π΄ Why DPOs and CISOs Must Work Closely Together π΄
π Read
via "Dark Reading: ".
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.π Read
via "Dark Reading: ".
Darkreading
Why DPOs and CISOs Must Work Closely Together
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
π΄ Configuration Error Reveals 250 Million Microsoft Support Records π΄
π Read
via "Dark Reading: ".
Some the records, found on five identically configured servers, might have contained data in clear text.π Read
via "Dark Reading: ".
Dark Reading
Application Security recent news | Dark Reading
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading
π NIST Issues Version 1.0 of Privacy Framework π
π Read
via "Subscriber Blog RSS Feed ".
NIST released new guidance last week, its Privacy Framework, that can be used by organizations as a risk management tool, to answer questions about its privacy posture, or establish its own program.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NIST Issues Version 1.0 of Privacy Framework
NIST released its inaugural Privacy Framework last week. The document can be used by organizations as a risk management tool, to answer questions about its privacy posture, or establish its own program.
ATENTIONβΌ New - CVE-2011-3621
π Read
via "National Vulnerability Database".
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3614
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3613
π Read
via "National Vulnerability Database".
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3612
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3611
π Read
via "National Vulnerability Database".
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.π Read
via "National Vulnerability Database".
π΄ Eight Flaws in MSP Software Highlight Potential Ransomware Vector π΄
π Read
via "Dark Reading: ".
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.π Read
via "Dark Reading: ".
Dark Reading
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
π 3 biggest threats cybersecurity professionals are facing in 2020 π
π Read
via "Security on TechRepublic".
Organizations are moving toward next-generation cybersecurity solutions this year, but security fragmentation is a looming threat.π Read
via "Security on TechRepublic".
TechRepublic
3 biggest threats cybersecurity professionals are facing in 2020
Organizations are moving toward next-generation cybersecurity solutions this year, but security fragmentation is a looming threat.
π How to disconnect devices and revoke app privileges from your Firefox cloud account π
π Read
via "Security on TechRepublic".
You'll be surprised at how many devices, apps, and services are associated with your Firefox cloud account. Find out how to remove them.π Read
via "Security on TechRepublic".
TechRepublic
How to disconnect devices and revoke app privileges from your Firefox cloud account
You'll be surprised at how many devices, apps, and services are associated with your Firefox cloud account. Find out how to remove them.
ATENTIONβΌ New - CVE-2011-3622
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.π Read
via "National Vulnerability Database".
π΄ To Avoid Disruption, Ransomware Victims Continue to Pay Up π΄
π Read
via "Dark Reading: ".
For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.π Read
via "Dark Reading: ".
Darkreading
To Avoid Disruption, Ransomware Victims Continue to Pay Up
For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.
β Vivin Nets Thousands of Dollars Using Cryptomining Malware β
π Read
via "Threatpost".
A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn't going away anytime soon.π Read
via "Threatpost".
Threat Post
Vivin Nets Thousands of Dollars Using Cryptomining Malware
A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn't going away anytime soon.
π΄ For Mismanaged SOCs, The Price Is Not Right π΄
π Read
via "Dark Reading: ".
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.π Read
via "Dark Reading: ".
Dark Reading
For Mismanaged SOCs, The Price Is Not Right
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
β Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment β
π Read
via "Threatpost".
The competition targets the systems that run critical infrastructure and more.π Read
via "Threatpost".
Threat Post
Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment
The competition targets the systems that run critical infrastructure and more.
π How to protect your organization against targeted phishing attacks π
π Read
via "Security on TechRepublic".
Companies should realize that any user could be a target and use threat data to build a security awareness training program, says Proofpoint.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization against targeted phishing attacks
Companies should realize that any user could be a target and use threat data to build a security awareness training program, says Proofpoint.
β FBI issues warning about lucrative fake job scams β
π Read
via "Naked Security".
Whatβs the difference between a real job and a fake one found on the internet? The fake ones are suspiciously easy to get interviews for.π Read
via "Naked Security".
Naked Security
FBI issues warning about lucrative fake job scams
Whatβs the difference between a real job and a fake one found on the internet? The fake ones are suspiciously easy to get interviews for.
β Sonosβs tone-deaf legacy product policy angers customers β
π Read
via "Naked Security".
Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up.π Read
via "Naked Security".
Naked Security
Sonosβs tone-deaf legacy product policy angers customers
Stopping software updates for legacy kit is nothing new, but itβs the way the company has done it that has Sonos customersβ hackles up.
β Apple allegedly made nice with FBI by dropping iCloud encryption plan β
π Read
via "Naked Security".
Sources told Reuters that Apple may have been convinced by arguments made during the legal fight over cracking the San Bernardino iPhone.π Read
via "Naked Security".
Naked Security
Apple allegedly made nice with FBI by dropping iCloud encryption plan
Sources told Reuters that Apple may have been convinced by arguments made during the legal fight over cracking the San Bernardino iPhone.
β UN report alleges that Saudi crown prince hacked Jeff Bezosβs phone β
π Read
via "Naked Security".
Digital forensic evidence points to the phone's massive, months-long data egress having likely been triggered by Pegasus mobile spyware.π Read
via "Naked Security".
Naked Security
UN report alleges that Saudi crown prince hacked Jeff Bezosβs phone
Digital forensic evidence points to the phoneβs massive, months-long data egress having likely been triggered by Pegasus mobile spyware.