π΄ How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain π΄
π Read
via "Dark Reading: ".
Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.π Read
via "Dark Reading: ".
Dark Reading
How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain
Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.
π΄ Landry's Restaurant Chain Discloses Payment Security Incident π΄
π Read
via "Dark Reading: ".
Some payment cards were mistakenly swiped on order-entry systems that lacked the security of its point-of-sale terminals.π Read
via "Dark Reading: ".
Dark Reading
Landry's Restaurant Chain Discloses Payment Security Incident - Dark Reading
Some payment cards were mistakenly swiped on order-entry systems that lacked the security of its point-of-sale terminals.
ATENTIONβΌ New - CVE-2013-4532
π Read
via "National Vulnerability Database".
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4318 (feature)
π Read
via "National Vulnerability Database".
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3936
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3935
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.π Read
via "National Vulnerability Database".
β California Adopts Strictest Privacy Law in U.S. β
π Read
via "Threatpost".
On Wednesday California adopted the strictest privacy law in the United States.π Read
via "Threatpost".
Threat Post
California Adopts Strictest Privacy Law in U.S.
On Wednesday California signed into law the strictest privacy law in the United States.
π 3 security tips to protect yourself from skimming attacks π
π Read
via "Security on TechRepublic".
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.π Read
via "Security on TechRepublic".
TechRepublic
3 security tips to protect yourself from skimming attacks | TechRepublic
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
ATENTIONβΌ New - CVE-2014-0161
π Read
via "National Vulnerability Database".
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-0104
π Read
via "National Vulnerability Database".
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-0048
π Read
via "National Vulnerability Database".
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4752
π Read
via "National Vulnerability Database".
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3621
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3620
π Read
via "National Vulnerability Database".
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3619
π Read
via "National Vulnerability Database".
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.π Read
via "National Vulnerability Database".
π How to install and use git-secret π
π Read
via "Security on TechRepublic".
Learn how to gain more security in your git repository with the help of the git-secret tool.π Read
via "Security on TechRepublic".
TechRepublic
How to install and use git-secret
Learn how to gain more security in your git repository with the help of the git-secret tool.
π 3 security tips to protect yourself from skimming attacks π
π Read
via "Security on TechRepublic".
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.π Read
via "Security on TechRepublic".
TechRepublic
3 security tips to protect yourself from skimming attacks
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
π Alert overload is burning out security analysts π
π Read
via "Security on TechRepublic".
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.π Read
via "Security on TechRepublic".
TechRepublic
Alert overload is burning out security analysts
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.
π FBI Issues Alert on LockerGoga and MegaCortex Ransomware π
π Read
via "Subscriber Blog RSS Feed ".
The FBI sounded the alarm around two strains of ransomware, LockerGoga and MegaCortex, shortly before the holiday break.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI Issues Alert on LockerGoga and MegaCortex Ransomware
The FBI sounded the alarm around two strains of ransomware, LockerGoga and MegaCortex, shortly before the holiday break.
β Data Breach Affects 63 Landryβs Restaurants β
π Read
via "Threatpost".
Landry's announced that more than 60 of its restaurants may be affected by payment processing system malware.π Read
via "Threatpost".
Threat Post
Data Breach Affects 63 Landryβs Restaurants
Landry's announced that more than 60 of its restaurants may be affected by payment processing system malware.
ATENTIONβΌ New - CVE-2013-3946
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.π Read
via "National Vulnerability Database".