ATENTIONβΌ New - CVE-2012-0945
π Read
via "National Vulnerability Database".
whoopsie-daisy before 0.1.26: Root user can remove arbitrary filesπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0334
π Read
via "National Vulnerability Database".
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacksπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0070
π Read
via "National Vulnerability Database".
spamdyke prior to 4.2.1: STARTTLS reveals plaintextπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-4907
π Read
via "National Vulnerability Database".
Joomla! 1.5x through 1.5.12: Missing JEXEC Checkπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-4336
π Read
via "National Vulnerability Database".
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.π Read
via "National Vulnerability Database".
β Trump Slams Apple for Refusing to Unlock Suspected Shooterβs iPhones β
π Read
via "Threatpost".
Legal battle pitting Feds against the tech giant over data privacy and device security in criminal cases seems inevitable.π Read
via "Threatpost".
Threat Post
Trump Slams Apple for Refusing to Unlock Suspected Shooterβs iPhones
Legal battle pitting Feds against the tech giant over data privacy and device security in criminal cases seems inevitable.
π How to disconnect devices and revoke app privileges from your Firefox cloud account π
π Read
via "Security on TechRepublic".
You'll be surprised at how many devices, apps, and services are associated with your Firefox cloud account. Find out how to remove them.π Read
via "Security on TechRepublic".
TechRepublic
How to disconnect devices and revoke app privileges from your Firefox cloud account
You'll be surprised at how many devices, apps, and services are associated with your Firefox cloud account. Find out how to remove them.
π Why Google plans to cut off support for third-party cookies in Chrome π
π Read
via "Security on TechRepublic".
Google is aiming to phase out third-party cookies in Chrome in two years, but that will have to prove palatable to users, publishers, and advertisers.π Read
via "Security on TechRepublic".
TechRepublic
Why Google plans to cut off support for third-party cookies in Chrome
Google is aiming to phase out third-party cookies in Chrome in two years, but that will have to prove palatable to users, publishers, and advertisers.
π΄ ISACs Join Forces to Secure the Travel Industry π΄
π Read
via "Dark Reading: ".
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.π Read
via "Dark Reading: ".
Dark Reading
ISACs Join Forces to Secure the Travel Industry
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
π΄ How to Comprehend the Buzz About Honeypots π΄
π Read
via "Dark Reading: ".
Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.π Read
via "Dark Reading: ".
Dark Reading
How to Comprehend the Buzz About Honeypots
Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe a
π΄ New Report Spotlights Changes in Phishing Techniques π΄
π Read
via "Dark Reading: ".
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.π Read
via "Dark Reading: ".
Dark Reading
New Report Spotlights Changes in Phishing Techniques
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
β Equifax Settles Class-Action Breach Lawsuit for $380.5M β
π Read
via "Threatpost".
Class members have until Jan. 22, next week, to claim benefits.π Read
via "Threatpost".
Threat Post
Equifax Settles Class-Action Breach Lawsuit for $380.5M
Class members have until Jan. 22, 2020 to claim benefits.
π΄ Why Firewalls Aren't Going Anywhere π΄
π Read
via "Dark Reading: ".
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.π Read
via "Dark Reading: ".
Dark Reading
Why Firewalls Aren't Going Anywhere
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
β U.N. Weathers Storm of Emotet-TrickBot Malware β
π Read
via "Threatpost".
A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure.π Read
via "Threatpost".
Threat Post
U.N. Weathers Storm of Emotet-TrickBot Malware
A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure.
ATENTIONβΌ New - CVE-2011-5250 (snare)
π Read
via "National Vulnerability Database".
Snare for Linux before 1.7.0 has CSRF in the web interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-1120
π Read
via "National Vulnerability Database".
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-4774
π Read
via "National Vulnerability Database".
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2007-4773
π Read
via "National Vulnerability Database".
Systrace before 1.6.0 has insufficient escape policy enforcement.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2005-4891
π Read
via "National Vulnerability Database".
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.π Read
via "National Vulnerability Database".
π Ex-Pharma Employees Arrested Following Data Theft in India π
π Read
via "Subscriber Blog RSS Feed ".
The employees allegedly stole confidential information belonging to the company, including batch production control records for drug manufacturing, according to reports.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Ex-Pharma Employees Arrested Following Data Theft in India
The employees allegedly stole confidential information belonging to the company, including batch production control records for drug manufacturing, according to reports.
π How to better protect your organization's most valuable data π
π Read
via "Security on TechRepublic".
Many organizations underestimate the value of their data to skilled and organized cybercriminals, said security provider eSentire.π Read
via "Security on TechRepublic".
TechRepublic
How to better protect your organization's most valuable data
Many organizations underestimate the value of their data to skilled and organized cybercriminals, said security provider eSentire.