π΄ Cisco Drops a Dozen Vulnerability Patches π΄
π Read
via "Dark Reading: ".
Among them are three for critical authentication bypass flaws.π Read
via "Dark Reading: ".
Dark Reading
Cisco Drops a Dozen Vulnerability Patches
Among them are three for critical authentication bypass flaws.
π΄ Ransomware Victim Southwire Sues Maze Operators π΄
π Read
via "Dark Reading: ".
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.π Read
via "Dark Reading: ".
Darkreading
Ransomware Victim Southwire Sues Maze Operators
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
ATENTIONβΌ New - CVE-2012-5878
π Read
via "National Vulnerability Database".
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-5693
π Read
via "National Vulnerability Database".
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.π Read
via "National Vulnerability Database".
π 5 predictions for protecting data in the payments and security ecosystem π
π Read
via "Security on TechRepublic".
As demand for personalization and seamless consumer experiences grow, security must keep up, said VISA's chief risk officer.π Read
via "Security on TechRepublic".
TechRepublic
5 predictions for protecting data in the payments and security ecosystem
As demand for personalization and seamless consumer experiences grow, security must keep up, said VISA's chief risk officer.
β Monday review β the hot stories of the holidays β
π Read
via "Naked Security".
From 'Greta Thunberg' malware to Python 3, get yourself up to date with everything we've written since Christmas.π Read
via "Naked Security".
Naked Security
Monday review β the hot stories of the holidays
From βGreta Thunbergβ malware to Python 3, get yourself up to date with everything we've written since Christmas.
π΄ What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets? π΄
π Read
via "Dark Reading: ".
Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.π Read
via "Dark Reading: ".
Dark Reading
What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets?
Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.
π΄ Client-Side JavaScript Risks & the CCPA π΄
π Read
via "Dark Reading: ".
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.π Read
via "Dark Reading: ".
Darkreading
Client-Side JavaScript Risks & the CCPA
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
β Hackers Deface U.S. Gov Website With Pro-Iran Messages β
π Read
via "Threatpost".
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.π Read
via "Threatpost".
Threat Post
Hackers Deface U.S. Gov Website With Pro-Iran Messages
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.
β Donβt fall for the βStart your 2020 with a gift from usβ scamβ¦ β
π Read
via "Naked Security".
There is no free Macbook. There IS no free Macbook. There is NO free Macbook.π Read
via "Naked Security".
Naked Security
Donβt fall for the βStart your 2020 with a gift from usβ scamβ¦
There is no free MacBook. There IS no free MacBook. There is NO free MacBook.
π΄ Mimecast Acquires Segasec to Boost Phishing Defense π΄
π Read
via "Dark Reading: ".
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.π Read
via "Dark Reading: ".
Dark Reading
Mimecast Acquires Segasec to Boost Phishing Defense
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
β DeathRansom Campaign Linked to Malware Cornucopia β
π Read
via "Threatpost".
One threat actor appears to be behind several ongoing, related campaigns.π Read
via "Threatpost".
Threat Post
DeathRansom Campaign Linked to Malware Cornucopia
One threat actor appears to be behind several ongoing, related campaigns.
π΄ US Government Publishing Office Website Defaced π΄
π Read
via "Dark Reading: ".
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.π Read
via "Dark Reading: ".
Darkreading
US Government Publishing Office Website Defaced
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
π Mozilla Allows Users to Delete Firefox Telemetry Data π
π Read
via "Subscriber Blog RSS Feed ".
Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Mozilla Allows Users to Delete Firefox Telemetry Data
Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.
β Magecart Hits Parents and Students via Blue Bear Attack β
π Read
via "Threatpost".
The latest attack takes aim at a vertical-specific e-commerce platform.π Read
via "Threatpost".
Threat Post
Magecart Hits Parents and Students via Blue Bear Attack
The latest attack takes aim at a vertical-specific e-commerce platform.
β ToTok Returned to Google Play Despite βSpy Toolβ Claims β
π Read
via "Threatpost".
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.π Read
via "Threatpost".
Threat Post
ToTok Returned to Google Play Despite βSpy Toolβ Claims
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.
π Comcast announces new Wi-Fi 6-certified gateway, security features for internet customers at CES 2020 π
π Read
via "Security on TechRepublic".
Comcast is making its internet service faster and more secure with new hardware and free security features that alerts customers to threats.π Read
via "Security on TechRepublic".
TechRepublic
Comcast announces new Wi-Fi 6-certified gateway, security features for internet customers at CES 2020
Comcast is making its internet service faster and more secure with new hardware and free security features that alerts customers to threats.
π΄ Malicious Google Play Apps Linked to SideWinder APT π΄
π Read
via "Dark Reading: ".
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.π Read
via "Dark Reading: ".
Darkreading
Malicious Google Play Apps Linked to SideWinder APT
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
π΄ Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks π΄
π Read
via "Dark Reading: ".
New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.π Read
via "Dark Reading: ".
Darkreading
Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks
New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.
β US military branches ban TikTok following Pentagonβs warning β
π Read
via "Naked Security".
The latest attempt to prove it's not under China's thumb: TikTok's first transparency report.π Read
via "Naked Security".
Naked Security
US military branches ban TikTok following Pentagonβs warning
The latest attempt to prove itβs not under Chinaβs thumb: TikTokβs first transparency report.
β IT exec sets up fake biz to scam his employer out of $6m β
π Read
via "Naked Security".
He cooked up an IT vendor, its invoices, its vapor-gear, and the phantom employees who never showed up to do all those services.π Read
via "Naked Security".
Naked Security
IT exec sets up fake biz to scam his employer out of $6m
He cooked up an IT vendor, its invoices, its vapor-gear, and the phantom employees who never showed up to do all those services.