Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.π Read
via "Dark Reading: ".
π‘ Cybersecurity & Privacy news π‘
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.Calls to eliminate the password abound on this World Password Day - and the technology to change is ready. So why can't we get off our password habit?Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.Make an effort to secure your digital life with these helpful, easy-to-follow password tips.NIST has updated the Federal Information Processing Standard, or FIPS, to align with the international standard, ISO 19790 for the first time,An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.Organizations are using more open source software than ever before, but managing that code remains a challenge.Dell has patched two high-severity vulnerabilities in its SupportAssist software meant to aid security issues for customers.One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.Researchers warn customers to reconsider the use of the cameraβs remote access feature if the device is monitoring highly sensitive areas of their household or company.How a rocky relationship between IT operations and cybersecurity teams can compound security risks.Job-hunting site Ladders leaves job seeker data exposed on the Internet.If Enpass is your password manager of choice, there are three handy audit tools you should be using. Jack Wallen explains.Use Enpass audit tools to identify weak, identical, and old passwords.Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws.Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.Auto-delete will hopefully please those of us who haven't already turned off location history altogether (for very good reason).A battle rages between manufacturers and users over who can repair a product, with tech companies using security concerns as a weapon.Crooks have developed "ingenious" new ways to drain user accounts and wallets, CipherTrace says, prodding regulators into action.When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.Privacy and security concerns frequently drive consumer smart device buying decisions, according to an Internet Society and Consumers International report.While Gen Zers think they won't fall for phishing scams, most don't even know what "phishing" means, according to a Google report.Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.Critical flaws in the software of Sierra Wireless' AirLink routers enable an array of malicious attacks.The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app.Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.When coding is criminal, why HIPAA mandates breaches be reported after 60 days, and evaluating GDPR are all covered in this week's Friday Five.Belgian coder Bernard Fabrot just finished a 3.5-year computational marathon, solving a fascinating cryptopuzzle set at MIT back in 1999.The Threatpost team breaks down the strangest security stories this week - from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million.Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.Short on concrete details but long on affirming cybersecurity skills as a critical piece of federal defense, the White House executive order aims to bolster the national cyber workforce.A Mozilla bug has made everyone's Firefox addons 'untrustworthy' - including turning off the important NoScript security feature in Tor.Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind.Will connected devices be insecure forever? Or will legislation - such as the recent UK mandate announced this week - help boost IoT security?A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.A digital signing flaw killed add-ons for Firefox as well as Tor -- and no patch is yet available for Tor users.The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar.Mozilla forces third party add-ons to be digitally signed, though an expired certificate disabled these, causing confusion among users of Firefox and the Tor Browser over the weekend.The deployment of 5G networks will bring new use cases and revenue opportunities, mobile providers say, but security will be essential.This company protected its sensitive data with biometric thumbprint scanner but still managed to suffer trade secret theft after a former director of research allegedly stole gigabytes of data on its recipes.Cisco patches two high-severity bugs that could be exploited by remote attackers.Snowballing attacks using a recently patched critical bug show no sign of abating.Another Dark Web market has been closed, its leaders arrested. Law enforcement seems to be getting a handle on the Dark Web--is it really as big of a threat as it is made out to be?The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.The new software development kit - free and open source - will be available to election officials and technology suppliers this summer.MegaCortex uses a compromised domain controller in its attack.Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.From malware-stuffed piracy apps to the Docker breach, get yourself up to date with everything we wrote last week - it's roundup time.Singaporeβs central bank sent a payment to Canada using blockchain technology last week, in a clear signal that the technology has value.It went down in flames, with a rogue admin blackmailing vendors and buyers and leaking login credentials and the IP address.The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what it's really up to.Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.One moment, the defendersβ network looked secure but the next, as if out of nowhere, the ransom note pops up.Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.Half a billion records have been exposed in total, with over 86 breaches affecting the two states since January, according to Risk Based Security.Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017.Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.While very little money will change hands, the sum is believed to be one of the largest judgments for the theft of trade secrets in U.S. history.The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.Ranking based on consumers' cybersecurity practices - or lack thereof.New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.It's easy to add Microsoft's drive encrypting BitLocker protection to your non-TPM enabled Mac computers hosting Windows via Boot Camp or third-party VM.BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller.Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.A team of security researchers has exploited Microsoftβs patchy macro documentation to hide malicious code inside innocent-looking macros.The Choicelunch CFO is accused of hacking student data out of The LunchMaster's site and anonymously ratting it out for bad security.A Ukrainian and his gang allegedly smeared malvertising for 4.5 years and tried to rent out a botnet full of infected computers.Google's May security update for Android is out β but will you be lucky enough to get it this week? If you own one of a Pixel device, then yes.Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources.Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices.Employees are still using "123456" and "qwerty" far too often. Here are five ID forms that could better protect the enterprise to consider on World Password Day.Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year.At Google I/O, the tech giant announced it is beefing up security in phones with its latest Android Q operating system by offering direct updates and privacy controls.A survey of 10,000 Americans found that 90% believe they are doing enough to protect themselves online, though less than half are even doing the bare minimum.A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls.The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity.Google Chrome users have complained for years about how browser handles history, allowing malicious websites to inhibit back button usage.The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.Max Wessel spoke with TechRepublic at the 2019 SAP SAPPHIRE NOW conference about the most beneficial enterprise solutions organizations should be using.The latest edition of the report analyzed over 40,000 security incidents to identify trends and changes by threat actors.Learn how to limit what SSH users can do by jailing them with the help of Jailkit.Don't entrust the deletion of sensitive data to the standard tools. Install this handy data wipe command for more secure removal.Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'The incident is only the latest in a string of disturbing horror stories of guests finding live, recording cameras hidden in their Airbnb flats.Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.In fact, FIN7's activities only appear to have broadened, according to a new report.Microsoft's Protected View feature tries to protect you against potentially malicious files and documents. Here's how to use it.Tor can safeguard your browsing activities on an Android device via a new app in alpha release. Here's how to use and tweak it.Learn how to limit what SSH users can do by jailing them with the help of Jailkit.Data breaches caused by unsecured Internet of Things devices increased to 26% this year, according to a Ponemon Institute report.If you make use of Secure Shell, you'll want to run down this checklist of five quick tips to make that Linux server a bit more secure.Has your back button ever mysteriously stopped working?The suspected admins of the DeepDotWeb site are alleged to have sent buyers to illegal markets in exchange for millions in kickbacks.There is no shortage of unique terms and acronyms within the cybersecurity industry. In many ways, security has a language of its own. This guide lists more than 40 of the most common cybersecurity acronyms, serving as a resource for beginners and a reference guide for those with more experience. Terms are listed in alphabetical order for ease-of-use.A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript.Staying a step ahead requires moving beyond the security techniques of the past.A group of tenants in New York City have prevailed in a lawsuit against their landlord's use of smart locks.LightNeuron is the first to target Microsoft Exchange transport agents -- and is used as a hub for major Turla APT espionage efforts.End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.Nine in 10 cloud breaches occur due to employee mistakes, according to a Kaspersky Lab report.Drupal, Typo3 and Joomla are all impacted by the bug.Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.Here's a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselves...Google unveiled the next-generation Google Assistant at I/O 2019, featuring an on-device speech recognition model-bypassing the need to upload voice samples to cloud systems.Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza.If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.Karen Roby gives us a snapshot of the news covered this week on TechRepublic and ZDNet. The stories include 3 major conferences, a telecommunications data breach and a look at the amount of CIO's implementing AI.A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.The cybersecurity skills shortage has gotten worse for the third consecutive year, according to the Information Systems Security Association.'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).Two have been indicted in the 2015 massive data breach of health insurer Anthem, which compromised the data of at least 78 million customers.A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive.The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.Why motion sensors in the bedrooms, she wondered? Why the extra light and weird wiring on the router?It also wants to be the country's data-privacy police: commissioners called for more resources and ability to impose penalties.Records included not only the individualsβ name and email address but also their employment history, salary, and phone number.Nigerian scam groups launched even more attacks in 2018 - and used more complex types of malware to reach more victims.Among the 50+ new Briefings confirmed for this August event are a deep dive into the Apple T2 chip and a pile of lessons learned from the Equifax and Home Depot breaches.Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.It's not a secret that IT professionals--particularly first-tier tech support--have a low opinion of users, though a new survey paints a rather bleak picture.Exec shake-up comes amid earnings drop in financial report.Three steps you can take, based on Department of Homeland Security priorities.Slowly but steadily, developers are being given the tools with which to tame the promiscuous and often insecure world of the browser cookie.A dark web service takedown, Google gets better about data privacy, and another city hit by ransomware - catch up on the week's news with this roundup!Nvidia has patched three vulnerabilities in its Windows GPU display driver that could enable information disclosure, denial of service and privilege escalation.OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.The WannaCry attack proved pivotal, changing the way organizations go about securing their environments.A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.From a creepy Airbnb incident to Verizon's Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10.The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.Using a bug patched in March, the attacks are starting to ramp up worldwide.From spying Airbnb creeps to the CSS trick that tracks your mouse movements - and everything in between. It's weekly roundup time.During the 2018 "annus horribilis", users disgusted at privacy flops swore to dump Facebook. But where else is there to go?According to a new study, Android bloatware can create hidden security and privacy risks.They're part of a gang that spearphished millions of records out of the health insurer and other businesses, the DOJ says.IT professionals face a slew of concerns in today's connected ecosystem, according to an Insight Enterprises report.Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.Lock down all SFTP users on your data center Linux servers with a chroot jail.Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.Yet 68% of US consumers agree they also must do more to protect their own information.Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.The FTC told Congress last week that if a national privacy law gets passed, it wants more resources and greater authority to impose penalties under it.Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.The two high-severity bugs impact a wide array of enterprise, military and government networks.A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.ScarCruft has evolved into a skilled and resourceful threat group, new research shows.The FBI and Department of Homeland Security have identified a new strain of malware from North Korea, representing the latest in a long line of cyber attacks from the countryMicrosoft has put another nail in the passwordβs coffin by winning a certification that will make it easier to log into Windows machines.Β A Chinese white-label panic alarm used by elderly and vulnerable people can be remotely controlled by sending it simple SMS commands.Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.A WhatsApp zero-day has allowed an βadvanced cyber actorβ to successfully install spyware on victims' phones with no more than a phone call.Cynet Β protects the entire internal environment β including hosts, files, users and the network.WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones.Don't entrust the deletion of sensitive data to the standard tools. Install this handy data wipe command for a more secure removal.Improper handling of a custom URI creates a vulnerability for users of the Slack Desktop client on Windows.Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.The bug is remotely exploitable without authentication or user interaction.Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.Adobe has issued patches for 87 vulnerabilities on Patch Tuesday - the bulk of which exist in Adobe's Acrobat and Reader product.Intel has disclosed a new class of speculative execution side channel attacks.Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.It took five months but the Office for Civil Rights' first HIPAA settlement of the year, $3M, stems from a breach involving an unsecured FTP server.Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.A massive update addresses the breadth of the computing giant's product portfolio.Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.Fast Retailing Co. reports cyberattackers accessed accounts registered to its Japanese Uniqlo and GU brand websites.A single flaw allowed attackers - thought to be linked to a government - to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.The suit says Rankwave used Facebook user data for targeted marketing and ignored its cease-and-desist letter.Apple has released its May 2019 security updates, taking iOS to version 12.3 and macOS Mojave to version 10.14.5.Now fixed, the bug affected some users with multiple accounts running on an iOS device.Companies achieve better results with a business-driven cybersecurity strategy, according to new survey results from consulting firm PwC.May 2019 Patch TuesdayΒ fixed 79 vulnerabilities, 19 of which are classed as Critical. Here's a summary of the most notable ones.Β Microsoft has fixed an RDP vulnerability that can be exploited remotely, without authentication and used to run arbitrary code.Learn to set malware lures, pinpoint unintentional but identifying human behaviors, and detect industrial control system attacks via sensor noise.Security professionals are willing to share intel with their peers and the government if such sharing improved their ability to detect cyber threats, according to an IronNet survey.Medical IoT devices carry significant cybersecurity risks, according to a Forescout report.The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.A major gap exists between the perception and reality of online security safety, according to Google Registry and The Harris Poll.Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.Here are 10 top takeaways from Intel's most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week.Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.Karen Roby highlights some of this weeks news coverage on TechRepublic and ZDNet. The stories include a security warning from Microsoft, a rundown of the Facebook privacy scandal and a look at the highest paying internships for 2019.Karen Roby highlights some of this weeks news coverage on TechRepublic and ZDNet. The stories include a security warning from Microsoft, a rundown of the Facebook privacy scandal and a look at the highest paying internships for 2019.Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.A new bill introduced in the Senate this week would restrict U.S. tech exports to China and crack down on intellectual property theft.Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide to salaries, job markets, skills, and common interview questions in the field.The city that gave us facial recognition tech says "not in my back yard".Unpatched Linux systems are vulnerable to remote compromise from the local network.The feature still lets you see how others see you, but without leaking access tokens.Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses.The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices.Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.If you like what we do... please vote for us!Hyper-Threading, Intel's implementation of symmetric multithreading (SMT) can be exploited using the newly-disclosed MDS vulnerabilities, like Fallout and ZombieLoad.Alabama is the latest state to adopt the Insurance Data Security Model Law, a legal framework that requires insurers to develop and implement an information security program and breach notification standards.The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others.The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world.CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.A tool from the White House invites those who suspect political bias in social media censorship to "share their story with President Trump."Arrests in Europe and the US appear to have ended the cybercrime careers of the gang behind the GozNym banking malware.Six alleged members of "The Community" were indicted, along with three phone service employees who allegedly helped target subscribers.Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure.From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week.Businesses across industries lose money and reputation due to knock-off products and questionably sourced materials, but a solution may already exist, according to a Cisco and BCG report.TechRepublic took home multiple awards at the national 2019 Azbee Awards of Excellence, including two gold awards and honorable mention for Website of the Year.Agencies must take steps to ensure that citizens trust in the security of government's digital channels.There have been some major security breaches in recent years, according to a recent Bitglass report, and those breaches have cost companies billions of dollars along the way.The importance of reading the network tealeaves of a companyβs network traffic to head off an attack.News on the latest microprocessor side-channel attack, the big WhatsApp vulnerability, and combating online harassment are all covered in this week's Friday Five!Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses.Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.It was a week of patches - from a severe Linux kernel flaw to a new 'wormable' Windows bug, here's a roundup of the week's top stories.It turns out that robo-dialed calls accounted for 56.5% of the phone-in vote for the millionaire's daughter.It's not clear who paid Archimedes Group for its reality-warping campaigns, but it's clear disinformation is now a global scourge.Bot and phishing attacks can compromise your G Suite account, but there is an easy way to block the majority of these attempts, according to Google.Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.Still, a new Google study uncovers a bit of good news, too.In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.The EU's General Data Protection Regulation is now a year old, and has resulted in financial repercussions and changes to how businesses handle data.A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.A cybersecurity expert discuses breaches, data protection laws, and why he considers multi-factor authentication the beginning of security.SB 561, a contested amendment to the California Consumer Privacy Act that could have expanded the right of consumers to sue companies over their handling of personal data, has been shelved by the state for now, likely giving businesses a sigh a relief.A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.The company says it stopped the attack launched by a Chinese hacking group.A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.Amnesty International, which was sent the Pegasus spyware via a WhatsApp message, is seeking to stop NSO Groupβs "web of surveillance."A strong data protection strategy is essential as data moves across endpoints and in the cloud.Quantum computers are theorized to be capable of breaking RSA encryption. Experts disagree on when it could happen, but agree on a need for quantum-proof encryption.Europeβs biggest ISPs and mobile operators are accused of undermining net neutrality rules and user privacy with their use of DPI.They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.After decreasing in 2018, the number of DDoS attacks jumped up in Q1 2019, according to Kaspersky Lab. Here's how to stay safe.A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see.HCL domain pages exposed sensitive data - including passwords and project analysis reports - for thousands of employees and customers.A commercial phishing platform that targets Apple users has proven popular enough for other criminals to pirate, though the pirated version transmits harvested data through a hidden back channel.Many IT pros remain concerned with the risk of data loss and leakage in the cloud, according to a new survey from AlgoSec.A flaw in the Secure Boot trusted hardware root-of-trust affects enterprise, military and government network gear, including routers, switches and firewalls.The acquisition solidifies KnowBe4's European presence and shows a focus on building and measuring security culture.Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.One year after GDPR was first implemented, an estimated 500,000 organizations have registered data protection officers in place.An AWS-hosted database was configured with no username or password required for access to personal data.Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.Intel has issued fixes for a slew of vulnerabilities, separate from the side-channel bugs disclosed last week.Quantum computers are theorized to be capable of breaking RSA encryption. Experts disagree on when it could happen, but agree on a need for quantum-proof encryption.Mozilla has released a host of fixes for its browser as it rolls out its latest 67 version of Firefox, which touts better speed and privacy.The latest changes to the Satan ransomware framework demonstrate attackers are changing their operations while targeting victims more carefully.Learn how to create a Windows PIN with more than four digits.Google & UC-San Diego researchers found that only 5 of 27 hacker-for-hire services actually launched attacks against their targets.Sometimes it's best not to tinker under the hood - especially when it comes to security IDs.Sometimes you get a list of ambulance companies, sometimes a blog post on when it's OK to call an ambulance.A security researcher has discovered a massive cache of data on millions of Instagram influencers, publicly accessible for everyone to see.The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?Plus, hear from key figures about the history and the enduring influence of The Cult of the Dead Cow this August in Las Vegas.Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.UK-based Arm Holdings has issued a memo to staff indicating it must stop working with Chinese equipment manufacturer Huawei, following a US trade dispute.Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law in the US?SandboxEscaper has released her latest local privilege-escalation exploit for Windows.Karen Roby reports on this week's biggest tech news, including Huawei's Android license and the one year anniversary of GDPR. How have businesses been affected by the legislation and what does Microsoft have to say about a potential version of the law in the US?IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.The city's mayor says there's no 'exact timeline on when all systems will be restored.'It took a year but Lithuania's data protection authority issued its first fine, to a fintech company, for breaching three provisions of the GDPR.The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.The new exploit builds a fake frame around legitimate portions of an online commerce website.OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.A new analysis highlights the prevalence of malware signed by certificate authorities and the problems with trust-based security.The mayor said noβfor nowβto paying 13 Bitcoins to (purportedly) unlock all seized systems. Manual rebuilding could take months.Mozilla rolled out version 67 of its Firefox browser this week, fixing some security bugs and introducing a host of privacy features.After nine months of alpha testing, a stable release of the Tor browser for Android can now be downloaded from Googleβs Play store or direct from the Projectβs website.Nobody got at the subset of G Suite passwords, Google said, apologizing and saying that it's working to ensure this is an isolated incident.As Bitcoin prices surge, so too are malicious apps, malware-ridden scams and cryptojacking attacks looking to profit from the cryptocurrency industry.Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.As promised, developer SandboxEscaper has dropped exploit code for four more bugs, on the heels of releasing a Windows zero-day yesterday.In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS).Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.After one year of enforcement of the GDPR, businesses can learn much from how the provisions of the regulation have been applied and how organizations have been fined.With a new cybersecurity team dedicated to enforcing the departmentβs regulations under its wing, the New York Department of Financial Services (NYDFS) will grow even more vigilant of violations.OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can't stop.Coming to America: The Shade ransomware, which has historically targeted Russian victims, was recently spotted expanding its sights.Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.In libwebp 0.5.1, there is a double free bug in libwebpmux.b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).The event provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.The event provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.Enforcement of the EU General Data Protection Regulation (GDPR) applies to any company that transacts with European Union citizens. Here's your GDPR go-to guide.It was triggered by a complaint filed by Dr. Johnny Ryan, CPO of privacy-focused Brave browser, which is fighting Google's search domination.Competition regulators investigated Apple due to concerns that people were needlessly repairing or replacing slow phones.Apple thinks it has come up with a way for advertisers to track how well their ads are doing without compromising user privacy.Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.Tenable introduced the free Nessus Essentials product, and also discussed the wisdom of building apps in Electron, along with fixes for Spectre and Meltdown.The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.Get ready, because this October Black Hat will bring its highly-regarded Trainings to Alexandria, Virginia for two days of intensive, practical cybersecurity education.The Threatpost team breaks down the top privacy-related data incidents of the week - including data leaks from HCL and a golfing app - and highlights some surprisingly good privacy news.Though phishing volume remained relatively stable, attacks against Canadian users dominate, according to an RSA report.The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.The event provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.The Windows 10 update that's rolling out addresses insecure Wi-Fi hotspots with new user notifications.Google's password faux pas, how real-time bidding may violate the GDPR, and tips on mitigating trade theft risk are all covered in this week's Friday Five.New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.ZDNet's Danny Palmer sits down with TechRepublic's Karen Roby to break down exactly what GDPR is, what it does, and what the future looks like as its one-year anniversary approaches.Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy.The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because we're still making old mistakes - here's what to do.Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.New campaigns also show modified versions of known payloads.A day late! From potential Windows 10 borkings to hackers hacking hackers - catch up on everything we wrote last week.The TRACED Act was a slam dunk in the Senate, where it passed with an overwhelming 97-1 vote.One of the USβs most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach.The Watch Tower sought to unmask a Jehovah's Witness who posted its content to show what data the organization collects and processes.Researchers revealed a massive hole in Google Safe Browsing's mobile browser protection that existed for over a year.The dark web is home to a multitude of threats for businesses. Here is how to stay protected, according to a Terbium Labs report.Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.Researchers have discovered one million devices that are vulnerable to a "wormable" Microsoft flaw, which could open the door to a WannaCry-like cyberattack.How to determine what an MSSP can do for your organization, and the questions to ask before signing a contract.Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS.The initial breach notification was topped with marketing fluff: an unfortunate choice, given what could be the resulting glazed eyeballs.Amazingco, an events planning firm, exposed 212,220 records with personal data relating to children's parties, wine tours and more.Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.Ireland's Data Protection Commission has fielded nearly 6,000 reports of security breaches since GDPR went into effect.A penetration tester shows how low-severity Web application bugs can have a greater effect than businesses realize.Acquisition of security instrumentation firm will add more than $70 million to 2020 billing, FireEye estimates.Privacy on the web is a growing concern. Tom Merritt suggests five privacy plugins to help keep your personal information safe.Privacy on the web is a growing concern. Tom Merritt suggests five privacy plugins to help keep your personal information safe.A new attack is found that uses MySQL as part of the attack chain in a GandCrab ransomware infection.The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing.The botnet has displaced credential stealers, stand-alone downloaders, and RATs in the overall threat landscape.Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.The defendants allegedly pulled in over $1.3 million over the course of about six years for unnecessary and undelivered tech support.Now it's easier for attackers to produce deepfakes, even if the target doesn't have much existing footage. Like the Mona Lisa.Learn about the latest supply chain attacks, red team threats, and "deep fake" detection tricks at the premier cybersecurity event in Las Vegas this August.A rapidly-expanding campaign has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin.The Emotet botnet drove 61% of malicious payloads in Q1 2019, according to a Proofpoint report. Here's how to keep your business safe.The proliferation of unpatched systems in manufacturing and healthcare settings allows the North Korean state-sponsored malware to persist.Creating a culture of supporting and advancing women is no small feat, but it's worth the challenge. Start with yourself. Here's how.The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.A top UK government cyber-official has called out the telecom supplier, long suspected to use its infrastructure sales as a base for industrial espionage.Researchers are warning of flaws in two WordPress plugins - Slick Popup and WP Database Backup - including one that remains unpatched.Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.High-risk applications that require zero latency, like remote surgery, could cause loss of life in the event of a cyberattack.Need a reason to use a password manager? How about five?Reports in Israel-based business publications say Palo Alto Networks has reached a deal to purchase the container security startup, as well as another Israeli security startup.Your SIEM isn't a set-it-and-forget-it proposition. It's time for a spring cleaning.The Office for Civil Rights recently reminded business associates what HIPAA violations it can be held liable for and when the Department of Health and Human Services can take enforcement action.Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.What does 5G mean from a security vendor perspective? A Palo Alto Networks expert sounds off at GSMA's Mobile360 this week.Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE."We had access to the grade book. Now we could change the grades."An internet-wide scan has revealed almost one million devices vulnerable to CVE-2019-0708.Police close their investigation, concluding that New Zealand's "wellbeing" budget wasn't hacked.Some 93% of organizations said they feel prepared against cyberthreats, though they lack common cyber best practices, according to a Centrify report.A Monero cryptominer made a home on an Apache Tomcat server and just wouldn't stay away.Amazon S3 cloud bucket misconfigurations however have dropped dramatically.Standard security practices among IT companies do not necessarily carry over to the IT departments of other firms, leading to products sold without basic security measures in place.The wrong use of SMB, FTP, and other file storage technologies exposed 2.3 billion online files globally over the past year, according to a Digital Shadows report.Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.Podcasts are a go-to resource for security professionals β here's our roundup of 35 of the top podcasts covering information security.One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.The complexity and scale of the 5G ecosystem, combined with a lack of skills and training in software-centric security, will be important drivers for AI deployment in the carrier space.The company also agreed to buy container security company Twistlock as it develops its cloud security suite.A report out from Talos on the state of ATM malware contains lots of tips on protecting these machines from malware, and they're just as applicable to other industries.The reality for business owners and CISOs looking to protect their business from a cyberattack is that cyber insurance is not a catchall for protecting against risk and loss.Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.Karen Roby reports on this weeks biggest tech news which includes, the FBI's most wanted cybercriminals, a look at new mid-priced phones, a smarter Roomba, and the best websites for resumes.Karen Roby reports on this weeks biggest tech news which includes, the FBI's most wanted cybercriminals, a look at new mid-priced phones, a smarter Roomba, and the best websites for resumes.The threat intelligence company went for $780 million in a cash deal.Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control.Android Q's features will transform some phones into more user-friendly, customizable, and secure environments. Here's what developers, businesses, and users need to know about Google's Android 10.0.Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.A name-and-shame database is supposed to "save" husbands from wives who have appeared on porn sites."...nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes."Hugely popular news aggregation site Flipboard - one billion app downloads from Google Play and counting - has become the latest internet company to admit it has suffered a breach.Suse developer Aleksa Sarai has uncovered a bug in the way that the container framework handles path names.Three security experts offer a sneak peek into their upcoming Black Hat USA talk on organizing female infosec communities in Korea, Japan and Taiwan.Slow boot times can be extremely frustrating, but there is a trick to improve boot times in Windows 10 that may be worth a try.With Generation Z's huge presence on social media, they are opening up more doors for hackers to infiltrate. Here's how to keep your interns protected.Nvidia is urging gamers to update its GeForce Experience software after patching two high-severity vulnerabilities.Follow these best practices to strengthen endpoint management strategies and protect company data.The SANS Security Awareness Professional (SSAP) will be available this summer to professionals focused on measuring and mitigating human risk.Incentivizing healthcare orgs to adopt cybersecurity practices, malware targeting Linux systems, and Microsoft's call for federal data privacy - catch up on the week's infosec news with this roundup!The latest statistics on GDPR spending, compliance rates, enforcement, and consumer attitudes on privacy protection.Attacks on point-of-sale terminals garners less attention these days, but the most recent breach of the restaurant chain shows hackers have not lost focus.A huge wave of attacks is targeting home routers in South Africa for recruitment into a Hakai-based botnet.As 5G deployments continue to increase, what are the top security risks for enterprises? We discuss with an expert during GSMA's Mobile360 conference.Google Project Zero researcher unearths a bug in Microsoftβs Notepad Windows application.A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.Regularly checking your macOS systems for properly configured systems, apps, and services with Lynis helps administrators harden devices by minimizing their attack surface.How will 5G vendors deal with the issues of security? Nokia's head of end-to-end security solutions discusses during the GSMA Mobile 360 conference.Google announced that on 25 June 2019, Gmail's confidential mode will be switched on by default as the feature becomes generally available.From tackling anti-robocalling in the Senate to a data breach at a license plate reader company, here are last week's top infosec stories....then maybe they deserve this drivel, says a Macedonian copy-paste/turn-it-into-clickbait-bile writer who says it's all about the money.Are you making your way to Olympia, London for Infosec Europe this week? Stop by the stand, say the Phrase That Pays and we'll give you a free T-shirt.Changes to extensions will limit the way that Chrome lets browsers block content - unless you're an enterprise user.Researchers have found that a phone's gyroscope, accelerometer and other sensors create a unique fingerprint.Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.Despite the risks, 90% of business leaders said they lack the resources to defend against a cyber attack, according to a Nominent report.After a year of success, its operators say they earned millions -- and are ready to retire.Is cybersecurity worth the investment? It depends.The latest in a line of ways to bypass Apple's security safeguards was disclosed at the Objective By the Sea conference over the weekend.An attacker could gain remote access by chaining together an exploit for home routers with the TV flaw.Having trouble getting CA certificates installed and recognized in Ubuntu Server? Find out how it's done with a few quick commands.Survey of executives in the US and UK shows that worries abound -- about cyberattacks and the lack of resources to defend against them.The iPhone-maker announced the 'Sign in with Apple' API, and restrictions on location-tracking.Researchers use malicious NFC tags and booby-trapped physical surfaces to connect Android devices to malicious wireless networks.The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.RIP iTunes, hello to the standalone Music, Podcasts and TV apps that are taking its place.At Infosecurity Europe, a security expert from Guardicore discusses a new cryptomining malware campaign called Nanshou and why the cryptojacking threat is set to get worse.As of Friday, it's no longer optional - the US is been asking for five years of social media information.The authors of the GandCrab ransomware strain are shutting their ransomware-as-a-service portal, allegedly walking away with a cool $150m.A researcher has found a way to abuse synthetic clicks in macOS "Catalina", and it hasnβt even shipped yet.Non-malicious insiders are among the top three threat actors, according to an ISACA report.Personal identifiable information (PII) was the leading type of data breach in 2018, accounting for 97% of all breaches, according to a ForgeRock report.Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Here's how.Threat detection tools don't take into account the emotional aspect of insider threats, a panel of experts said at Infosecurity Europe this week.Distil Networks' technology will be integrated into Imperva's security stack following the acquisition.During Infosecurity Europe in London this week, cybersecurity experts sounded off on worries about artificial intelligence being used for nation state cyber weapons.The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.The cybercriminals are reportedly winding down operations around the ransomware after claiming to have made $2 billion in ransom paymentsCommercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.DRP's are about backing up data and recovering from loss as efficiently as possible, but a plan is only as good as its weakest link.The Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy.The tactics and techniques most commonly used to slip past security defenses and catch employees off guard.0patch has released an interim micropatch for the dangerous LPE bug while we wait for Microsoft's official patch.A proof of concept at Interop19 showed just how simple a container deployment can be.Attackers appear to have used a ransomware-as-a-service platform to wage the attack.Healthcare breaches grew 400%, study shows.The login scheme promises it won't share data -- and will be required for all developers using third-party sign-ins.Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.The heavily obfuscated adware was found in 238 different apps on Google Play.Apple's WWDC was full of surprises including a new feature designed to make signing up for websites more private: Sign In with Apple.A multi-state ATM card-skimming spree netted his gang over $800k from 531 people's bank accounts.The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store.It's that time again. June's patches for Android are here.At Infosecurity Europe, researchers detailed a cybergang that grew from a one-man shop launching Craigslist scams to a full-on enterprise BEC group.At Infosecurity Europe, Threatpost gets a behind-the-scenes look at the discovery of BEC cybergang Scattered Canary.Despite a mandate from Apple, 68% of developers disable ATS globally on their apps, according to a Wandera report.As more data is collected, shared and sold, people are growing increasingly distrustful of technology, an expert said at Infosecurity Europe Wednesday.A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.An overview of three common organizational structures illustrates how NOT to pit chief security and IT execs against each other.We're excited to share that Digital Guardian won the Best Data Leakage Prevention (DLP) Solution at the 2019 SC Awards Europe!The National Security Agency joins Microsoft in urging Windows admins to patch wormable bug CVE-2019-0708.Experts at Infosecurity Europe shed light on how IT and operational technology teams can better collaborate as industrial IoT takes hold.A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.NVIDIA?s Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosureProviding an easy-to-use, uniform authentication experience without passwords is simpler than you may think.This weeks TechRepublic and ZDNet news stories, include highlights from WWDC, a warning to employers regarding employee security and what you need to know about prescriptive analytics.At Salesforce TrailheaDX 2019, Parker Harris shared his advice for tech leaders on everything from multiplatform integration to managing a crisis.At Salesforce TrailheaDX 2019, Parker Harris shared his advice for tech leaders on everything from multiplatform integration to managing a crisis.This weeks TechRepublic and ZDNet news stories, include highlights from WWDC, a warning to employers regarding employee security and what you need to know about prescriptive analytics.Both FireFox and Chrome have received updates to better guard users against privacy and security threats, such as tracking by Facebook.The endpoint security company already has specific plans for the new funds.The mobile ad plugin, found in hundreds of Google Play apps, uses well-honed techniques from malware development to hide itself.The vulnerable kits also offer a point of entry to compromise legitimate website servers.A critical data encryption tool, included by default in iOS, is being turned off in more than two-thirds of popular apps.LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.Apple has long been the proprietary bad guy, but Googleβs privacy-sucking ways in Android should give open source freedom fighters reason to consider switching.Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.It was a well-oiled business, with Top Dogs fencing devices, forgers cooking up fake IDs with stolen PII, and runners ripping off phones.In another step to scrape pedophiles off the bottom of its shoe YouTubeΒ is banning youngsters from live-streaming without adult supervision.Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions.The latest version of Firefox, 67.0.1, features a fully-fledged version of Mozillaβs Enhanced Tracking Protection (ETP) privacy system.Modular malware attacks have surged since the start of 2019, according to Barracuda Networks.Ken Munro of Pen Test Partners hopes to see regulation for connected-device security in 2020.20 Data Scientists & Security Pros Reveal the Most Common Pitfalls to Data Discovery and ClassificationDevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features - fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.CIOs and CISOs continue battling with security issues in the enterprise, but improving staff tech skills isn't the only solution, according to Exabeam.Critical bugs impact a widely deployed streaming platform, common in the U.S. and elsewhere.Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis.Dark Web listings with the potential to harm the enterprise are up 20% since 2016, according to Bromium.Changing passwords frequently is not only a pain, but also unsafe, according to Microsoft. Here's why the company's decision to remove password expirations is a good one.Researchers witness an increase in buying and selling targeted hacking services, custom malware, and corporate network access on the Dark Web.Bug allows for a remote attacker to execute arbitrary code on industrial, enterprise tools.If your company truly is a great place to work, make sure your help-wanted ads steer clear of these common job-listing cliches.Experts share the cybersecurity threats to watch for and advice to stay protected.OPKO subsidiary BioReference joins Quest and LabCorp in the supply-chain incident.An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).More than half of all SMBs plan to rely on third party providers for their security tools and services, according to IDC.But they are still subject to the same alert fatigue and false-positive issues their junior employees face.Another American was arrested and charged alongside three international suspects who remain at large, according to newly unsealed indictment.Cisco is adding the French company's network visibility products to its IoT network lineup.Its already massive facial recognition databases have ballooned, and government watchdog GAO found that the FBI isn't checking accuracy.Researchers have been experimenting with a novel way to eavesdrop on what you're typing on your smartphone - by listening to the taps of your fingers.Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.Researchers ask: with only 1 in 20 vulnerabilities exploited, what's the best approach to patching?Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internetβs most popular mail server, Exim.The latest trade secret case, a more strict privacy bill for New York State, and the European Data Protection Supervisor's warning - catch up on the week's news with this recap!At Black Hat's upcoming Trainings-only October event you'll have opportunities to get up to speed on the newest hacking tricks for operating systems and cloud providers.Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe.One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.Phishing, cybersecurity training, biometrics and casual Fridays. And the winners are ...The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week.The terms autonomous and automated often get mixed up. When designing security strategies, knowing the distinctions between the two has its perks.SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days β and counting.In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6).aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.Need a reason to use a password manager? How about five?The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.Time's up on public disclosure of six serious bugs impacting the vendorβs IPM-721S model security camera.Malware on the Dark Web is increasingly being customized to target specific organizations and executives.An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.Users understand that their passwords or security protocols are weak, but they may not understand the consequences until it's too late.From the vulnerable Windows RDS 'feature' to the privacy of US visa applicants - and everything in between. It's weekly roundup time.A report says the EU will lose $64b per year once new 2FA rules go into effect, but we support Strong Customer Authentication (SCA) wholeheartedly.The e-voting vendor in North Carolina was spearphished days before the election but still went ahead and used remote access software.Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.Even its most optimistic users would have to concede that itβs been a bracing few weeks for anyone who relies on Microsoftβs Remote Desktop Protocol (RDP).Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.An Office bug that was squashed back in 2017 is still in widespread use - make sure your computer hasn't slipped through the patch cracks!Popular media player receives 33 security bug fixes, two of which are rated high severity.A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.The task of preventing the never-ending flow of spam gets a bit simpler with Spamassassin and Postfix.The task of preventing the never-ending flow of spam gets a bit simpler with Spamassassin and Postfix.The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017.Large-scale existential threats exist everywhere and can annihilate us with only trivial effort. Should we all throw everything we can at them?Karen Roby talks with a security expert about safeguarding the enterprise in a hybrid IT world.Brazil's GDPR-like data protection law, LGPD, owes a lot to the EU regulation but has several key differences that organizations that do business in the country should be familiar with.Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.TechRepublic's Teena Maddox attended Cisco's premier education and training event for IT professionals in San Diego, CA.A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.A future premium Firefox browser could come with security features like VPN and secure cloud solutions.Karen Roby talks with Ping Identity security expert about safeguarding the enterprise in a hybrid IT world.Election Systems & Software will 'no longer sell paperless voting machines,' CEO said.A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.Data should never have been on subcontractor's servers, says Customs and Border Protection.A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets.French researchers have found a bug in a hardware security module (HSM) that could enable an attacker to steal highly prized secrets."I will insult people. And everyone will not care that it's not you." But it's social-disaster baloney!A map will display the snail-slime trails that we all leave behind in our daily travels and through which background tracking apps follow us.The Amcrest 721 family of security cameras features six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.Some 140,000 more domains are using DMARC records since the start of 2019, though DMARC-based enforcement remains complex to implement.Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start."Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service.Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.The two CVEs allow bypasses to get around NTLM relay attack mitigations.Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication.Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.Automatic invite notifications are spreading malicious links.SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.Adobe is urging users to patch 10 vulnerabilities, five of them critical, in three different products this week.Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support.In total, 88 unique vulnerabilities were patched as part of Microsoftβs June Patch Tuesday security bulletin.Four of the flaws are publicly known but none have been listed as under active attack.In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.Critics say if the US can't protect such data - which was improperly stored by a subcontractor - it shouldn't collect it.The band shrugged off the threat and released the files on Bandcamp. They're long and not very interesting, they said.Why you shouldn't trust a website simply because it's secured using HTTPS and backed by the green padlock symbol.The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.