β Mobile Carrier Customer Service Ushers in SIM-Swap Fraud β
π Read
via "Threatpost".
Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.π Read
via "Threatpost".
Threat Post
Mobile Carrier Customer Service Ushers in SIM-Swap Fraud
Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.
ATENTIONβΌ New - CVE-2007-6070
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
β Feds Cut Off Access to Billions of Breached Records with Site Takedown β
π Read
via "Threatpost".
The WeLeakInfo "data breach notification" domain is no more.π Read
via "Threatpost".
Threat Post
Feds Cut Off Access to Billions of Breached Records with Site Takedown
The WeLeakInfo "data breach notification" domain is no more.
β New JhoneRAT Malware Targets Middle East β
π Read
via "Threatpost".
Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter.π Read
via "Threatpost".
Threat Post
New JhoneRAT Malware Targets Middle East
Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter.
π This new startup aims to make developers love security π
π Read
via "Security on TechRepublic".
Commentary: As more workloads move to the cloud, developers need help with security. Find out how the startup Cyral is helping to improve data security in the cloud.π Read
via "Security on TechRepublic".
TechRepublic
This new startup aims to make developers love security
Commentary: As more workloads move to the cloud, developers need help with security. Find out how the startup Cyral is helping to improve data security in the cloud.
β Monday review β the hot 27 stories of the week β
π Read
via "Naked Security".
From nasty snakes to rickrolling the NSA, get up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 27 stories of the week
From nasty snakes to rickrolling the NSA, get up to date with everything weβve written in the last seven days β itβs weekly roundup time.
β Facebook and Instagram ban alleged βbrainwashingβ service β
π Read
via "Naked Security".
The Spinner personalises βsubconscious influencingβ for a specific target.π Read
via "Naked Security".
Naked Security
Facebook and Instagram ban alleged βbrainwashingβ service
The Spinner personalises βsubconscious influencingβ for a specific target.
β Teen entered βdark rabbit hole of suicidal contentβ online β
π Read
via "Naked Security".
Molly Russell's grieving father has backed a psychiatrists' report, saying that tech companies must be forced to hand over anonymized data.π Read
via "Naked Security".
Naked Security
Teen entered βdark rabbit hole of suicidal contentβ online
Molly Russellβs grieving father has backed a psychiatristsβ report, saying that tech companies must be forced to hand over anonymized data.
β FBI to inform election officials about hacking attempts β
π Read
via "Naked Security".
The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.π Read
via "Naked Security".
Naked Security
FBI to inform election officials about hacking attempts
The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.
β FBI seizes credentials-for-sale site WeLeakInfo.com β
π Read
via "Naked Security".
The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.π Read
via "Naked Security".
Naked Security
FBI seizes credentials-for-sale site WeLeakInfo.com
The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.
π΄ Are We Secure Yet? How to Build a "Post-Breach" Culture π΄
π Read
via "Dark Reading: ".
There are many ways to improve your organization's cybersecurity practices, but the most important principle is to start from the top.π Read
via "Dark Reading: ".
Dark Reading
Are We Secure Yet? How to Build a Post-Breach Culture
There are many ways to improve your organization's cybersecurity practices, but the most important principle is to start from the top.
π Maavi Fuzzing Utility π
π Go!
via "Security Tool Files β Packet Storm".
Maavi is a fuzzing tool that scans for vulnerabilities with obfuscated payloads. Has proxy support, records full history of actions, and has various bells and whistles.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Maavi Fuzzing Utility β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π New Bill Would Aid CCPA Compliance for HIPAA Business Associates π
π Read
via "Subscriber Blog RSS Feed ".
A new bill in California would amend the CCPA and further health data exemptions - namely data that's been de-identified in the eyes of HIPAA.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
New Bill Would Aid CCPA Compliance for HIPAA Business Associates
A new bill in California would amend the CCPA and further health data exemptions - namely data that's been de-identified in the eyes of HIPAA.
π΄ Are We Secure Yet? How to Build a 'Post-Breach' Culture π΄
π Read
via "Dark Reading: ".
There are many ways to improve your organization's cybersecurity practices, but the most important principle is to start from the top.π Read
via "Dark Reading: ".
Darkreading
Are We Secure Yet? How to Build a 'Post-Breach' Culture
There are many ways to improve your organization's cybersecurity practices, but the most important principle is to start from the top.
π How to access your 2FA Docker Hub account from the command line π
π Read
via "Security on TechRepublic".
With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.π Read
via "Security on TechRepublic".
TechRepublic
How to access your 2FA Docker Hub account from the command line
With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.
β What do online file sharers want with 70,000 Tinder images? β
π Read
via "Naked Security".
A researcher has discovered thousands of Tinder users' images publicly available for free online.π Read
via "Naked Security".
Naked Security
What do online file sharers want with 70,000 Tinder images?
A researcher has discovered thousands of Tinder usersβ images publicly available for free online.
ATENTIONβΌ New - CVE-2019-10581
π Read
via "National Vulnerability Database".
NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10579
π Read
via "National Vulnerability Database".
Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10578
π Read
via "National Vulnerability Database".
Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10561
π Read
via "National Vulnerability Database".
Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660π Read
via "National Vulnerability Database".