ATENTIONβΌ New - CVE-2012-4381
π Read
via "National Vulnerability Database".
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-4029
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.π Read
via "National Vulnerability Database".
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From Google's OpenSK project to Apple's SMS 2FA proposal, and everything in between. Get up to date with the hot stories of the last week.π Read
via "Naked Security".
Naked Security
Monday review β the hot 23 stories of the week
From Googleβs OpenSK project to Appleβs SMS 2FA proposal, and everything in between. Get up to date with the hot stories of the last week.
β Frustrated author cybersquats novelistβs website β
π Read
via "Naked Security".
If you visit the website of renowned Canadian novelist Patrick deWitt today, you'll see a surprising message. "THIS IS NOT PATRICK DEWITT", it says.π Read
via "Naked Security".
Naked Security
Frustrated author cybersquats novelistβs website
If you visit the website of renowned Canadian novelist Patrick deWitt today, youβll see a surprising message. βTHIS IS NOT PATRICK DEWITTβ, it says.
β FBI director warns of sustained Russian disinformation threat β
π Read
via "Naked Security".
Russia is still using social media in a sustained campaign to dabble in US affairs, according to FBI director Chris Wray.π Read
via "Naked Security".
Naked Security
FBI director warns of sustained Russian disinformation threat
Russia is still using social media in a sustained campaign to dabble in US affairs, according to FBI director Chris Wray.
β Facebook encrypted messaging will βcreate hiding places for child abuseβ β
π Read
via "Naked Security".
Child safety groups penned an open letter to Facebook, urging a delay on encrypted messaging until sufficient safeguards are in place.π Read
via "Naked Security".
Naked Security
Facebook encrypted messaging will βcreate hiding places for child abuseβ
Child safety groups penned an open letter to Facebook, urging a delay on encrypted messaging until sufficient safeguards are in place.
β Google Chrome to start blocking downloads served via HTTP β
π Read
via "Naked Security".
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser starting with desktop version 81 due next month.π Read
via "Naked Security".
Naked Security
Google Chrome to start blocking downloads served via HTTP
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser starting with desktop version 81 due next month.
π΄ Day in the Life of a Bot π΄
π Read
via "Dark Reading: ".
A typical workday for a bot, from its own point of view.π Read
via "Dark Reading: ".
Darkreading
Day in the Life of a Bot
A typical workday for a bot, from its own point of view.
β Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm β
π Read
via "Threatpost".
The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks - and their devices - via brute force loops.π Read
via "Threatpost".
Threat Post
Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm
The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks - and their devices - via brute force loops.
β Docker Registries Expose Hundreds of Orgs to Malware, Data Theft β
π Read
via "Threatpost".
Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.βπ Read
via "Threatpost".
Threat Post
Docker Registries Expose Hundreds of Orgs to Malware, Data Theft
Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.β
π΄ 6 Factors That Raise The Stakes For IoT Security π΄
π Read
via "Dark Reading: ".
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.π Read
via "Dark Reading: ".
Dark Reading
6 Factors That Raise The Stakes For IoT Security
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
π΄ Unlocked S3 Bucket Lets 36,077 Prison Files Escape π΄
π Read
via "Dark Reading: ".
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.π Read
via "Dark Reading: ".
Dark Reading
Unlocked S3 Bucket Lets 36,077 Prison Files Escape - Dark Reading
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.
ATENTIONβΌ New - CVE-2012-5828
π Read
via "National Vulnerability Database".
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component errorπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2204
π Read
via "National Vulnerability Database".
InfoSphere Guardium aix_ktap module: DoSπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1994
π Read
via "National Vulnerability Database".
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access informationπ Read
via "National Vulnerability Database".
β Equifax Breach: Four Members of Chinese Military Charged with Hacking β
π Read
via "Threatpost".
Feds have charged four members of the Chinese Peopleβs Liberation Army (PLA) in connection with the infamous 2017 Equifax breach.π Read
via "Threatpost".
Threat Post
Equifax Breach: Four Members of Chinese Military Charged with Hacking
Feds have charged four members of the Chinese Peopleβs Liberation Army (PLA) in connection with the infamous 2017 Equifax breach.
π Global shipping industry attacked by coronavirus-themed malware π
π Read
via "Security on TechRepublic".
Hackers are using malicious emails about the coronavirus to trick people with a malware called AZORult.π Read
via "Security on TechRepublic".
TechRepublic
Global shipping industry attacked by coronavirus-themed malware
Hackers are using malicious emails about the coronavirus to trick people with a malware called AZORult.
π΄ Unlocked S3 Bucket Lets 36,077 Jail Files Escape π΄
π Read
via "Dark Reading: ".
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.π Read
via "Dark Reading: ".
Dark Reading
Unlocked S3 Bucket Lets 36,077 Jail Files Escape - Dark Reading
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.
π 13 tips to avoid Valentine's Day online romance scams π
π Read
via "Security on TechRepublic".
Scammers use dating sites to try to build relationships with people to get money or personal information. Here are 13 tips to protect yourself.π Read
via "Security on TechRepublic".
TechRepublic
13 tips to avoid Valentine's Day online romance scams
Scammers use dating sites to try to build relationships with people to get money or personal information. Here are 13 tips to protect yourself.
π How some presidential campaigns use DMARC to protect their domains from being spoofed π
π Read
via "Security on TechRepublic".
DMARC can prevent spammers from using a trusted domain name to send junk mail, a useful tactic for the presidential campaigns and for your organization, according to security provider Valimail.π Read
via "Security on TechRepublic".
TechRepublic
How some presidential campaigns use DMARC to protect their domains from being spoofed
DMARC can prevent spammers from using a trusted domain name to send junk mail, a useful tactic for the presidential campaigns and for your organization, according to security provider Valimail.
π΄ China's Military Behind 2017 Equifax Breach: DoJ π΄
π Read
via "Dark Reading: ".
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.π Read
via "Dark Reading: ".
Darkreading
China's Military Behind 2017 Equifax Breach: DoJ
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.