It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.π Read
via "Dark Reading: ".
π‘ Cybersecurity & Privacy news π‘
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.Meanwhile, organizations are looking at nonconventional ways to staff up and train their workforce as technical expertise gets even harder to find.User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report.Microsoft's March Patch Tuesday updates include 64 fixes, 17 of which are rated critical.DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.Critical vulnerabilities in web applications tripled in 2018, according to a new study.Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.Data was found on 68% of secondhand flash drives sold in the US, according to a Comparitech report. Here's how to secure your data for disposal.Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.macOS is capable of working with SSH keys. Jack Wallen shows you how to generate the necessary keys and copy them to a server.The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code code execution.Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.In a Senate Judiciary hearing on Tuesday, lawmakers discussed the impact of California Consumer Privacy Act and how the law should set the stage for a federal privacy bill.Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.Incident leaves GPS units showing a location in England and a date 17 years in the future.A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit.People on the autism spectrum often possess traits that could help them succeed in cybersecurity - providing they don't fall into cybercrime first.Comparitech assessed the websites of more than 7,500 politicians in 37 countries and found 60.8% did not use valid SSL certificates.Comparitech assessed the websites of more than 7,500 politicians in 37 countries and found 60.8% did not use valid SSL certificates.A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier.A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.If you were among the millions of users who updated Chrome last week to dodge a zero-day exploit, Microsoft has something for you in this monthβs Patch Tuesday.And Oracle accused Google of creating shadow profiles of even non-users. Theirs are just two of 85 responses to an Australian inquiry.Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.Some 71% of businesses plan to use AI and machine learning in their security tools this year, though over half aren't sure what that tech really does, according to Webroot.Cryptojacking attacks can be executed in more ways than JavaScript files in browsers, and cryptocurrency mining is moving to cloud services, according to AT&T Cybersecurity.It turns out that his wife deleted his "rambling", get-rich-quick video. The man was arrested for alleged threats.When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum.Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware.More than three-quarters of IT pros say they feel safer for having done so, according to a new report.Some 71% of businesses plan to use AI and machine learning in their security tools this year, though over half aren't sure what that tech really does, according to Webroot.Pi Day isn't just about circles or special numbers - there are some cybersecurity lessons in there, too, and here they are...There's still time to apply for Black Hat's focused high-level networking and knowledge-sharing event in Singapore next week!The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.New amendments to the rules, proposed last week and largely based on the New York State Department of Financial Servicesβ Cybersecurity Regulation, would better protect customer information held by financial institutions.In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.As employees access clouds and apps untethered to corporate networks, managers must create new security architectures.A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious.Attackers are increasingly using insecure legacy protocols, like IMAP, to bypass multi-factor authentication in password spraying campaigns.Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access.Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow unauthenticated user to potentially execute arbitrary code via physical access.Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access.Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.Insufficient input validation in Intel CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially execute arbitrary code via local access.Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.GandCrab's evolution underscores a shift in ransomware attack methods.New JavaScript Sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.Google has confirmed that improved control over location tracking is one of several new privacy features in the next version of its mobile OS, Android Q.Good news for the privacy-conscious. Chrome 73, released Tuesday, now includes the DuckDuckGo search engine as an option.A worldwide, nearly day-long outage at Facebook led to Telegram having a busy, busy day.Here's the latest Naked Security podcast - listen now, and tell your friends and colleagues about us, too!If you can't remember a password for a website you know Chrome saved, you can view it with these tips.When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?Nudies, taxes, and memos - oh, my! Research shows that even if we think we've deleted content on the sticks, we're leaving all that and more.An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards.Using a combination of Shodan scans and data from partners, Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.Chinese e-commerce giant Globalegrow left personally identifiable information and account credentials exposed, leading security researchers to call them "delusional."Share this video with your less tech-savvy friends and family to set their minds at rest about sextortion.Building a better voting machine, a government tool to secure critical infrastructure, and the Facebook outage heard around the world - catch up on the week's news with this roundup!New report details the Democratic candidate's time as a member of Cult of the Dead Cow.Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.On the one-year anniversary of the Facebook-Cambridge Analytica data privacy scandal, Dan Patterson advises companies to stay vigilant and keep data locked down and secure.Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.On the one-year anniversary of the Facebook-Cambridge Analytica data privacy scandal, Dan Patterson advises companies to stay vigilant and keep data locked down and secure.With two weeks to go, organizers would like to quickly highlight some Black Hat Asia Briefings that you may have overlooked!With two weeks to go, organizers would like to quickly highlight some Black Hat Asia Briefings that you may have overlooked!From a Citrix breach to John Oliver's FCC anti-robocall campaign, and everything in between - it's weekly roundup time.Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site.Users of G Suite may find that the option to authenticate themselves via SMS or voice call has suddenly disappeared.Intel released patches last week, fixing a range of vulnerabilities that could allow attackers to execute code on affected devices.The US Government is working on an electronic voting system that it hopes will prevent people from tinkering with voting machines at the polls.Slack Enterprise Key Management offers more security for Enterprise Grid users in regulated industries.Hackers are increasingly trying to steal data instead of money from victims, according to Positive Technologies.When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.Apps in the Google Play Store purport to upgrade your phone to Android 9.0 Pie, but an app cannot perform that task.Automating security and system standards eliminates the potential for human error.With wide deployment expected in the next decade, the driverless automobile landscape looks fraught β from road safety to data protection.Developers will have a new option to for Android apps too track location only when in use.The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises.FamilyTreeDNA has disclosed that it's opened up DNA profiles to the FBI to help find suspects of violent crime.Gnosticplayers has released about 26 million records from what he said are breaches of six new companies.NexDefense ICS security tool will be offered for free by Dragos.The ramifications of a ransomware attack last fall at a healthcare billing services provider are still coming to light. Upwards to 700 companies and 1.2 million patients could ultimately be affected.The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.Spear phishing attacks, including business email compromise and brand impersonation, are on the rise, according to Barracuda.Kiddle and Kidrex are meant to deliver age-appropriate search results, filtering out internet nastiness. But how do they really stack up?Everything uploaded prior to 2015 is gone for good, the cobwebby social network finally admitted.Players noticed that Epic Games was gathering and storing data from Steam accounts without their permission.The leaks point to a plot, a Calif. court said, ordering pikini app maker Six4Three to hand over its lawyers' chats with the ICO.The FBI's crackdown on 15 DDoS-for-hire sites appears to have had an impact on DDoS attacks, the average size for which dropped 85 percent in the fourth quarter of 2018, a new report found.Another 26m records stolen from another six online companies brings this hacker's total number of records to 863m from 38 websites.The notorious Internet of Things botnet is evolving to attack more types of devices - including those found in enterprises.These coding languages have the most open source vulnerabilities, according to a WhiteSource report.Set to go into effect on January 1, 2020, the CCPA will affect lots of companies doing business in California, but 86% have yet to meet compliance goals.A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.When asked if the company plans to pay the ransom, its CFO said its main strategy is to use the backup data stored in the system.A security researcher has found a way to tinker with Windowsβ core settings while persuading users to accept the changes.Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.This scam is both intimidating and disturbing - the crooks are presenting themselves as corrupt CIA officials who will take a bribe.Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.The latest twist in the Equifax breach has serious implications for organizations.The UK's data protection authority is hoping that advances to artificial intelligence incorporate data protection by design and is seeking the public's opinion on how to do so.New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.Some of the flaws would allow remote code-execution.A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.The science publisher is blaming a misconfigured server that exposed a constant stream of its usersβ credentials.Add this latest public warning system sabotage to a growing list of fear-and-panic-spreading hacking incidents.From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.No sooner has Netflix made an interactive TV show than people are already pulling apart its privacy implications.Microsoft will patch a new Windows security bug discovered by Google Project Zero - despite finding no evidence that it poses a threat.Insider threats are a larger concern for most organizations than cybercriminals or hacktivists, according to a BetterCloud report.The vulnerability allows attackers to run arbitrary commands as root, which clearly undermines the security of the SoftNAS Cloud platform and data stored on it.Here's the latest Naked Security podcast - listen now!Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017.Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.Norway's Norsk Hydro, the company ensnared in one of the week's biggest stories β a ransomware attack that crippled its systems β is still in the process of recovering.Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.The campaign, codenamed βBad Tidings,β has sought out victimsβ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interiorβs e-Service portal.Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.One hour of downtime from a DDoS attack costs an average of $221,837 globally, according to Netscout.Google's Instant Apps feature allows you to try apps before installing them, though a vulnerability allows attackers to abuse the feature to steal data.In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen wereΒ not informed.If you're looking for an encryption tool that offers a unique approach and a well-designed GUI, FinalCrypt might be just the tool.The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s browser within the trust relationship between their browser and the server.A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.The life of a CISO is a busy one and it can be easy for priorities to get lost in the shuffle. We've polled a group of CISOs and other security professionals to find out what CISOs should be aware of but likely aren't.On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)OX App Suite 7.8.4 and earlier allows SSRF.An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms.Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.What's more, their attempts to secure it may be putting information at risk, a new report finds.Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.He was fired after four weeks, ripped off the credentials of former colleague "Speedy", and will be mulling it all over for two years in jail.More than a quarter of businesses experienced irreparable data loss in the past year, according to a Dell EMC survey.Microsoft has issued a patch to remind Windows 7 users that theyβll soon have no patches.The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.Is BitLocker cracked? Is disk encryption still worth it? The answers are "No" and "Yes", and here's why.In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.Looking back at last year's 230M person breach, Facebook's latest privacy slipup, and more - catch up on the week's infosec news with this roundup!Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.Users of the open-source project should upgrade immediately.Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and security issues.Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition.Four have been arrested in the case.Watch this special edition of Naked Security Live - we answer the questions people have been asking us, like "Should I stay or should I go?"hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.From an ex-employee from IT hell to Window 7's upcoming patchocalypse, and everything in between. It's weekly roundup time!Researchers rated six of the 11 newly launched cars as being easy to open up and drive off with a cheap relay device anyone can buy online.Two hacking groups have been spotted targeting websites running unpatched versions of the WordPress plugin Easy WP SMTP.Researchers have found that one of the most popular source code repositories in the world is still housing thousands of publicly accessible user credentials.Web browsers, virtualization software, even carsΒ β nothing was off guards last week at Pwn2Own, the annual hacking competition held each year alongside CanSecWest in Vancouver.Half of SREs have worked on outages lasting longer than a day, according to a Catchpoint report.One in five employees surveyed believes data belongs to them, not the company, according to an Opinion Matters / Egress report.Some 36% of organizations said they experience security breaches due to remote work, according to an OpenVPN report. Here's how to help.The contractor with whom it shared the data has a vulnerable, unpatched network.According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.Some 99% of companies receive direct business value from cloud visibility, according to a Keysight Technologies report.In voting conducted by the SANS Institute, Jackson Higgins is named by peers as one of the top 10 journalists in the industry.The attack appears to be associated with a China-backed APT actor.Learn how to use SSH natively within Windows 10 to secure communications between network devices.Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.Execs and employees have dramatically different ideas of how much information is being lost and why - a gap that puts enterprise data in grave danger.Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.ShadowHammer campaign latest to highlight dangers of supply chain attacks.More than one-third of surveyed organizations (36 percent) said have experienced a security incident because of a remote worker's actions.A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.Jack Wallen explains why you should never allow your web browser to save passwords--and what you should do instead.A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close buttonIn the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards-just like the real marketplace.A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.The agency said it exposed 2.3m people's details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.The ability to use artificial intelligence effectively is also a large concern for IT decision makers.Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around securityMany small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.Apple's update patches 51 iOS holes, the more serious of which include bugs in Safari, Keychain and FaceTime.Another month is here and Android finds itself with a mixture of Critical and High vulnerabilities.If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUSBaxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.Don't expect to read about any of the classics, like 'War Games' or 'Sneakers', which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.AI's immaturity and the lack of time and resources needed to implement the technology are the two top hurdles to adoption, according to a Cylance report.Graham Kates, an investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.The average cost of a cyberattack at an SMB is $54,650, a new study shows.Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.βPartβ of its assets have been retrieved, and they've got an address for a suddenly much plumper Bittrex wallet.New research reveals that the bloatware preinstalled on many new Android phones could do far more than simply chew up your storage.Researchers are still looking for answers when it comes to LockerGoga's initial infection method - and what the attackers behind the ransomware really want.Implementation and security are the top concerns among professionals involved in the Internet of Things, according to a survey from the organizers of IoT World 2019.IoT and digital transformation efforts will leave more businesses vulnerable to cyberattack, according to Information Security Forum.The "Whitehat" settings will help researchers to analyze network traffic from its mobile apps by dialling back security settings.The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.Here's our latest podcast - listen now!With new attacks on the Israeli military and social-work educators, exploitation of the 19-year-old flaw shows no signs of slowing down.Versions of GeForce Experience for Windows before 3.18 are open to a bug that can allow denial of service and remote code execution.IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.According to a report, Grindr's Chinese owners are selling the platform after concerns were raised about user data handling.A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.A new certification, launched by a division of the country's government this week, is designed to help organizations demonstrate "accountable and responsible data protection practices."The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.Shodan Monitor is free to members of the popular Internet search engine.The FTC is ordering seven companies - including AT&T, T-Mobile, Comcast and more - to outline what data they collect, what they use the data for, and how transparent they're being with consumers.The networking giant issued 27 patches impacting a wide range of its products running the ISO XE software.In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.Apple Pay is a mobile payment solution that's accepted by millions of retailers in various countries. This guide covers what you need to know to use Apple Pay.The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.All your saved Firefox passwords, now happily inserting themselves into your Android-verse!The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone owners' intimate images online.More than half of organizations now run bug bounty and other crowdsourced options to avoid data breaches, according to a Bugcrowd report.Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.When a web browser like Chrome, Firefox or Safari is allowed to store passwords, you're putting your network security at risk.The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution.If you're running Magento you should be on the look out for hackers testing stolen card data - it could get your PayPal account suspended.Hoaxers are saying you can unlock colorful new "features" in Twitter, but you'll probably lock yourself out instead.MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.Misconceptions about fault-tolerance of data in the cloud is leading to IT professionals not safely backing up mission-critical business data.The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.Despite having nearly a year to address the vulnerability, no patch is available for a critical vulnerability, leaving network admins no alternative to disabling IPv6 support.A Ponemon Institute report, published today, says the biggest driver to encryption is organizations who want to protect enterprise intellectual property and consumer personal information.Prepare today for the quantum threats of tomorrow.Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.By not using third-party data backup tools, companies are leaving themselves open to attack, a new report finds.'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.Australia's controversial anti-encryption laws came under independent scrutiny this week as tech leaders criticized the proposed rules.Wrist slaps and paltry fines may not be what most of us were hoping for in retribution for billions of robocalls and countless scams.A US national security panel told Kunlun, that its ownership of Grindr constitutes a national security risk.Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.Following the latest round of updates from Microsoft, the Dell Encryption Console used for securing data on enterprise-deployed laptops stops working, but data remains secure.Putting these toys back in the box after a decade of hype isnβt going to be easy, but these researchers are exploring the options.Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail.A critical Rockwell Automation flaw could be exploited to manipulate an industrial driveβs physical process and or even stop it.The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.However, an attacker would need to already be on the local network to be successful.The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.The attackers hit dealer sales systems in Japan, according to the automaker.The new program focuses on training university-level educators in cybersecurity.Users of the conferencing platform should update immediately.Researchers at Black Hat Asia said that Intel VISA, an undocumented testing tool, can be abused using previously-disclosed vulnerabilities.At the file level, you can password protect an Excel workbook in two ways: You can determine who can get in and who can save changes.As to how the breach happened, the company is so far keeping details tightly rolled up.With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection.From the Android bloatware selling your data to the hoards of security keys on GitHub, and everything in between. It's the weekly roundup.Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.Martin admitted that for more than 20 years, he stole and a vast quantity of highly classified information, stashing it in his home and car.Court order in hand, Microsoft seized control of the hacker group's (which it calls Phosphorous) phishing sites.Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.With hype around blockchain fading, organizations are starting to seek out use cases for the technology, according to Gartner.The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.Google Play has removed 25 malicious apps that were downloading spyware, dubbed Exodus, onto victims' phones.As Game of Thrones' eighth season gets ready to kick off, a new report says the popular TV show accounted for 17 percent of all infected pirated content in the last year.Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors.Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.Google said in 2018 it tracked a rise in the number of potentially harmful apps found on Android devices that were either pre-installed or delivered via over-the-air updates.A congressional watchdog is reiterating its findings that identity theft services are rarely efficient at mitigating data breach risks.Trusted relationships can become critical risks when suppliers' systems are breached.Researchers have seen March Madness-related phishing scams, fake domains and adware spike as cybercriminals take a pass at tournament viewers.Few details yet on the March 30 ransomware attack.Trusted relationships can become critical risks when suppliers' systems are breached.Firefox Lockbox allows you to easily view your saved Firefox passwords and is a viable tool for certain users.Buca di Beppo, Earl of Sandwich, and Planet Hollywood were among the chains hit in a nearly year-long breach of their point-of-sale systems.EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.Governments need to adopt strategic approach for dealing with concerns over telecom vendor's suspected ties to China's intelligence apparatus, NATO-affiliated body says.Sold at salvage and auctions, they contain info from drivers' paired mobile devices, plus highly personal pre-crash video.More than half of incident response employees have encountered counter-IR instances in the form of log destruction and evasion tactics, according to Carbon Black.Several Toyota companies have announced that they might have suffered data breach attempts, with one affecting 3.1 million customers.White hat hacker reverse engineers financial apps and finds a treasure trove of security issues.VMware has released patches for several critical security vulnerabilities, days after two were unveiled at Pwn2Own.There's growing interest in social networks that prioritize user control. Two of the popular ones are Mastodon and Diaspora.Downgrade attack lets any user take over - just ask for old-style access to the debugging port and you won't need a passwordNew technology will be integrated into Rapid7's cloud-based security analytics platform.An investigation of mobile apps from 30 financial institutions reveals weak encryption, data leakage, insecure data storage, and other vulnerabilities.More millennial women are entering the field, but wage gap issues remain, according to an (ISC)Β² report.The malware, dubbed Exodus, records and steals all manner of data and leaves phones vulnerable to further hacking and data tampering.As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them.Maryland man conspired in a business email compromise scheme that stole from at least 13 separate victims over the course of a year.Multi-factor authentication is a common strategy, while Zero Trust is gaining traction, according to an Okta report.Third-party cyber threats are impacting major business decisions, according to a BitSight and CeFPro report. Here are some of the biggest challenges.Google's April Android Security update fixed 12 Android-specific vulnerabilities including three critical remote code execution flaws.The kit's authors demonstrate a knowledge of Verizon's infrastructure.The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows.Security has tended to be a bolt-on to enterprise software, but Sqreen hopes to make it part of the normal way developers work.When selecting targets, attackers often consider total cost of 'pwnership' -- the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.The latest breach appears to have impacted at least two million credit card numbers across six restaurants, for 10 months.People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.New data from ISC(2) shows younger women are making more money than in previous generations in the field - but overall gender pay disparity persists.Attackers these days want to βownβ your entire system, including partners and suppliers.Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.A wide variety of financial services companies' apps suffer from poor programing practices and unshielded data.Androidβs April update includes two critical CVE-level patches among a total of 11 affecting handsets running versions 7, 8, and 9.PoS malware affected some Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria locations.Over 13,500 internet-connected storage devices have been exposed online by users who didn't set passwords for them.They placed unobtrusive stickers that drivers wouldn't see but would fool autopilot into thinking the lane was veering off to the left.Some 73% of IT professionals said insider attacks have become more frequent in the past year, according to a Bitglass report.Multiple data sources, data sharing agreements, and data inventory are some of the challenges of managing data privacy cited in a survey from Integris Software.In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent - even in the face of a skills shortage.But executives aren't confident in the accuracy of cybersecurity assessment data received from their vendors, a new study shows.Aqua Security Closes $62M in FundingAqua Security Closes $62M in FundingNames, addresses, Social Security numbers, and birth dates may have been pilfered in the attack.Applications requesting access to photos for first-use setup retain that permission unless manually revoked, putting companies at risk, according to a Wandera report.The OceanLotus APT is using two new loaders which use steganography to read their encrypted payloads.Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.Maximizing your security investment starts with hiring the right talent, harvesting data, spotting trends in logs and more.Emily Wilson, vice president of research at Terbium Labs, discusses why consumers and professionals should be concerned if their data is leaked on the Dark Web.Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords.Emily Wilson, vice president of research at Terbium Labs, discusses why consumers and professionals should be concerned if their data is leaked on the Dark Web.Like many companies developing self-driving car technology, Tesla and its embattled CEO Elon Musk continue to fight data theft within its ranks.Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.You don't need a VPN server running on a remote host to create a VPN tunnel. With the help of a simple tool, you can create that tunnel with ease. Jack Wallen shows you how.A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.Nvidia has patched eight high-severity flaws in its Tegra processors, which could enable denial of service and code execution.AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.Here's our latest podcast - enjoy!The Security Analyst Summit 2019 heads to Singapore where elite researchers, top cybersecurity firms and global law enforcement agencies fight cybercrime.A flaw in the worldβs most popular web server could give an attacker a way to gain full control of Unix-based systems.What's that you say - Facebook was asking for the password to your email account? Yes, sometimes it was.A new report claims that mobile finance apps are littered with security bugs.Once more unto the breach, dear Facebook Friends of Friends...Don't let those data center Linux servers use the default SSH port. Gain a bit of a security edge by configuring the daemon to use a non-standard port. Jack Wallen shows you how.Business email compromise group London Blue is back with evolved email domain spoofing tactics and a newfound interest in targets in Asia.Over 20 models of smartwatches, some bought for kids, allow for creeps to eavesdrop and track users, in spite of a ban.Have your business try Cynet's Free Threat Assessment that checks for malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc.Malicious actors are politely asking potential victims to directly deposit money in their accounts, according to a new Vade Security report.The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.You don't need a VPN server running on a remote host to create a VPN tunnel. With the help of a simple tool, you can create that tunnel with ease.Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.Don't let those data center Linux servers use the default SSH port. Gain a bit of a security edge by configuring the daemon to use a non-standard port.The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.After two databases were discovered leaking Facebook data, Facebook and Amazon are both pointing fingers - but researchers say the onus lies on all parties involved as data collection continues to grow.No. 4 global phone maker, Xiaomi, preinstalled a security app called βGuard Providerβ that had a major flaw.Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."Organizations recently responded to a senator who's hoping to develop a strategy for reducing cybersecurity vulnerabilities in the healthcare sector.More than 2 million Apache HTTP servers remain at risk for a critical privilege escalation vulnerability.Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.Discovered by AT&T AlienLabs, new malware Xwo seeking default creds and misconfigurations in MySQL and MongoDB, among other servicesAustralian law makers have responded very quickly to the Christchurch shootings.Nvidia has released 13 patches targeting two low-end embedded computing boards.A Facebook hoax from 2011 is doing the rounds again. Don't fall for it, do something useful instead.Any machine that allows SSH login would benefit from the addition of two-factor authentication.Some 59% of all malicious files detected in the first quarter of 2019 were documents, according to a Barracuda Networks report. Here's how to protect yourself against this growing threat.All online banks risk giving attackers unauthorized access to personal data, funds, and sensitive information, according to Positive Technologies.If you're a Magento admin, stop what youβre doing and patch now.Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack.Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse.The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.Tomorrow night, the GPS "earth clock" has a Y2K event - but here's why you should be OK.The 74 cybercrime groups were offering illicit services - from email spamming tools to stolen credentials - right on Facebook's platform.Employee theft at SMBs, fighting stalkerware, and a "hacker-proof" new cryptographic library - catch up on the week's infosec news with this roundup!From sushi and phishing to robots, passwords and ninjas -- and the winners are ...The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.To make sure a deleted file can't be recovered, you'll need to use a third-party shredding tool. Here's a look at three such free programs: Eraser, File Shredder, and Freeraser.Lookout Phishing AI, which discovered the attack, says it has been going on since late November.Cisco repatched its RV320 and RV325 routers against two high-severity vulnerabilities, but at the same time reported two new medium-severity bugs with no fixes.Chris Vickery with UpGuard, who discovered two datasets exposing millions of Facebook records, discusses his findings and the implications of data collection with Threatpost.From a Russian GPS spoofing campaign to the Facebook apps leaking millions of records - it's weekly roundup time.The surveillance tool was signed with legitimate Apple developer certificates.It's fewer than 1% of the 50 million songs and videos Myspace lost, but hey, it's better than nothing!Mozilla doesnβt yet know how to solve the problem of website push notification spam in the Firefox browser, but itβs working on it.Microsoft has announced some big changes that will finally give Windows users more control over updates and releases.Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.With the April 15th filing deadline around the corner, cybercriminals are counting on a rushed response to questions to infect potential victims.Three recent spam campaigns are pretending to be from ADP and Paychex; in reality, the malicious emails are spreading the TrickBot trojan.Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.A new inquiry aims to determine whether contracts between Microsoft and EU organizations violate GDPR.Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.Researchers said that they discovered new Mirai samples in February 2019, capable of infecting devices powered by a broadened range of processors.Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers.Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.Digital Guardian upgraded its Support Community over the weekend to provide an improved user experience, better workflows and ticketing process.Italian firm appears to have developed spyware for lawful intercept purposes, Lookout says.The Series B investment supports a company bringing risk assessment to businesses in business terms.The Series B investment supports a company bringing risk assessment to businesses in business terms.A former senate staff member stole personal information about three senators and published it on Wikipedia.Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.An underground marketplace is selling tens of thousands of compromised digital identities, paving the way for cybercriminals to commit online fraud.Cosko, 27, pleaded guilty to five counts including making public restricted personal information, computer fraud, witness tampering and obstruction of justice,According to a video posted on the Imgur site Friday, itβs possible to bypass the biometrics on the new Galaxy S10 range using a 3D-printed fingerprint in minutes.His family of 7 was one network scan away from potentially being livestreamed by their host.Forthcoming versions of the Chrome, Apple Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings.CISOs need to gain a seat at the table to discuss strategy and building cybersecurity into product development. Here's how.Flowershop, Equation, Flame and Duqu appear to have a hand in the different phases of Stuxnet development, all working as part of an operation active as early as 2006.If you have an IoT device in your home, you could be receiving an average of 13 login attempts to these devices per minute. That's according to Matt Boddy's latest research.A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.The vulnerability requires local access to be exploited, though Tenable Research claims it can be exploited remotely through the assistance of social engineering.According to authorities, Zain Qaiser would pose as a legitimate ad broker to buy online advertising unit from pornographic websites.Mocking new technology isn't productive and can lead to career disadvantage.Companies including Mastercard and Microsoft are partnering with federal agencies and nonprofits to produce more cyber talent.An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.The challenge for most enterprises is that the demand for software is so high that traditional development teams often canβt keep up.The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint.The free tools will be developed by the Global Cybersecurity Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.The UKβs Information Commissioner stressed in a speech on Monday that nearly one year into GDPR, the regulation is at a critical stage.A privilege escalation vulnerability in Fortinet FortiOS all versions below 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations.If the appsec industry were to develop a better AST solution from scratch, what would it look like?Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.Face ID has replaced Touch ID on the newest iterations of Apple's flagship products. Here's what you need to know about this form of biometric security.Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.One of the flaws gives attackers way to gain root access to devices, Tenable says.A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years.The SneakyPastes campaign was highly effective but hardly advanced.Cyber espionage attack group adds mobile malware to its toolset.They're facing charges of computer criminal activity after allegedly disrupting the network at the request of their friends.The robocall scammers were defrauding small businesses who were scared of seeing their Google search listings drop off.Ms. Zhang's infected USB drive instantly went to work on a Secret Service agent's PC. He shut it down immediately "to halt the corruption."In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit.Microsoft and Adobe Patch Tuesday updates are here. Find out more about the most serious bugs and how to patch them.Passing booking information as URL arguments allows third parties to intercept booking information for data collection, according to Symantec.The company created a homegrown artificial intelligence tool dubbed BugBug to classify and categorize each bug report.Owners of Verizonβs FiOS Quantum Gateway (G1100) routers should check the firmware has been updated after a security company made public three significant security flaws.Guess how long it takes crooks to find a new device when you plug it in? All this and more in the latest Naked Security podcast- enjoy!As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016.Properly backing up your data in a secure manner is tantamount to keeping your cherished memories and important files stored safely.Don't want Google to keep track of your whereabouts? Here's how to disable location history and tracking on your mobile devices.Google debuted a series of security updates at Next 2019, giving users the option to use their phone as a second authentication factor.Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.State executive agencies, namely Department of Human Services offices, have increasingly found themselves the victims of successful phishing scams.State executive agencies, namely Department of Human Services offices, have increasingly found themselves the victims of successful phishing scams.At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats.Malware campaign, which finds and exfiltrates a user's contact list and banking credentials, could potentially grow to global proportions.Bill takes aim at all the tricks Facebook uses to convince people to give up their personal data, and all the games that addict kids.Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.FireEye Mandiant incident responders reveal a new attack by the hacking group that previously targeted a petrochemical plant in Saudi Arabia in 2017.With an upfront investment of about $1,000, attackers can more than double their money, according to a report from Carbon Black.A smartphone app used to control vehicles across North America left them wide open to attackers, it was revealed this week.Congressional leaders in the US unveiled a new law this week to ban the use of βdark patternsβ by large online players.A father thought heβd been permanently locked out of his Apple iPad after his young son repeatedly entered an incorrect passcode.Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings.Understaffed and overburdened cybersecurity teams are stretched too thin to cover the entire attack surface, according to a Ponemon / IBM report.IT pros are more concerned with user error and malicious insiders than compromised accounts, according to a Gurucul report.The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.Got a mailing list? Ever signed up for one? Ever stopped to think how a crook could abuse the security-related confirmation process?Public Wi-Fi is rife with security risks, and cybersecurity professionals aren't taking any chances, according to a Lastline report.At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news.If your website uses a SQL database you need to be aware of injection attacks, which are simple and incredibly devastating.A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.We've collected 50 resources, including blogs, videos, research, and databases, to help CISOs keep up with the demands of their busy job.If you depend on secure shell, learn how you can better protect your servers from SSH attacks.Computers running Sophos or Avast software have been failing to boot following the latest Patch Tuesday update.Prioritizing key log sources goes a long way toward effective incident response.SQL injection has been a major security risk since the early days of the internet. Find out what's at risk, and how cybersecurity pros can defend their organizations.The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convinced of skipping bail in 2012.Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.A new security feature allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts.Photo sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users' images online.A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race.The Ecuadorean embassy finally decided it wasn't willing to shelter Julian Assange any more, so it let in UK police to arrest him.Albertsons is the latest grocery store to adopt the blockchain-based system for tracing food from farm to store shelf.As state-sponsored attackers increase their activity and cyberwar escalates, security researchers are focusing their attention on industrial systems to surface vulnerabilities.With the onset of GDPR, privacy regulation compliance now tops talent shortages as the largest emerging business risk, according to Gartner.Convincing phishing pages and millions of suspicious apps are plaguing tax season.Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.The custom malware is a spy tool and can also disrupt processes at U.S. assets.These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.The duo are convicted of infecting 400,000 computers in the U.S. with malware and scamming victims out of millions of dollars.A once defunct hacking forum returns, the New York Times on privacy, and spyware apps - catch up on the week's infosec news with this roundup!Working out of Bucharest since 2007, a pair of criminals infected and controlled more than 400,000 individual computers, mostly in the US.A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.If you're looking for a password manager for your Android device, Jack Wallen offers his list of what he considers to be the best five on the market.Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.If you're looking for a password manager for your Android, below are five of the best.VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.Naked Security Live investigates how to sniff out snoopy spycams. We explain what works, and what doesn't, when it comes to hidden cameras.One week out from Easter, and Facebook's Oculus subsidiary has admitted a "hidden message Easter Egg" gone wrong. Coincidence? Or...From hidden cameras in Airbnb rentals to iPads locked for 48 years - here's everything we wrote last week.Researchers have discovered several holes in a new security protocol for wireless networks.Why many attack techniques can be reused β but organizations can't defend against them.There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit.There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type.There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule).There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate.There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options.The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.UK police are planning to issue online warnings to young gamers hoping to deter them from a life of cybercrime, they revealed last week.After three years of embarrassing rejection, might Microsoftβs newly-Chromed Edge browser be on the up?An ancient WinRAR vulnerability made public in February is now well on its way to becoming one of the most widely and rapidly-exploited security flaws of recent times.A Microsoft Outlook breach that was disclosed on Friday is thought to be much larger than previously said, a new report found.Microsoft has declined to disclose how many users were affected by the breach, though the knock-on effects can be significant. Here's what professionals should do in the wake of the breach.The answer can lead to a scalable enterprise security solution for 2019 and beyond.Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.Subrion CMS 4.1.5 has CSRF in blog/delete/.Jack Wallen shows you how to eke out a bit more security from the Enpass Password Manager, by changing the clipboard timeout.Business cyber risks rates are holding steady for US companies, according to the US Chamber of Commerce and FICO. Here's how to stay safe.Business users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government.VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.Learn how to receive a bit more security from the Enpass Password Manager, by changing the clipboard timeout.The apps, which claim to help users rack up followers, are well-rated and have been downloaded tens of thousands of times.The manufacturer, which recently won a intellectual property case involving the theft of proprietary algorithms, source code, and programming language scripts, doesn't deny it was a victim of corporate theft but disagrees with the implication it was "Chinese espionage."As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.A popular Australian smartwatch's tracking capabilities expose its user's locations, personal data and more.The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access.Instagram users have been receiving odd messages from followers expressing shock that their accounts have somehow ended up on something called the βNasty List.βA group of hackers that doxxed thousands of federal law enforcement employees last week has struck again.Law enforcement officials in the US have been routinely mining Googleβs location history data for criminal investigations.With a cybersecurity talent shortage, AI and machine learning solutions are filling gaps, according to Ponemon Institute report.The Scranos rootkit malware can do significant damage by stealing passwords and data through a fradulent certificate. But it can be removed, according to security firm Bitdefender.After the HawkEye malware kit underwent an ownership change and new development, researchers are spotting the keylogger used in several malicious email campaigns.Although new attacks might get the most attention, don't assume old one have gone away.These tips from the National Cyber Security Alliance and the Better Business Bureau can help guard your business against breaches and other vulnerabilities that could compromise your data.Employee accounts may have been compromised in a sophisticated phishing campaign.Patched just last week, the Windows kernel bug is being used for full system takeover.Google is changing its app review process to address developer complaints. Here's what you need to know about it.The IT giant's networks were infiltrated and used to mount supply-chain attacks on its enterprise customers.GDPR-ready companies experience lower overall costs associated with data breaches, research finds.Researchers are pinning a recent phishing campaign against Ukraine government agencies on the Luhansk People's Republic, a proto-state in eastern Ukraine which declared independence in 2015.The cross-platform operation, first tested on victims in China, has begun to spread around the world.Call blockers have made significant advancements, but so have telemarketers' tactics for getting you to pick up. See how call blockers RoboKiller and Nomorobo compare.Because of ongoing tweaks, like a recent amendment that would expand consumers' private right to action, the California Consumer Privacy Act remains in constant flux.The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.A new exploit developed by eGobbler is allowing it to distribute malvertisements-more than 500 million to date-at huge scale, Confiant says.Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.Between 1 January and 28 March this year hackers were able to access a βlimited numberβ of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.Nearly four years after it was replaced by Edge as Microsoftβs preferred Windows browser, researchers keep finding unpleasant security flaws in Internet Explorer (IE).If youβre using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.Mozilla has criticized Apple for its latest privacy marketing campaign, urging it to provide more automatic protection for users behind the scenes.Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.Overall Oracle patched 297 flaws across multiple product as part of its April security update.A review of fraud guides by Terbium Labs reveals the tactics used by cybercriminals to steal and exploit your data.There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.A password alone will not protect sensitive information from hackers--two-factor authentication is also necessary. Here's what security pros and users need to know about two-factor authentication.Here's the latest Naked Security podcast - enjoy!Jack Wallen shows you how to install and use the directory monitor tool, fswatch.Jack Wallen shows you how to install and use the directory monitor tool, fswatch.The financial services industry sees nearly half of all website traffic coming from malicious bots.A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.An ongoing campaign, active since 2017, has been stealing credentials via global DNS hijacking attacks.A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.Four best practices to keep old code from compromising your enterprise environment.A standing committee of the United States House of Representatives is requesting more money to properly secure federal cybersecurity and critical infrastructure in 2020.The attack uses a legitimate remote access system as well as several families of malware.After a report revealed that Facebook used user data to leverage its relationships with other companies, researchers are stressing that both firms and users need to re-assess data privacy.The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.Incident response demands technical expertise, but you can't fully recover without non-IT experts.VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected.A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability.Oracle's latest security update covers 297 vulnerabilities, many of which come with a "patch now" warning.If you own an iOS device and use the Chrome browser, you may have encountered some strange-looking pop-up ads in the past week.Android developers without a track record are going to be submitted to more checks in order to stamp out those of βbad faith.βLeaked internal docs used to claim "privacy was an afterthought" at FacebookWhat if you got hit by ransomware - but the malware program itself was on the other side of the world where you'd never find it?The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.Attempts to make BBM more consumer-focused with social media functions saw limited success, leading to the discontinuation of the BBM Consumer app.With companies across industries adopting blockchain technologies, security concerns remain, according to the World Economic Forum.The social media giant says it did not access the imported data and is notifying affected users.Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.Need a dedicated firewall appliance? OPNsense is a free, open-source solution, ready to protect your network from intrusion.The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.An Indian national used device to attack computers and peripherals at a New York college.Data classification, discovery, and encryption: We reached out to 18 security experts for insight on implementing a data-centric audit and protection program in an organization.Take our short poll on how far Facebook can push its luck.libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.Improving processes won't happen overnight, but it's not complicated either.The flaw, which existed in a Shopify API endpoint, has been patched.Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.The incident was the work of malicious cyberattackers.A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoSA flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.Growth corresponds with a greater reliance on public cloud services.Customized, targeted ransomware attacks were all the rage.Enforcement of the EU General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. Here's your GDPR go-to guide.Among them, two are critical and six are of high importance.Recent stats show that the state of third-party cyber-risk and vendor risk management remains largely immature at most organizations.Cybercriminals are turning their attention away from the C-suite, though they are still targeting users with high levels of access.Introducing a ΒCleaner InternetΒFacebook has updated 'tens of thousands of plaintext Instagram passwords ended up in logfile' to say it was more like a million.The application developed by a research group allows users to spot possible IoT security problems.Possible new regulation for the supply chain space, hijacking DNS, and another Facebook privacy misstep. Catch up on the week's news with this roundup!For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.A researcher said that millions of records were leaking 300,000 Tap30 drivers' names, ID numbers and phone numbers.Further extend Microsoft's implementation of OpenSSH in Windows 10 by generating your own secure keys.On the heels of several Facebook data privacy snafus this week - and over the past year - users no longer trust the platform.There's a lot to know about encryption, and the ins and outs can get confusing. Here's a rundown of what professionals need to know about this fundamental of modern computing.Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.McAfee, Sophos and Avast are among the antivirus software suites impacted.A simple tweak of the Windows 10 Registry file can eliminate one often overlooked security concern.The youngster who spent his own money to protect people from the WannaCry virus has pleaded guilty to malware-related cybercrime charges.More than 23 million people were breached after using the password 123456, according to the UK's National Cyber Security Centre.The information includes data on all rehab treatments and procedures, linked with patients' names and other info.How to protect yourself from being *affected* by malware, even if you're not yourself *infected*.Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.The malware researcher has pleaded guilty to two out of 10 charges; one with creating the Kronos malware and the other with conspiracy.Your nmap service probe database is probably way out of date. Jack Wallen shows you how to update that special file to the latest version.Your nmap service probe database is probably out of date. It's easy to update that special file to the latest version.The messaging app that will replace the government's use of WhatsApp and Telegram was released last week, with security vulnerability included.A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.The attack is targeting financial regulators and embassy staff-- but probably isn't the work of an APT.The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system.A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.In all versions of AppArmor mount rules are accidentally widened when compiled.In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.All versions of unity-scope-gdrive logs search terms to syslog.Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path.LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.In a complaint, filed Friday, one company is alleging a former employee took screen shots of trade secrets, including proprietary wireframes and a proposed regional launch timeline of its services, before leaving for another real estate technology competitor.Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.A unique identifier is enabled by default on every iPhone that's shipped, allowing advertisers to follow the phone's activity across the web.China-based app maker ignored repeated warnings by researchers that its password database - stored in plain text - was accessible to anyone online.Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.A day late! From the weakness in several VPNs to the Internet Explorer browser flaw, and much more - catch up on everything we wrote last week.1 in 4 Workers Are Aware Of Company IT Security Guidelines but Don't Follow ThemIntrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.A new survey says 46% of users find security confusing, which helps explain how that old clunker keeps popping to the top of breach lists.If you used WiFi Finder, your passwords to both public and private networks have been left online in an unprotected database.Using free Adobe software like Flash Player and Adobe Reader can pose a security risk in your organization.Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.A video has surfaced claiming to show someone unlocking a Nokia 9 by tapping a gum packet against the fingerprint scanner.Overall, in 2018 the FBI received more than 351k reported scams with losses exceeding $2.7 billion.Many organizations will spend more to shore up their defenses against cyberattacks this year, says business insurance provider Hiscox.In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.The regulation, issued in January, could pace Nigeria as a leader in data protection in Africa.A database used by WiFi Finder was left open and unprotected on the Internet.Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.The malware is behind billions in banking and credit-card losses.Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.An artificial intelligence strategist advises small business owners to focus on revenue and growth and not AI in of itself--at least for now--because the ROI is not there.A vendor risk management program could curtail Third-Party Vendor-initiated data breaches. Here's what to look for in a VRM solution.Microsoft's new cloud-hosted security information and event management service rolls out in a public preview.DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.The owner of State Snaps hired his cousin to break into the home of the owner of DoItForState.com to force him to transfer the domain.The privacy think tank had them for 20 days, and one of the docs was already displayed at a conference, but the NYPD is still clawing them back.Vishwanath Akuthota faces a potential ten-year stretch after killing at least 66 computers at his former college.As U.S. citizens realize that facial recognition is present in real-life applications, more questions are arising about consent, how data is shared - and what regulation exists.Ever-changing Qbot trojan has been spotted in a fresh campaign with a new βcontext awareβ delivery technique.DDoS attacks sized 100Gbps and higher exploded in Q1 2019, with 77% of all attacks targeting two or more vectors.The role of employees, the needs of the supply chain, and a reliance on antivirus products are three Catch 22s for security pros, according to a study from Glasswall Solutions.A study of a stolen credit card by cybersecurity provider IntSights reveals how scammers use card information and how merchants can guard against this type of fraud.What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.The bad guys only seem infallible. Use their weaknesses to beat them.Malicious insiders and a lack of training create a big trust gap among employees and employers, according to ObserveIT.How concerned are you about the privacy implications of facial recognition? Weigh in with our poll.The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.We've got some exciting news to share! We've secured $30 million in new funding, an investment that will allow us to help satisfy a growing demand for data protection worldwide.Google Play has removed up to 50 apps that once downloaded plagued systems with full-screen ads.A new report examines and quantifies the conflicts and challenges faced by business security leaders.Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.Facebook may be fined as much as $5 million by the FTC for data issues related to the Cambridge Analytica incident.libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.The Atlanta Hawks basketball team is recovering after a sophisticated cybercrime group hacked its ecommerce site and planted credit card skimming code on it.The proposal means that users at organizations with Group Policy would no longer be required to change their Windows passwords on a regular basis.Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.Trojans and ransomware top the list of threats with corporate targets in Q1 2019, according to a Malwarebytes report.Demand for cybersecurity roles jumped over 7% in the last year, leading to increasing salaries, according to Indeed.Looking to stay ahead of the curve on all things infosec? We've gathered a list of 50 valuable associations, LinkedIn networking groups, and meetups for security professionals.Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.Social media apps and websites are the biggest potential threat vectors to businesses, according to an AppRiver report.Validated stolen credentials cost less than a cup of coffee, but economies of scale have made selling user accounts more lucrative than ever, according to Recorded Future.Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" - and a lack of talent may not be the sole reason.Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys.A newly-discovered cryptojacking campaign uses familiar exploits to target enterprises and traverse network shares, infecting any connected computer.Four in 10 used hard drives sold on eBay found to contain sensitive information.You are better armed to make use of the SSH tool with an understanding of four key SSH files.An auditing program for the voice assistant technology exposes geolocation data that can be personally identified, sources said.Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.The number gets even higher among larger SMBs.The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.A Massachusetts federal district judge gave cops a warrant to force-unlock iPhones with the suspect's fingers.Microsoft has recognised that users don't actually change their passwords when prompted, they just tweak them. And that doesn't help anyone.And just who, exactly, is going to pay for new passports if it's necessary? Danish police are chatting with Kube Data about that.The NSA has asked the White House to end its mass phone surveillance program because the work involved outweighs its intelligence value.Half of Threatpost readers surveyed in a recent poll don't believe that consent realistically exists when it comes to facial recognition.When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.A 5G wireless gateway tailored for industrial internet of things (IoT), retail point-of-sale and enterprise redundancy applications is riddled with vulnerabilities, include two critical bugs that allow remote code-execution (RCE) and arbitrary command-injection. The Sierra Wireless AirLink ES450 LTE gateway (version 4.9.3) has 11 different bugs, which could be exploited for RCE, uncovering user credentials [β¦]A new phishing scam asking for selfies,embedding malware in video games, and the latest IoT vulnerability are all covered in this week's Friday Five.The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.A research team found that thousands of websites were tricking users into entering credit card information by spoofing trustworthy sites.You can enforce various policies to make sure your users meet certain requirements with their Windows passwords. Learn about some of the password-related settings in Group Policy.GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns.On this week's Threatpost news wrap, the team discusses Facebook's FTC fine for its data security practices, a report that Amazon is collecting Echo users' geolocation data, and more.New mobile security prototyping contracting between Privoro and the United States Air Force leverages the SafeCase, intelligent smartphone case.Yet another WordPress plugin vulnerability has put thousands of websites at risk.Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.A filing prior to an IPO lists nation-state dangers to Slack's services and customers as a risk for investors.Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.Small businesses may not have the staff needed to use automated security platforms, which is one reason why opting for a Managed Security Service Provider (MSSP) might be the better option.Before purchasing cybersecurity insurance for your business, be sure you have a thorough understanding of what is covered.From DNS over HTTPS to Microsoft's expiration policy - and everything in between. It's weekly roundup time.Researchers have found that hackers are exploiting vulnerable piracy streaming devices to steal credit card data or rope them into botnets.It's one of the first location data privacy cases to grapple with the warrant and surveillance implications of the Carpenter decision.The New York Attorney General has accused major cryptocurrency exchange Bitfinex and cryptocurrency Tether of an $850m fraud.NIST thinks it has reached an important milestone in complex software testing with something called Combinatorial Coverage Measurement (CCM).Save the Date: Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8.Shifting cybersecurity from a defensive posture to one of managing risk is becoming more important for small-business owners. Here's must-read risk-management guidance.Post-GDPR, businesses are still failing to adequately protect sensitive data, according to a Varonis report.Two-thirds of consumers say having their bank accounts compromised would be more stressful than losing their job, according to a Kaspersky report.Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available.It sounds like business email compromise attacks, attacks that rely on tricking recipients, usually executives, into conducting wire transfers, aren't going away anytime soon.Github and Bitbucket tokens for Docker autobuilds are also impacted.With a year of Europe's General Data Protection Regulation under our belt, what have we learned?Marketers often focus on cybersecurity best practices after there is an incident, though experts say that needs to change to improve a company's chances of surviving a cyberattack.Microsoft Identity Division's corporate vice president of program management Alex Simons sat down with Dan Patterson to discuss the different threats facing the enterprise today.Microsoft Identity Division's corporate vice president of program management Alex Simons sat down with Dan Patterson to discuss the different threats facing the enterprise today.When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.All versions of unity-scope-gdrive logs search terms to syslog.Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path.LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.Microsoft's executive vice president Jason Zander sat down with Dan Patterson to discuss cloud migration and how it benefits security in the enterprise.BEC scams, ransomware, and malware are some of the cybersecurity threats that cybercriminals use against real-estate agencies. Here's security advice, including scam prevention tips from the FBI.Microsoft's executive vice president Jason Zander sat down with Dan Patterson to discuss cloud migration and how it benefits security in the enterprise.A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.After facing criticism for removing or restricting several parental control apps over the past year, Apple cited security and privacy reasons.The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level.Hardware that supports pirated video streaming content comes packed with malware.As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.Come to the August event and learn how Intel's Converged Security and Manageability Engine has been fine-tuned to guard against low-level firmware attacks.She must have been star-struck, she said, after the fraudster hid behind the Fast & Furious star's photo and reached out from a fan page.For years, Facebook asked some new users for email passwords, then grabbed their contacts without consent (or any way to stop the process).The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.Cybercriminals continue to target intellectual property, putting companies at risk for financial and brand reputation hits, according to McAfee.The Good Guys from the Cyber Threat Alliance just published a report to help you keep the Bad Guys out of your networkDeep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.A dependency on third-party cloud and hosting providers leaves businesses more vulnerable to potential cyber threats, according to RiskRecon and the Cyentia Institute.Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what's at stake and what CISOs can do to mitigate the damage.When is an address bar not an address bar? When it's a fake.Another month is here and Android finds itself with a mixture of critical and high vulnerabilities.An Ohio parish lost a whopping $1.75 million after attackers breached two employees' email accounts - and then tricked other employees into sending wire transfers to a fraudulent bank account.Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.A bug in the popular anti-piracy framework allows a side-channel attack on premium content.Phishing simulation training? Audits? Incentivizing training? We talked to 18 infosec leaders and asked them what the best tools and techniques for employee security awareness training are.New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.A recently-patched critical flaw in Oracle WebLogic is being actively exploited to peddle a new ransomware variant, which researchers call "Sodinokibi."Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.A scam version of the actor convinced a woman he was in love with her.An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.Potential victims reportedly include Oracle, Volkswagen, Airbus and Porsche.Hacked Microsoft email accounts are being used by criminals to compromise victims' cryptocurrency exchange accounts and empty their funds.Put on your detective hat - the researchers who found it say it's full of people's data, but not who it belongs to.The flaw makes it possible to overwrite the devices' programming and insert an algorithm that turns them into artificial pancreases.This IoT software flaw could render millions of consumer devices, including baby monitors and webcams, open to remote discovery and hijack.Our data is especially vulnerable when we ourselves are too: at border crossings and when in unfamiliar environments.Researchers are urging Oracle WebLogic users to update quickly - after new Muhstik botnet samples started targeting a critical flaw in the servers.Employees are still using "123456" and "qwerty" far too often. Here are five ID forms that could better protect the enterprise to consider on World Password Day.The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.New controls will be able to help businesses better manage encrypted emails, block the sharing of sensitive information, and investigate possible security issues.Dell unveiled the latest generation of the Latitude series of business laptops. Here's how they stack up to Lenovo's ThinkPad lineup.As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.Ricardo Milos joined Ben 10, Adventure Time and We Bare Bear videos on its websites over the weekend.The creation of a new NYDFS division to review and respond to cybersecurity events and enforce policy around financial crimes could lead to increased oversight under the departmentβs watershed Cybersecurity Rule (23 NYCRR 500).Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.Analysis of two high-volume DDoS attacks show they're becoming more difficult to remediate with changes to port and address strategies.Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.New study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well.A new binding directive gives U.S. agencies just 15 days - as opposed to 30 days - to remediate critical flaws on their systems.The adversaries have the hallmarks of an advanced, organized group, with well-established infrastructure.Even so, more work remains to be done to address online ad fraud operations that cause billions of dollars in losses annually for advertisers.C-suite executives are turning to AI and machine learning-based security solutions to combat threats, according to an Oracle report.Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.A cursory search finds identical "backdoors" in D-Link, Cisco, and Sony devices, among others, as poor security practices do not equate to malicious intent.US federal agencies must fix their security bugs twice as quickly under new rules issued by the Department of Homeland Security (DHS).The data was published after "Boris Bullet-Dodger" failed to get Citycomp to cough up.How can IoT security be improved? The UK Government just published new details of its surprising and unfashionable answer.Newly revealed policies show border agents can search devices for pretty much any reason, including if some other agency asked them to.Though most businesses have complex password requirements in place, many are falling into other traps of poor password management, according to a survey from OneLogin.Account takeovers are one of the fastest-growing email security threats hitting Office 365 accounts, according to Barracuda.Yeah, yeah, yeah... we really ought to get around to picking proper passwords for everything - and here's why!Organizations are not prepared to handle cyber breaches due to gaps in IT security and basic operations, according to a 1E survey.Phishers tend to focus on business during the week, social media and finance on the weekend, according to a Vade Secure report.