ATENTIONβΌ New - CVE-2016-2125
π Read
via "National Vulnerability Database".
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.π Read
via "National Vulnerability Database".
π΄ Chinese Intel Agents Indicted for 5-Year IP Theft Campaign π΄
π Read
via "Dark Reading: ".
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.π Read
via "Dark Reading: ".
Darkreading
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
π΄ Hardware Cyberattacks: How Worried Should You Be? π΄
π Read
via "Dark Reading: ".
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.π Read
via "Dark Reading: ".
Darkreading
Hardware Cyberattacks: How Worried Should You Be?
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
π΄ Apple Patches Multiple Major Security Flaws π΄
π Read
via "Dark Reading: ".
New security updates cross all Apple platforms.π Read
via "Dark Reading: ".
Darkreading
Apple Patches Multiple Major Security Flaws
New security updates cross all Apple platforms.
π΄ SamSam Ransomware Goes on a Tear π΄
π Read
via "Dark Reading: ".
SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.π Read
via "Dark Reading: ".
Darkreading
SamSam Ransomware Goes on a Tear
SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.
ATENTIONβΌ New - CVE-2016-6328
π Read
via "National Vulnerability Database".
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).π Read
via "National Vulnerability Database".
β RoboCops: AI on the rise in policing to predict crime and uncover lies β
π Read
via "Naked Security".
PrediPol uses predictive policing algorithms, VeriPol analyzes fake-report text. Who ya gonna call?π Read
via "Naked Security".
Naked Security
RoboCops: AI on the rise in policing to predict crime and uncover lies
PrediPol uses predictive policing algorithms, VeriPol analyzes fake-report text. Who ya gonna call?
β US indicts alleged Chinese spies for hacking aerospace companies β
π Read
via "Naked Security".
The DOJ described five years of stealing turbofan engine designs that relied on insiders, state-sponsored hackers, phishing and malware.π Read
via "Naked Security".
Naked Security
US indicts alleged Chinese spies for hacking aerospace companies
The DOJ described five years of stealing turbofan engine designs that relied on insiders, state-sponsored hackers, phishing and malware.
β Update now! Apple releases security fixes for iOS, MacOS, Safari, others β
π Read
via "Naked Security".
If you own any kind of Apple device or software, you may want to check to see if you have an update waiting for you.π Read
via "Naked Security".
Naked Security
Update now! Apple releases security fixes for iOS, MacOS, Safari, others
If you own any kind of Apple device or software, you may want to check to see if you have an update waiting for you.
β Facebook is still approving fake political ads β
π Read
via "Naked Security".
Just a couple of weeks before the US midterm elections, journalists have revealed that Facebook is continuing to approve fake advertisements from fake sources.π Read
via "Naked Security".
Naked Security
Facebook is still approving fake political ads
Just a couple of weeks before the US midterm elections, journalists have revealed that Facebook is continuing to approve fake advertisements from fake sources.
β Passcodes are protected by Fifth Amendment, says court β
π Read
via "Naked Security".
The government isn't really after the password, after all; it's after any potential evidence it protects. In other words: fishing expedition.π Read
via "Naked Security".
Naked Security
Passcodes are protected by Fifth Amendment, says court
The government isnβt really after the password, after all; itβs after any potential evidence it protects. In other words: fishing expedition.
ATENTIONβΌ New - CVE-2016-2123
π Read
via "National Vulnerability Database".
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-2120
π Read
via "National Vulnerability Database".
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.π Read
via "National Vulnerability Database".
π΄ Not Every Security Flaw Is Created Equal π΄
π Read
via "Dark Reading: ".
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.π Read
via "Dark Reading: ".
Dark Reading
Not Every Security Flaw Is Created Equal
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
π΄ Not Every Security Flaw Is Created Equal π΄
π Read
via "Dark Reading: ".
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.π Read
via "Dark Reading: ".
Dark Reading
Not Every Security Flaw Is Created Equal
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
π Cyberattacks increasingly targeting enterprise IT networks in energy and utilities industry π
π Read
via "Security on TechRepublic".
Increased attacks prove the importance of detecting threat behaviors early and monitoring network traffic, stopping cybercriminals in their tracks.π Read
via "Security on TechRepublic".
TechRepublic
Cyberattacks increasingly targeting enterprise IT networks in energy and utilities industry
Increased attacks prove the importance of detecting threat behaviors early and monitoring network traffic, stopping cybercriminals in their tracks.
π Google won't let you sign in if you disabled JavaScript in your browser π
π Read
via "Security on TechRepublic".
Google announces for new security features to protect Google accounts.π Read
via "Security on TechRepublic".
TechRepublic
Google won't let you sign in if you disabled JavaScript in your browser
Google announces for new security features to protect Google accounts.
β Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack β
π Read
via "The first stop for security news | Threatpost ".
Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack
Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies.
π Artificial intelligence agent pilot launched to expose liars at EU borders π
π Read
via "Security on TechRepublic".
AI is being employed to act as a lie detector to reduce the pressure on country borders and human agents.π Read
via "Security on TechRepublic".
TechRepublic
Artificial intelligence agent pilot launched to expose liars at EU borders
AI is being employed to act as a lie detector to reduce the pressure on country borders and human agents.
β PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking β
π Read
via "The first stop for security news | Threatpost ".
Poor DNS housekeeping opens the door to account takeover.π Read
via "The first stop for security news | Threatpost ".
Threat Post
PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking
Poor DNS housekeeping opens the door to account takeover.
π΄ FIFA Reveals Second Hack π΄
π Read
via "Dark Reading: ".
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.π Read
via "Dark Reading: ".
Darkreading
FIFA Reveals Second Hack
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.