β Critical WordPress Bug Leaves 320,000 Sites Open to Attack β
π Read
via "Threatpost".
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.π Read
via "Threatpost".
Threat Post
Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.
π΄ 2017 Data Breach Will Cost Equifax at Least $1.38 Billion π΄
π Read
via "Dark Reading: ".
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.π Read
via "Dark Reading: ".
Dark Reading
2017 Data Breach Will Cost Equifax at Least $1.38 Billion
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today toβ¦
ATENTIONβΌ New - CVE-2009-5068
π Read
via "National Vulnerability Database".
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5025
π Read
via "National Vulnerability Database".
A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-3724
π Read
via "National Vulnerability Database".
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.π Read
via "National Vulnerability Database".
β College students call for ban on facial recognition on campus β
π Read
via "Naked Security".
Fight for the Future is building on its success in pressuring concert promoters to back off of plans to use the technology at festivals.π Read
via "Naked Security".
Naked Security
College students call for ban on facial recognition on campus
Fight for the Future is building on its success in pressuring concert promoters to back off of plans to use the technology at festivals.
β Google to kill third-party Chrome cookies in two years β
π Read
via "Naked Security".
Google doesn't want to block third-party cookies in Chrome right now. It has promised to make them obsolete later, though. Wait - what?π Read
via "Naked Security".
Naked Security
Google to kill third-party Chrome cookies in two years
Google doesnβt want to block third-party cookies in Chrome right now. It has promised to make them obsolete later, though. Wait β what?
β Apps are sharing more of your data with ad industry than you may think β
π Read
via "Naked Security".
Apps like Grindr, Tinder and Happn are (over-)sharing data about sexuality, religion, and location with a shadowy network of data brokers. And it's not just dating apps that are doing it...π Read
via "Naked Security".
Naked Security
Apps are sharing more of your data with ad industry than you may think
Apps like Grindr, Tinder and Happn are (over-)sharing data about sexuality, religion, and location with a shadowy network of data brokers. And itβs not just dating apps that are doing it̷β¦
β Update now! Popular WordPress plugins have password bypass flaws β
π Read
via "Naked Security".
Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.π Read
via "Naked Security".
Naked Security
Update now! Popular WordPress plugins have password bypass flaws
Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.
β βFleecewareβ Apps Downloaded 600M Times from Google Play β
π Read
via "Threatpost".
New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store.π Read
via "Threatpost".
Threat Post
βFleecewareβ Apps Downloaded 600M Times from Google Play
New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store.
π΄ Active Directory Needs an Update: Here's Why π΄
π Read
via "Dark Reading: ".
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.π Read
via "Dark Reading: ".
Dark Reading
Active Directory Needs an Update: Here's Why
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
β PoC Exploits Published For Microsoft Crypto Bug β
π Read
via "Threatpost".
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.π Read
via "Threatpost".
Threat Post
PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.
β S2 Ep23: Snake ransomware, VPN holes and phone spying β Naked Security Podcast β
π Read
via "Naked Security".
New episode - listen now!π Read
via "Naked Security".
Naked Security
S2 Ep23: Snake ransomware, VPN holes and phone spying β Naked Security Podcast
New episode β listen now!
π Wireshark Analyzer 3.2.1 π
π Go!
via "Security Tool Files β Packet Storm".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Wireshark Analyzer 3.2.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ NY Fed Reveals Implications of Cyberattack on US Financial System π΄
π Read
via "Dark Reading: ".
A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.π Read
via "Dark Reading: ".
Dark Reading
NY Fed Reveals Implications of Cyberattack on US Financial System
A pre-mortem analysis sheds light on the potential destruction of a cyberattack against major US banks.
β NSA and Github βrickrolledβ using Windows CryptoAPI bug β
π Read
via "Naked Security".
We said, "Assume that someone will find out how to do it pretty soon," and that's exactly what happened.π Read
via "Naked Security".
Naked Security
NSA and Github βrickrolledβ using Windows CryptoAPI bug
We said, βAssume that someone will find out how to do it pretty soon,β and thatβs exactly what happened.
π΄ CISO Resigns From Pete Buttigieg Presidential Campaign π΄
π Read
via "Dark Reading: ".
The only Democratic campaign known to have a CISO loses Mick Baccio due to a "fundamental philosophical difference with campaign management."π Read
via "Dark Reading: ".
Dark Reading
CISO Resigns From Pete Buttigieg Presidential Campaign
The only Democratic campaign known to have a CISO loses Mick Baccio due to a fundamental philosophical difference with campaign management.
π How to add a host to Observium π
π Read
via "Security on TechRepublic".
Now that you have the Observium network monitoring platform installed, it's time to add a host.π Read
via "Security on TechRepublic".
TechRepublic
How to add a host to Observium
Now that you have the Observium network monitoring platform installed, it's time to add a host.
β Satan Ransomware Reborn to Torment Businesses β
π Read
via "Threatpost".
A hellish mix of features shows the 5ss5c ransomware to be the son of Satan.π Read
via "Threatpost".
Threat Post
Satan Ransomware Reborn to Torment Businesses
A hellish mix of features shows the 5ss5c ransomware to be the son of Satan.
ATENTIONβΌ New - CVE-2010-3048
π Read
via "National Vulnerability Database".
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.π Read
via "National Vulnerability Database".
π΄ Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat π΄
π Read
via "Dark Reading: ".
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.π Read
via "Dark Reading: ".
Dark Reading
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.