π Insider data breach survey finds directors most likely to break company policy π
π Read
via "Security on TechRepublic".
Report suggests IT leaders think breaches are inevitable and don't have adequate risk management in place.π Read
via "Security on TechRepublic".
TechRepublic
Insider data breach survey finds directors most likely to break company policy
Report suggests IT leaders think breaches are inevitable and don't have adequate risk management in place.
ATENTIONβΌ New - CVE-2014-3622
π Read
via "National Vulnerability Database".
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-2727
π Read
via "National Vulnerability Database".
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-2228
π Read
via "National Vulnerability Database".
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.π Read
via "National Vulnerability Database".
β Hamas Ensnares Israeli Soldiers with Pretty βLadiesβ β
π Read
via "Threatpost".
The third catfish attempt in three years from the Palestinian militant group adds a few technical advances to the mix.π Read
via "Threatpost".
Threat Post
Hamas Ensnares Israeli Soldiers with Pretty βLadiesβ
The third catfish attempt in three years from the Palestinian militant group adds a few technical advances to the mix.
β SMS Attack Spreads Emotet, Steals Bank Credentials β
π Read
via "Threatpost".
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.π Read
via "Threatpost".
Threat Post
SMS Attack Spreads Emotet, Steals Bank Credentials
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
π΄ DHS's CISA Warns of New Critical Infrastructure Ransomware Attack π΄
π Read
via "Dark Reading: ".
An attack on a natural gas compression facility sent the operations offline for two days.π Read
via "Dark Reading: ".
Darkreading
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
An attack on a natural gas compression facility sent the operations offline for two days.
π Security holes in 2G and 3G networks will pose a risk for next several years π
π Read
via "Security on TechRepublic".
Despite the growth of 5G and 4G, older network technologies beset with certain security flaws will be around for many more years, says enterprise security provider Positive Technologies.π Read
via "Security on TechRepublic".
TechRepublic
Security holes in 2G and 3G networks will pose a risk for next several years
Despite the growth of 5G and 4G, older network technologies beset with certain security flaws will be around for many more years, says enterprise security provider Positive Technologies.
ATENTIONβΌ New - CVE-2013-5581
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6685
π Read
via "National Vulnerability Database".
Nokogiri before 1.5.4 is vulnerable to XXE attacksπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6614
π Read
via "National Vulnerability Database".
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1932
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.π Read
via "National Vulnerability Database".
π΄ 44% of Security Threats Start in the Cloud π΄
π Read
via "Dark Reading: ".
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.π Read
via "Dark Reading: ".
Darkreading
44% of Security Threats Start in the Cloud
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
π΄ Zero-Factor Authentication: Owning Our Data π΄
π Read
via "Dark Reading: ".
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.π Read
via "Dark Reading: ".
Darkreading
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
ATENTIONβΌ New - CVE-2012-0055
π Read
via "National Vulnerability Database".
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.π Read
via "National Vulnerability Database".
π U.S. Warns of Ransomware Attacks Targeting Pipeline Ops π
π Read
via "Subscriber Blog RSS Feed ".
Following an attack on a gas compression facility, CISA is urging organizations to take steps to safeguard their systems.π Read
via "Subscriber Blog RSS Feed ".
Fortra's Digital Guardian
U.S. Warns of Ransomware Attacks Targeting Pipeline Ops
Following an attack on a gas compression facility, CISA is urging organizations to take steps to safeguard their systems.
β BlueKeep Flaw Plagues Outdated Connected Medical Devices β
π Read
via "Threatpost".
More than 55 percent of medical imaging devices - including MRIs, XRays and ultrasound machines - are powered by outdated Windows versions, researchers warn.π Read
via "Threatpost".
Threat Post
BlueKeep Flaw Plagues Outdated Connected Medical Devices
More than 55 percent of medical imaging devices - including MRIs, XRays and ultrasound machines - are powered by outdated Windows versions, researchers warn.
β U.S. Pipeline Disrupted by Ransomware Attack β
π Read
via "Threatpost".
The attack took a gas compression facility offline for two days, disrupting the supply chain.π Read
via "Threatpost".
Threat Post
U.S. Pipeline Disrupted by Ransomware Attack
The attack took a gas compression facility offline for two days, disrupting the supply chain.
π΄ User Have Risky Security Habits, but Security Pros Aren't Much Better π΄
π Read
via "Dark Reading: ".
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.π Read
via "Dark Reading: ".
Dark Reading
User Have Risky Security Habits, but Security Pros Aren't Much Better
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
π΄ Users Have Risky Security Habits, but Security Pros Aren't Much Better π΄
π Read
via "Dark Reading: ".
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.π Read
via "Dark Reading: ".
Dark Reading
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
π΄ Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape π΄
π Read
via "Dark Reading: ".
McAfee researchers say they were able to get a Tesla to autonomously accelerate by tricking its camera platform into misreading a speed-limit sign.π Read
via "Dark Reading: ".
Darkreading
Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape
McAfee researchers say they were able to get a Tesla to autonomously accelerate by tricking its camera platform into misreading a speed-limit sign.