β US warns of Iranian cyber threat β
π Read
via "Naked Security".
The DHS has issued three warnings in the last few days encouraging people to be on alert for physical and cyber attacks from Iran.π Read
via "Naked Security".
Naked Security
US warns of Iranian cyber threat
The DHS has issued three warnings in the last few days encouraging people to be on alert for physical and cyber attacks from Iran.
β YouTube to treat all kid-aimed videos like theyβre COPPA-liable β
π Read
via "Naked Security".
The FTC can fine content creators up to $42,530 per violation - even though they don't collect, receive, nor have access to kids' data.π Read
via "Naked Security".
Naked Security
YouTube to treat all kid-aimed videos like theyβre COPPA-liable
The FTC can fine content creators up to $42,530 per violation β even though they donβt collect, receive, nor have access to kidsβ data.
β REvil ransomware exploiting VPN flaws made public last April β
π Read
via "Naked Security".
Researchers report flaws, vendors issue patches, organisations apply them - and everyone lives happily ever after. Right? Wrong!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Get Ready for the Microsoft Windows 7 EOL on January 14th β
π Read
via "Threatpost".
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hot fixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.π Read
via "Threatpost".
Threat Post
Get Ready for the Microsoft Windows 7 EOL on January 14th
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
β TikTok Riddled With Security Flaws β
π Read
via "Threatpost".
The video sharing app has fixed several flaws allowing partial account takeover and information exposure.π Read
via "Threatpost".
Threat Post
TikTok Riddled With Security Flaws
The video sharing app has fixed several flaws allowing partial account takeover and information exposure.
π Apple exec explains privacy protections, while Facebook leader looks for loopholes π
π Read
via "Security on TechRepublic".
At CES 2020, Facebook privacy officer says new California law doesn't apply because the company doesn't sell data, only ads.π Read
via "Security on TechRepublic".
TechRepublic
Apple exec explains privacy protections, while Facebook leader looks for loopholes
At CES 2020, Facebook privacy officer says new California law doesn't apply because the company doesn't sell data, only ads.
π΄ The "Art of Cloud War" for Business-Critical Data π΄
π Read
via "Dark Reading: ".
How business executives' best intentions may be negatively affecting security and risk mitigation strategies - and exposing weaknesses in organizational defenses.π Read
via "Dark Reading: ".
Dark Reading
The Art of Cloud War for Business-Critical Data
How business executives' best intentions may be negatively affecting security and risk mitigation strategies - and exposing weaknesses in organizational defenses.
ATENTIONβΌ New - CVE-2013-3936 (opsview, opsview_core)
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.π Read
via "National Vulnerability Database".
β Mozilla Releases Firefox 72: High-Severity Bugs Patched, Fingerpinting Nixed β
π Read
via "Threatpost".
Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature .π Read
via "Threatpost".
Threat Post
Mozilla Updates Firefox Browser: Zero-Day Bug Patched, Fingerprinting Nixed
Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature .
β Liverpool Voyeur Used IM-RAT to Video Women at Home β
π Read
via "Threatpost".
The case highlights the rising issue of stalkerware, which has reached epidemic proportions.π Read
via "Threatpost".
Threat Post
Liverpool Voyeur Used IM-RAT to Video Women at Home
The case highlights the rising issue of stalkerware, which has reached epidemic proportions.
π΄ In App Development, Does No-Code Mean No Security? π΄
π Read
via "Dark Reading: ".
No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.π Read
via "Dark Reading: ".
Dark Reading
In App Development, Does No-Code Mean No Security?
No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.
π΄ TikTok Bugs Put Users' Videos, Personal Data At Risk π΄
π Read
via "Dark Reading: ".
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.π Read
via "Dark Reading: ".
Dark Reading
TikTok Bugs Put Users' Videos, Personal Data At Risk
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
π Alleged IP Theft Cost Industrial Cleaning Company $15M π
π Read
via "Subscriber Blog RSS Feed ".
The company alleges a former employee violated company policy and betrayed its trust as he "intentionally decimated" its North American business.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Alleged IP Theft Cost Industrial Cleaning Company $15M
The company alleges a former employee violated company policy and betrayed its trust as he "intentionally decimated" its North American business.
β Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy β
π Read
via "Threatpost".
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.π Read
via "Threatpost".
Threat Post
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.
β Man Sentenced in ATM Skimming Conspiracy β
π Read
via "Threatpost".
A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.π Read
via "Threatpost".
Threat Post
Man Sentenced in ATM Skimming Conspiracy
A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.
π΄ Google's Project Zero Policy Change Mandates 90-Day Disclosure π΄
π Read
via "Dark Reading: ".
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.π Read
via "Dark Reading: ".
Dark Reading
Google's Project Zero Policy Change Mandates 90-Day Disclosure
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
ATENTIONβΌ New - CVE-2013-3941 (xnview)
π Read
via "National Vulnerability Database".
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.π Read
via "National Vulnerability Database".
π CES 2020: How McAfee's Just in Time debugger stops cybercriminals π
π Read
via "Security on TechRepublic".
How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.π Read
via "Security on TechRepublic".
TechRepublic
CES 2020: How McAfee's Just in Time debugger stops cybercriminals
How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.
ATENTIONβΌ New - CVE-2013-3945 (mrsid)
π Read
via "National Vulnerability Database".
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.π Read
via "National Vulnerability Database".