Β The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.Β Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.A survey of corporate employees by insider threat management company ObserveIT reveals a greater understanding of privacy laws in the UK than in the US.A cross-site scripting vulnerability was discovered popular note-taking application Evernote, though the company patched it in under a week.Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.June patch Tuesday features fixes from Adobe and Microsoft for critical flaws including a remote code vulnerability in Adobe Flash Player.LinkedIn offers many privacy and security options that professionals may not be aware of. Here's what you need to know to stay safe on the networking platform.The official app of the Spanish soccer league used the microphone and GPS in an attempt to curb restaurants from broadcasting the game.An attacker can use Rowhammer attacker to induce bit flips, thereby leaking the victim's secret data via a side channel.A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.Karen Roby interviewed Teena Maddox, who was reporting from Cisco Live 2019. During the opening keynote, Cisco CEO Chuck Robbins discussed multi-cloud connectivity, security, and how tech has changed in the past 30 years.Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.The $300 million investment is being led by KKR.The endpoint security firm raised $612 million ahead of today's public debut.Evite's data breach, stemming from an βinactive data storage file," is only one of many breaches to be disclosed this week.As we inch towards 2020, the California Consumer Privacy Act's (CCPA) go-live date, California legislators continue to refine and amend the law.This week's TechRepublic and ZDNet news stories include a look at the current state of 5G deployment, the severity of fake emails, and Cisco's quest for multi-cloud connectivity.This week's TechRepublic and ZDNet news stories include a look at the current state of 5G deployment, the severity of fake emails, and Cisco's quest for multi-cloud connectivity.Among its early findings, 60% of the DNS transactions captured \were handled by just 1,000 name servers.The company hits back at the data economy - and fellow tech giants Facebook and Google - by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.215 accounts use the same family of special URL shorteners to track the effectiveness of the operation.The company hits back at the data economy - and fellow tech giants Facebook and Google - by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not - Microsoft must patch whatβs in front of it whatever the backstory.When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.KPMG and Merck are among the companies that will collaborate in an FDA program to evaluate using blockchain to protect pharmaceutical products.Successful blockchain projects require CIOs to be aware of the technology's capabilities and limitations, according to Gartner.ZeroFox's Matt and Mike Price discuss their work researching cybersecurity responses to the rising tide of 'deepfake' videos.A high-severity flaw could give attackers full control of Cisco routers or switches.Diehard text editor users everywhere breathed a sigh of relief this week as the open source community fixed a bug in one of the most venerable *nix programs: Vim.Hackers are going back to the tried-and-true method of simply demanding ransoms be paid in cryptocurrencies, rather than trying to covertly mine them.In the bug repellent gizmo, in the shower, in the little birds glued to the footboardβall hiding webcams, alleges the Dutch backpacker."Whoever controls the data, controls the future," says the evil Zuck, who, according to the platform's current policy, won't be taken down.The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.Durov took to Twitter to hint that Beijing tried to take Telegram offline to disrupt the Hong Kong protests.The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.Learn how to combat this web-based card skimming attack.Android-based two-factor authentication now works for Google applications on iPad and iPhone.Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel? Server Platform Services before version 4.0 and Intel? Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.A vulnerability in the Windows CE-powered Alaris Gateway Workstation allows attackers to modify dosage rates for infusion pumps, which can have lethal results.The critical bug in a connected medical device can allow an attacker to remotely manipulate hospital pumps, either to withhold meds or dispense too much.Evernote's web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users.A bill to help strengthen the Wild West of the Internet world - the internet of things (IoT) - advanced this week.Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.A male college student Snapchat-filtered himself into a young girl and went out to catch a predator. The first one he caught was a Californian cop.According to a letter it sent to Sen. Richard Blumenthal, that's 31,000 US users, with the rest in India.Hey, iOS users. Got a spare Android phone lying around? Now, you can use it as a secure access key for online services.New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.Anyone using it in its unpatched state is at risk not only of a compromise of their Evernote account but, potentially, of third-party accounts too.Traffic analysis sheds light on weekday habits of attackers such as the most likely day for attacks and how malicious infrastructure is shared.One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.Future improvements to Chrome will fix a gap in Incognito Mode, preventing publishers from blocking users from using incognito mode to jump over soft paywalls.Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.Ransomware attacks can disrupt business and lead to massive costs, according to Forrester. Here's why you should consider paying along with other incident response plans.No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.A food bank hit by ransomware, advice on cybersecurity training, and a university data breach - catch up on the week's news with this recap!Two lawsuits are seeking class-action status, alleging that Amazon records children and stores their voiceprints indefinitely.XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas.Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.Threatpost editors Tara Seals and Lindsey O'Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.A researcher has found a significant exploit in one of the most frequently used text editors.ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.In a year when security companies have been snapped up left and right, these deals stand out from the chaos.The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.From the GoldBrute botnet to Microsoft's battle with irresponsibly disclosed bugs - and everything in between. It's your weekly roundup.These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.A deepfake was reportedly spotted in the wild: LinkedIn's well-connected, young, attractive Eurasia/Russia expert "Katie Jones."The LaLiga app used phones' GPS and microphones to sniff out bars that were broadcasting soccer matches illegally.Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92.Some 80% of business travelers say visual hacking is a threat, according to a 3M report.A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a weakness in the "support access" password generation algorithm. A locally authenticated administrative user may be able to exploit this vulnerability if the "support access" feature is enabled, they know the support access code for the current session, and they know the algorithm to generate the support access password from the support access code. "Support access" is disabled by default. When enabled, the access will be automatically disabled (and support access code will expire) after the 24 hours.Students at Oregon State University, Graceland University and Southern Missouri State have all been impacted by email attacks against school employees.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific request to and from from another website. This is primarily used as a method of communication between the device and Vera website when the user is logged in to the https://home.getvera.com and allows the device to communicate between the device and website. One of the parameters retrieved by this specific script is "url". This parameter is not sanitized by the script correctly and is passed in a call to "eval" to execute "curl" functionality. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.AWS best practices dictate that you should not use root user credentials for everyday admin tasks. Proper data security requires the use of special administrator account.Nevada's new law, which will require website operators to honor opt-out procedures, goes into effect on October 1, three months before the CCPA's compliance deadline, January 1, 2010.The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.The social platform has suspended six sets of accounts across four jurisdictions for running alleged influence campaigns, including Iran.