β TrickBot Adds Custom, Stealthy Backdoor to its Arsenal β
π Read
via "Threatpost".
The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection.π Read
via "Threatpost".
Threat Post
TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection.
β FBI asks Apple to help it unlock iPhones of naval base shooter β
π Read
via "Naked Security".
This could signal a renewed war between Apple and law enforcement over breaking encryption.π Read
via "Naked Security".
Naked Security
FBI asks Apple to help it unlock iPhones of naval base shooter
This could signal a renewed war between Apple and law enforcement over breaking encryption.
β Google voice Assistant gets new privacy βundoβ commands β
π Read
via "Naked Security".
Googleβs controversial voice Assistant is getting a series of new commands designed to work like privacy-centric βundoβ buttons.π Read
via "Naked Security".
Naked Security
Google voice Assistant gets new privacy βundoβ commands
Googleβs controversial voice Assistant is getting a series of new commands designed to work like privacy-centric βundoβ buttons.
β Appleβs scanning iCloud photos for child abuse images β
π Read
via "Naked Security".
It isn't new, all the tech giants do it, and your privacy's intact - unless you're dealing in illegal imagery with telltale hashing.π Read
via "Naked Security".
Naked Security
Appleβs scanning iCloud photos for child abuse images
It isnβt new, all the tech giants do it, and your privacyβs intact β unless youβre dealing in illegal imagery with telltale hashing.
β S2 Ep22: Word doc stops fraud, bye bye Python 2, latest from the ransomware swamp β Naked Security Podcast β
π Read
via "Naked Security".
We discuss the latest cybersecurity news and advice in our latest podcast. Listen now!π Read
via "Naked Security".
Naked Security
S2 Ep22: Word doc stops fraud, bye bye Python 2, latest from the ransomware swamp β Naked Security Podcast
We discuss the latest cybersecurity news and advice in our latest podcast. Listen now!
β Browser zero day: Update your Firefox right now! β
π Read
via "Naked Security".
Firefox has issues an emergency 72.0.1 patch to fix a zero day vulnerability.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π CES 2020: How McAfee's Just in Time debugger stops cybercriminals π
π Read
via "Security on TechRepublic".
How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.π Read
via "Security on TechRepublic".
TechRepublic
CES 2020: How McAfee's Just in Time jamming technique stops cybercriminals
Learn how the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.
π΄ Rockwell Automation to Buy ICS Security Services Firm π΄
π Read
via "Dark Reading: ".
Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.π Read
via "Dark Reading: ".
Dark Reading
Rockwell Automation to Buy ICS Security Services Firm
Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.
π΄ 7 Free Tools for Better Visibility Into Your Network π΄
π Read
via "Dark Reading: ".
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.π Read
via "Dark Reading: ".
Dark Reading
7 Free Tools for Better Visibility Into Your Network
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
π΄ Operationalizing Threat Intelligence at Scale in the SOC π΄
π Read
via "Dark Reading: ".
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.π Read
via "Dark Reading: ".
Darkreading
Operationalizing Threat Intelligence at Scale in the SOC
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
β Californiaβs Tough New Privacy Law and Its Biggest Challenges β
π Read
via "Threatpost".
The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.π Read
via "Threatpost".
Threat Post
Californiaβs Tough New Privacy Law and Its Biggest Challenges
The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.
π How to access your 2FA Docker Hub account from the command line π
π Read
via "Security on TechRepublic".
With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.π Read
via "Security on TechRepublic".
TechRepublic
How to access your 2FA Docker Hub account from the command line
With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.
β 4 Ring Employees Fired For Spying on Customers β
π Read
via "Threatpost".
Ring said that four employees were fired because they for inappropriate access to customers' connected video feeds.π Read
via "Threatpost".
Threat Post
4 Ring Employees Fired For Spying on Customers
Ring said that four employees were fired because for inappropriate access to customers' connected video feeds.
π΄ AWS Issues 'Urgent' Warning for Database Users to Update Certs π΄
π Read
via "Dark Reading: ".
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.π Read
via "Dark Reading: ".
Dark Reading
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
π EDPS Issues Opinion on Data Protection and Scientific Research π
π Read
via "Subscriber Blog RSS Feed ".
The European Data Protection Supervisor has issued a preliminary opinion on how data protection obligations should factor into scientific research in the EU.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
EDPS Issues Opinion on Data Protection and Scientific Research
The European Data Protection Supervisor has issued a preliminary opinion on how data protection obligations should factor into scientific research in the EU.
β Exploit Fully Breaks SHA-1, Lowers the Attack Bar β
π Read
via "Threatpost".
Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.π Read
via "Threatpost".
Threat Post
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.
π΄ TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal π΄
π Read
via "Dark Reading: ".
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.π Read
via "Dark Reading: ".
Dark Reading
TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
ATENTIONβΌ New - CVE-2012-2724
π Read
via "National Vulnerability Database".
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2714
π Read
via "National Vulnerability Database".
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1261
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1260
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.π Read
via "National Vulnerability Database".