them all down unless he received a payoff.π Read
via "Naked Security".
Naked Security
Apple iCloud βdata dumpβ extortionist avoids prison
He claimed to have logins for millions of iCloud accounts, and told Apple heβd shut them all down unless he received a payoff.
π΄ 'Honoring' CCPA's Binding Principles Nationally Won't Be Easy π΄
π Read
via "Dark Reading: ".
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.π Read
via "Dark Reading: ".
Darkreading
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
β Critical Citrix Bug Puts 80,000 Corporate LANs at Risk β
π Read
via "Threatpost".
The flaw resides in the Citrix Application Delivery Controller and Gateway.π Read
via "Threatpost".
Threat Post
Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
The flaw resides in the Citrix Application Delivery Controller and Gateway.
ATENTIONβΌ New - CVE-2018-20492
π Read
via "National Vulnerability Database".
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2736
π Read
via "National Vulnerability Database".
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-1474
π Read
via "National Vulnerability Database".
A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-5290
π Read
via "National Vulnerability Database".
ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote attackers to cause a denial of service (system out-of-memory event).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4318
π Read
via "National Vulnerability Database".
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2011
π Read
via "National Vulnerability Database".
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4420
π Read
via "National Vulnerability Database".
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-3462
π Read
via "National Vulnerability Database".
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3088
π Read
via "National Vulnerability Database".
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3085
π Read
via "National Vulnerability Database".
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.π Read
via "National Vulnerability Database".
π΄ How Should My Security Department Begin Future-Proofing for Quantum Computing? π΄
π Read
via "Dark Reading: ".
Knowing where your digital certificates are is just the start.π Read
via "Dark Reading: ".
Dark Reading
How Can My Security Team Begin Future-Proofing for Quantum Computing?
Knowing where your digital certificates are is just the start.
π΄ Two-Thirds of Security Pros Ready to or Already Volunteer Their Services π΄
π Read
via "Dark Reading: ".
Majority of survey respondents seek to share their security expertise with causes they care about.π Read
via "Dark Reading: ".
Dark Reading
Poll Results: Security Pros Are Not Only Smart -- They're Generous, Too
Altruism is alive and well among Edge readers, who seek to share their security expertise with causes they care about.
π΄ Gauging the Cybersecurity Climate π΄
π Read
via "Dark Reading: ".
Is climate change impacting your cybersecurity, cyber-risk, or cyber-incident response plans?π Read
via "Dark Reading: ".
Dark Reading
Gauging the Cybersecurity Climate
Is climate change impacting your cybersecurity, cyber-risk, or cyber-incident response plans?
π How to protect specific folders and files in Windows π
π Read
via "Security on TechRepublic".
Learn how to hide or encrypt specific files in Windows in order to better protect them.π Read
via "Security on TechRepublic".
TechRepublic
How to protect specific folders and files in Windows
Learn how to hide or encrypt specific files in Windows in order to better protect them.
π Security teams have a challenging and ever-changing role. Here's how a SOC can keep up π
π Read
via "Security on TechRepublic".
Security teams should coordinate and operate by standard practices to ensure their efforts yield the maximum results. Learn some tips from an industry insider on how to make it happen.π Read
via "Security on TechRepublic".
TechRepublic
Security teams have a challenging and ever-changing role. Here's how a SOC can keep up
Security teams should coordinate and operate by standard practices to ensure their efforts yield the maximum results. Learn some tips from an industry insider on how to make it happen.
β Podcast: The Roadblocks and Opportunities For Women in Cybersecurity β
π Read
via "Threatpost".
Threatpost examines the challenges - and opportunities - that women are facing in the cybersecurity landscape.π Read
via "Threatpost".
Threat Post
Podcast: The Roadblocks and Opportunities For Women in Cybersecurity
Lindsey OβDonnell: This is Lindsey OβDonnell with the Threatpost Podcast and Iβm here today with Jessica LaBouve, Jessicaβs a penetration tester at A-LIGN. Hi Jessica. Howβs your week going? Jessica LaBouve: Hey, Lindsey. Itβs going great. Really excitedβ¦