π Election hacking: The myths vs. realities π
π Read
via "Security on TechRepublic".
Cris Thomas, space rogue, global strategy lead at IBM X-Force Red, discusses the myths and realities of hacking election machines with CNET's Dan Patterson.π Read
via "Security on TechRepublic".
TechRepublic
Election hacking: The myths vs. realities | TechRepublic
Cris Thomas, space rogue, global strategy lead at IBM X-Force Red, discusses the myths and realities of hacking election machines with CNET's Dan Patterson.
β Self driving cars learn (from us) about who to sacrifice in a cash β
π Read
via "Naked Security".
It's bad news for overweight, elderly, male jaywalkers.π Read
via "Naked Security".
Naked Security
Self driving cars learn (from us) about who to sacrifice in a cash
Itβs bad news for overweight, elderly, male jaywalkers.
ATENTIONβΌ New - CVE-2018-0735
π Read
via "National Vulnerability Database".
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10734
π Read
via "National Vulnerability Database".
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10733
π Read
via "National Vulnerability Database".
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10732
π Read
via "National Vulnerability Database".
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10731
π Read
via "National Vulnerability Database".
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.π Read
via "National Vulnerability Database".
π΄ AppSec is Dead, but Software Security Is Alive & Well π΄
π Read
via "Dark Reading: ".
Application security must be re-envisioned to support software security. It's time to shake up your processes.π Read
via "Dark Reading: ".
Darkreading
AppSec Is Dead, but Software Security Is Alive & Well
Application security must be re-envisioned to support software security. It's time to shake up your processes.
π How cybersecurity is developing to combat Russian hackers π
π Read
via "Security on TechRepublic".
Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.π Read
via "Security on TechRepublic".
TechRepublic
How cybersecurity is developing to combat Russian hackers
Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.
π΄ Windows Defender: First Full Antivirus Tool to Run in a Sandbox π΄
π Read
via "Dark Reading: ".
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.π Read
via "Dark Reading: ".
Dark Reading
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
β X.Org Flaw Allows Privilege Escalation in Linux Systems β
π Read
via "The first stop for security news | Threatpost ".
The issue impacts many large distros with GUI interfaces.π Read
via "The first stop for security news | Threatpost ".
Threat Post
X.Org Flaw Allows Privilege Escalation in Linux Systems
The issue impacts many large distros with GUI interfaces.
β Nation-State Phishing: A Country-Sized Catch β
π Read
via "The first stop for security news | Threatpost ".
Sophisticated nation-state groups now integrate phishing as a core component of their statecraft.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Nation-State Phishing: A Country-Sized Catch
Sophisticated nation-state groups now integrate phishing as a core component of their statecraft.
π΄ 7 Ways an Old Tool Still Teaches New Lessons About Web AppSec π΄
π Read
via "Dark Reading: ".
Are your Web application secure? WebGoat, a tool old enough to be in high school, continues to instruct.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Girl Scouts Issues Data Breach Warning to 2,800 Members β
π Read
via "The first stop for security news | Threatpost ".
Someone gained access to an email account for the Orange County chapter, which was rife with personal data.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Girl Scouts Issues Data Breach Warning to 2,800 Members
Someone gained access to an email account for the Orange County chapter, which was rife with personal data.
π΄ Protect DNS, Protect business π΄
π Read
via "Dark Reading: ".
DNS plays a critical role in every network. However, it is often overlooked by many security solutions and not integrated into cyber hygiene programs, leaving an easily-accessed back door open for criminals into many networks.π Read
via "Dark Reading: ".
Dark Reading
Protect DNS, Protect business
DNS plays a critical role in every network. However, it is often overlooked by many security solutions and not integrated into cyber hygiene programs, leaving an easily-accessed back door open for criminals into many networks.
ATENTIONβΌ New - CVE-2017-18281
π Read
via "National Vulnerability Database".
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernelπ Read
via "National Vulnerability Database".
β IoT Flaw Allows Hijacking of Connected Construction Cranes β
π Read
via "The first stop for security news | Threatpost ".
An attacker can send spoofed commands to the crane's controller.π Read
via "The first stop for security news | Threatpost ".
Threat Post
IoT Flaw Allows Hijacking of Connected Construction Cranes
An attacker can send spoofed commands to the craneβs controller.
π΄ New Report: IoT Now Top Internet Attack Target π΄
π Read
via "Dark Reading: ".
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.π Read
via "Dark Reading: ".
Darkreading
New Report: IoT Now Top Internet Attack Target
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
π΄ Security Implications of IBM-Red Hat Merger Unclear π΄
π Read
via "Dark Reading: ".
But enterprises and open source community likely have little to be concerned about, industry experts say.π Read
via "Dark Reading: ".
Dark Reading
Security Implications of IBM-Red Hat Merger Unclear
But enterprises and open source community likely have little to be concerned about, industry experts say.
β China hijacking internet traffic using BGP, claim researchers β
π Read
via "Naked Security".
Researchers claim that unusual BGP routing changes are actually man-in-the-middle surveillance.π Read
via "Naked Security".
Naked Security
China hijacking internet traffic using BGP, claim researchers
Researchers claim that unusual BGP routing changes are actually man-in-the-middle surveillance.
π How cybersecurity is developing to combat Russian hackers π
π Read
via "Security on TechRepublic".
Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.π Read
via "Security on TechRepublic".
TechRepublic
How cybersecurity is developing to combat Russian hackers
Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.