ATENTIONβΌ New - CVE-2013-5594
π Read
via "National Vulnerability Database".
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml bindingπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4454
π Read
via "National Vulnerability Database".
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilitiesπ Read
via "National Vulnerability Database".
π΄ 1.7M Nedbank Customers Affected via Third-Party Breach π΄
π Read
via "Dark Reading: ".
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.π Read
via "Dark Reading: ".
Darkreading
1.7M Nedbank Customers Affected via Third-Party Breach
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
β Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin β
π Read
via "Threatpost".
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.π Read
via "Threatpost".
Threat Post
Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.
ATENTIONβΌ New - CVE-2013-4227
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.π Read
via "National Vulnerability Database".
π΄ Cyber Fitness Takes More Than a Gym Membership & a Crash Diet π΄
π Read
via "Dark Reading: ".
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.π Read
via "Dark Reading: ".
Darkreading
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
ATENTIONβΌ New - CVE-2013-6295
π Read
via "National Vulnerability Database".
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload moduleπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3323
π Read
via "National Vulnerability Database".
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2679
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0718
π Read
via "National Vulnerability Database".
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5146
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π Is your firmware vulnerable to attack? A report says it might be π
π Read
via "Security on TechRepublic".
Unsigned firmware in WiFi adapters, USB hubs, trackpads, and other devices can be compromised by hackers, says enterprise firmware security company Eclypsium in a new report.π Read
via "Security on TechRepublic".
TechRepublic
Is your firmware vulnerable to attack? A report says it might be
Unsigned firmware in WiFi adapters, USB hubs, trackpads, and other devices can be compromised by hackers, says enterprise firmware security company Eclypsium in a new report.
π΄ Lumu to Emerge from Stealth at RSAC π΄
π Read
via "Dark Reading: ".
The new company will focus on giving customers earlier indications of network and server compromise.π Read
via "Dark Reading: ".
Dark Reading
Lumu to Emerge from Stealth at RSAC
The new company will focus on giving customers earlier indications of network and server compromise.
β Iran-Backed APTs Collaborate on 3-Year βFox Kittenβ Global Spy Campaign β
π Read
via "Threatpost".
APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.π Read
via "Threatpost".
Threat Post
Iran-Backed APTs Collaborate on 3-Year βFox Kittenβ Global Spy Campaign
APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.
π Finally, the world is getting concerned about data privacy π
π Read
via "Security on TechRepublic".
Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.π Read
via "Security on TechRepublic".
TechRepublic
Finally, the world is getting concerned about data privacy
Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.
β Ring Mandates 2FA After Rash of Hacks β
π Read
via "Threatpost".
Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.π Read
via "Threatpost".
Threat Post
Ring Mandates 2FA After Rash of Hacks
Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.
π Washington Privacy Act Clears Senate π
π Read
via "Subscriber Blog RSS Feed ".
Like other recent state data privacy laws, new legislation in Washington would require businesses to establish, implement, and maintain reasonable administrative, technical, and physical data security practices.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Washington Privacy Act Clears Senate
Like other recent state data privacy laws, new legislation in Washington would require businesses to establish, implement, and maintain reasonable administrative, technical, and physical data security practices.
ATENTIONβΌ New - CVE-2013-4228
π Read
via "National Vulnerability Database".
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4226
π Read
via "National Vulnerability Database".
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.π Read
via "National Vulnerability Database".
π΄ Dell Sells RSA to Private Equity Firm for $2.1B π΄
π Read
via "Dark Reading: ".
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.π Read
via "Dark Reading: ".
Dark Reading
Dell Sells RSA to Private Equity Firm for $2.1B
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
β FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter β
π Read
via "Threatpost".
OurMine took over the Spanish powerhouse soccer team's Twitter account.π Read
via "Threatpost".
Threat Post
FC Barcelona Suffers Likely Credential-Stuffing Attack on Twitter
OurMine took over the Spanish powerhouse soccer team's Twitter account.