ATENTIONβΌ New - CVE-2012-2216
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1124
π Read
via "National Vulnerability Database".
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-4067
π Read
via "National Vulnerability Database".
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.π Read
via "National Vulnerability Database".
β Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches β
π Read
via "Threatpost".
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.π Read
via "Threatpost".
Threat Post
Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.
π΄ Healthcare Ransomware Damage Passes $157M Since 2016 π΄
π Read
via "Dark Reading: ".
Researchers found the total cost far exceeded the amount of ransom paid to attackers.π Read
via "Dark Reading: ".
Dark Reading
Healthcare Ransomware Damage Passes $157M Since 2016
Researchers found the total cost far exceeded the amount of ransom paid to attackers.
ATENTIONβΌ New - CVE-2011-4938
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php.π Read
via "National Vulnerability Database".
β Data about inmates and jail staff spilled by leaky prison app β
π Read
via "Naked Security".
A web-mapping project came across detainees' prescriptions and other PII that could be used by identity thieves to victimize prisoners.π Read
via "Naked Security".
Naked Security
Data about inmates and jail staff spilled by leaky prison app
A web-mapping project came across detaineesβ prescriptions and other PII that could be used by identity thieves to victimize prisoners.
π Cloud computing security: These two Microsoft tools can help you battle shadow IT π
π Read
via "Security on TechRepublic".
Finding what cloud services employees are using is only half the battle: integrating Microsoft Cloud App Security and Defender Advanced Threat Protection means you can track, block or audit cloud app usage.π Read
via "Security on TechRepublic".
β US charges four Chinese military members with Equifax hack β
π Read
via "Naked Security".
The indictment suggests the hack was part of a series of major data thefts organized by Chinese military and intelligence agencies.π Read
via "Naked Security".
Naked Security
US charges four Chinese military members with Equifax hack
The indictment suggests the hack was part of a series of major data thefts organized by Chinese military and intelligence agencies.
β FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware β
π Read
via "Threatpost".
Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work.π Read
via "Threatpost".
Threat Post
FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware
Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work.
β Katie Moussouris: The Bug Bounty Conflict of Interest β
π Read
via "Threatpost".
Kate Moussouris sounds off on the challenges behind creating successful bug bounty programs.π Read
via "Threatpost".
Threat Post
Katie Moussouris: The Bug Bounty Conflict of Interest
Katie Moussouris sounds off on the challenges behind creating bug bounty programs that actually work.
π΄ 5 Common Errors That Allow Attackers to Go Undetected π΄
π Read
via "Dark Reading: ".
Make these mistakes and invaders might linger in your systems for years.π Read
via "Dark Reading: ".
Darkreading
5 Common Errors That Allow Attackers to Go Undetected
Make these mistakes and invaders might linger in your systems for years.
π΄ Chaos May Be the Key to Quantum-Proof Encryption π΄
π Read
via "Dark Reading: ".
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy.π Read
via "Dark Reading: ".
Dark Reading
Chaos May Be the Key to Quantum-Proof Encryption
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy.
ATENTIONβΌ New - CVE-2012-0810
π Read
via "National Vulnerability Database".
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5140
π Read
via "National Vulnerability Database".
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5139
π Read
via "National Vulnerability Database".
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.π Read
via "National Vulnerability Database".
β Mozilla issues final warning to websites using TLS 1.0 β
π Read
via "Naked Security".
From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1.π Read
via "Naked Security".
Naked Security
Mozilla issues final warning to websites using TLS 1.0
From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1.
π΄ Chaos & Order: The Keys to Quantum-Proof Encryption π΄
π Read
via "Dark Reading: ".
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy. But first, your current crypto needs some tidying up.π Read
via "Dark Reading: ".
Dark Reading
Chaos & Order: The Keys to Quantum-Proof Encryption
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy. But first, your current crypto needs some tidying up.
π Data breaches up 17% in 2019 over previous year π
π Read
via "Security on TechRepublic".
The Identity Theft Recource Center warns that businesses of all sizes should be vigilant about data security.π Read
via "Security on TechRepublic".
TechRepublic
Data breaches up 17% in 2019 over previous year
The Identity Theft Recource Center warns that businesses of all sizes should be vigilant about data security.
π΄ What Are Some Basic Ways to Protect My Global Supply Chain? π΄
π Read
via "Dark Reading: ".
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.π Read
via "Dark Reading: ".
Dark Reading
What Are Some Basic Ways to Protect My Global Supply Chain?
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.
π΄ 5G Adoption Should Change How Organizations Approach Security π΄
π Read
via "Dark Reading: ".
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications.π Read
via "Dark Reading: ".
Dark Reading
5G Adoption Should Change How Organizations Approach Security
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications.