β Supermicro servers fixed after insecure firmware updating discovered β
π Read
via "Naked Security".
Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) - a critical component that datacentres depend on to manage servers.π Read
via "Naked Security".
Naked Security
Supermicro servers fixed after insecure firmware updating discovered
Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) β a critical component that datacentres depend on to manage servers.
β Appleβs new tool will make it easier for law enforcement to request data β
π Read
via "Naked Security".
Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.π Read
via "Naked Security".
Naked Security
Appleβs new tool will make it easier for law enforcement to request data
Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.
π The secret to successful cybersecurity programs? Training and automation π
via "Security on TechRepublic".
Cybersecurity programs have drastically improved since 2017, according to a recent DomainTools survey. Here's how you can improve your cybersecurity GPA.
π Readvia "Security on TechRepublic".
TechRepublic
The secret to successful cybersecurity programs? Training and automation
Cybersecurity programs have drastically improved since 2017, according to a recent DomainTools survey. Here's how you can improve your cybersecurity GPA.
β’ LuckyMouse uses malicious NDISProxy Windows driver to target gov't entities β’
π Read
via "Latest topics for ZDNet in Security".
The hacking group is covertly infecting Windows machines with Trojans by way of stolen certificates belonging to a Chinese security company.π Read
via "Latest topics for ZDNet in Security".
ZDNet
LuckyMouse uses malicious NDISProxy Windows driver to target gov't entities | ZDNet
The hacking group is covertly infecting Windows machines with Trojans by way of stolen certificates belonging to a Chinese security company.
β’ Exploit vendor drops Tor Browser zero-day on Twitter β’
π Read
via "Latest topics for ZDNet in Security".
A company that sells exploits to government agencies drops Tor Browser zero-day on Twitter after recent Tor Browser update renders exploit less valuable.π Read
via "Latest topics for ZDNet in Security".
ZDNET
Exploit vendor drops Tor Browser zero-day on Twitter
A company that sells exploits to government agencies drops Tor Browser zero-day on Twitter after recent Tor Browser update renders exploit less valuable.
β’ iPhone XS: The one reason I won't buy in β’
π Read
via "Latest topics for ZDNet in Security".
One of the most highly touted breakthroughs of the iPhone X--and soon to be the iPhone XS--is also its biggest drawback in usability and productivity.π Read
via "Latest topics for ZDNet in Security".
ZDNet
iPhone XS: The one reason I won't buy in | ZDNet
One of the most highly touted breakthroughs of the iPhone X -- and soon to be the iPhone XS -- is also its biggest drawback in usability and productivity.
β Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws β
π Read
via "The first stop for security news | Threatpost ".
By implementing the "Equifax bug," it's the first known time a Mirai IoT botnet variant has targeted an Apache Struts vulnerability.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws
By implementing the βEquifax bug,β itβs the first known time a Mirai IoT botnet variant has targeted an Apache Struts vulnerability.
π΄ DevOps Demystified: A Primer for Security Practitioners π΄
π Read
via "Dark Reading: ".
Key starting points for those still struggling to understand the concept.π Read
via "Dark Reading: ".
Dark Reading
DevOps Demystified: A Primer for Security Practitioners
Key starting points for those still struggling to understand the concept.
π Why that email from your boss could be a scam waiting to happen π
π Read
via "Security on TechRepublic".
Impersonation fraud is on the rise, and SMBs lose an average of $35,000 to these attacks, according to Lloyds Bank.π Read
via "Security on TechRepublic".
TechRepublic
Why that email from your boss could be a scam waiting to happen
Impersonation fraud is on the rise, and SMBs lose an average of $35,000 to these attacks, according to Lloyds Bank.
π How to improve citizen communication with state governments? Digital interaction π
π Read
via "Security on TechRepublic".
Americans need more individualized and accessible digital services from their government agencies, according to a Conduent report.π Read
via "Security on TechRepublic".
TechRepublic
How to improve citizen communication with state governments? Digital interaction
Americans need more individualized and accessible digital services from their government agencies, according to a Conduent report.
π΄ Russian National Extradited for 2014 JP Morgan Hack π΄
π Read
via "Dark Reading: ".
Andrei Tyurin was arrested for his involvement in a hacking campaign targeting US financial institutions, financial news publishers, brokerage firm, and other companies.π Read
via "Dark Reading: ".
Darkreading
Russian National Extradited for 2014 JP Morgan Hack
Andrei Tyurin was arrested for his involvement in a hacking campaign targeting US financial institutions, financial news publishers, brokerage firm, and other companies.
β’ Ransomware campaign targets businesses with fake invoice message β’
π Read
via "Latest topics for ZDNet in Security".
Locky ransomware was once of the most prolific forms of ransomware - a new 'PyLocky' ransomware campaign by attempting to piggyback on its past success.π Read
via "Latest topics for ZDNet in Security".
ZDNET
Ransomware campaign targets businesses with fake invoice message
Locky ransomware was once of the most prolific forms of ransomware - a new 'PyLocky' ransomware campaign by attempting to piggyback on its past success.
ATENTIONβΌ New - CVE-2016-7078
π Read
via "National Vulnerability Database".
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7077
π Read
via "National Vulnerability Database".
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7075
π Read
via "National Vulnerability Database".
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7071
π Read
via "National Vulnerability Database".
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7067
π Read
via "National Vulnerability Database".
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.π Read
via "National Vulnerability Database".
β Apple Finally Boots Sneaky Adware Doctor App from Mac App Store β
π Read
via "The first stop for security news | Threatpost ".
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Apple Finally Boots Sneaky Adware Doctor App from Mac App Store
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store.
π΄ The Equifax Breach One Year Later: 6 Action Items for Security Pros π΄
π Read
via "Dark Reading: ".
The Equifax breach last September was the largest consumer breach in history. We talked to experts about lessons learned and steps companies can take to prevent and minimize future breaches.π Read
via "Dark Reading: ".
Dark Reading
Slideshows - Dark Reading
Dark Reading: Connecting The Information Security Community. Explore our slideshows.
β Tor Brings Onion Browser to Android Devices β
π Read
via "The first stop for security news | Threatpost ".
In parts of the developing world, dissidents and journalists face hostile governments and other threats -- and mobile is their only access to the internet.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Tor Brings Onion Browser to Android Devices
In parts of the developing world, dissidents and journalists face hostile governments and other threats β and mobile is their only access to the internet.
π Top 5 riskiest airport Wi-Fi π
π Read
via "Security on TechRepublic".
Whatever you do, try to avoid connecting to free wifi at these airports, begs TechRepublic's Tom Merrittπ Read
via "Security on TechRepublic".
TechRepublic
Top 5 riskiest airport Wi-Fi
Whatever you do, try to avoid connecting to free Wi-Fi at these airports, begs Tom Merritt.