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which allows the device to create relay ports and connect the device to Vera servers. This is primarily used as a method of communication between the device and Vera servers so the devices can be communicated with even when the user is not at home. One of the parameters retrieved by this specific script is "remote_host". This parameter is not sanitized by the script correctly and is passed in a call to "eval" to execute another script where remote_host is concatenated to be passed a parameter to the second script. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who navigates to an attacker controlled page to install or delete an application on the device. Note: The cross-site request forgery is a systemic issue across all other functionalities of the device.The outage, which is not (so far) seen as the result of a cyberattack, still had a significant impact on network and server availability.Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.Agency urges organizations with vulnerable systems to apply mitigations immediately.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "request_image" as one of the service actions for a normal user to retrieve an image from a camera that is controlled by the controller. It seems that the "res" (resolution) parameter passed in the query string is not sanitized and is stored on the stack which allows an attacker to overflow the buffer. The function "LU::Generic_IP_Camera_Manager::REQ_Image" is activated when the lu_request_image is passed as the "id" parameter in the query string. This function then calls "LU::Generic_IP_Camera_Manager::GetUrlFromArguments". This function retrieves all the parameters passed in the query string including "res" and then uses the value passed in it to fill up buffer using the sprintf function. However, the function in this case lacks a simple length check and as a result an attacker who is able to send more than 184 characters can easily overflow the values stored on the stack including the $RA value and thus execute code on the device.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "request_image" as one of the service actions for a normal user to retrieve an image from a camera that is controlled by the controller. It seems that the "URL" parameter passed in the query string is not sanitized and is stored on the stack which allows an attacker to overflow the buffer. The function "LU::Generic_IP_Camera_Manager::REQ_Image" is activated when the lu_request_image is passed as the "id" parameter in query string. This function then calls "LU::Generic_IP_Camera_Manager::GetUrlFromArguments" and passes a "pointer" to the function where it will be allowed to store the value from the URL parameter. This pointer is passed as the second parameter $a2 to the function "LU::Generic_IP_Camera_Manager::GetUrlFromArguments". However, neither the callee or the caller in this case performs a simple length check and as a result an attacker who is able to send more than 1336 characters can easily overflow the values stored on the stack including the $RA value and thus execute code on the device.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interface allows any user to write his/her application in the Lua language. However, this functionality is not protected by authentication and this allows an attacker to run arbitrary Lua code on the device. The POST request is forwarded to LuaUPNP daemon on the device. This binary handles the received Lua code in the function "LU::JobHandler_LuaUPnP::RunLua(LU::JobHandler_LuaUPnP *__hidden this, LU::UPnPActionWrapper *)". The value in the "code" parameter is then passed to the function "LU::LuaInterface::RunCode(char const*)" which actually loads the Lua engine and runs the code.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder "cmh-ext" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack.An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter "URL" from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website.An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by "control_Dev_thread" function which at address "0x00409AE4" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function "setwifipassword". The function "setwifipassword" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangepass" which allows a user to change the Wi-Fi password on the device. This function calls a sub function "sub_75876EA0" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The "sendchangepass" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangename" which allows a user to change the Wi-Fi name on the device. This function calls a sub function "sub_75876EA0" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The "sendchangename" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.The US is alleged to have been quietly planting malware throughout Russia's energy networks in response to years of Russian attacks on its own power grid.Sheesh! At this rate, extortionists are going to have to seek alternate employment.The ads look like they're been shared by friends, but they're really pod people who've hijacked accounts.DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP.The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.It's time to reassess your open source management policies and processes.Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.The average cost of a cyberattack is approximately $4.6 million, according to a Radware report.Even SMBs have to deal with big regulations thanks to GDPR and more. One startup has an answer for how to manage compliance and security.MΓ₯rten Mickos says hacker-powered security is where open source was 15 years ago, but it's moving much faster than open source did.A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.Four vulnerabilities could "SACK" connected devices with denial-of-service exploits.A new white paper, published by NIST, recommends a core set of high life secure sotware development practices that can be added to SDLC implementation.A security researcher who disclosed flaws impacting 2 million IoT devices in April - and has yet to see a patch or even hear back from the manufacturers contacted - is sounding off on the dire state of IoT security.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in overflowing the stack set up and allow an attacker to control the $ra register stored on the stack. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request. The POST parameter "gateway" allows to overflow the stack and control the $ra register after 1546 characters. The value from this post parameter is then copied on the stack at address 0x00421348 as shown below. This allows an attacker to provide the payload of his/her choice and finally take control of the device.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the "mssid_1" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function named "getCfgToHTML" at address 0x004268A8 which retrieves the value set earlier by "mssid_1" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter "mssid_1" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function "getCfgToHTML" at address 0x00426924 and this results in overflowing the buffer due to "strcat" function that is utilized by this function.A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "popen" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "dest" is extracted at address 0x00420FC4. The POST parameter "dest is concatenated in a route add command and this is passed to a "popen" function at address 0x00421220. This allows an attacker to provide the payload of his/her choice and finally take control of the device.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "system" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "ip_address" is extracted at address 0x0043C2F0. The POST parameter "ipaddress" is concatenated at address 0x0043C958 and this is passed to a "system" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "miniupnpd" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter "NewInMesage" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the "mssid_1" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary "webServer" located in Almond folder, which retrieves the value set earlier by "mssid_1" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter "mssid_1" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack.An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue.Not much has changed since a year ago, when a bot was tweeting out publicly visible Venmo "drug" deals from the public-by-default company.Some pretend to be hospitals to get patients' payment data. Others pose as the goverment and try to get confidential data from hospitals.Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.A group of researchers has discovered that many of the web's most popular content management systems are using obsolete algorithms to protect their users' passwords.Three vulnerabilities in the FreeBSD and Linux kernels could allow attackers to induce a denial-of-service by clogging networking I/O.Mozilla released a new update for Firefox after discovering a critical flaw under active attack.Cars. Vending machines. Hotel suites. Security experts will share the tools and techniques they've used to break into all these things and more at Black Hat USA in October.Technology emergencies can be the most stressful moments of an IT professional's career. But they don't have to if you plan ahead.Gnosticplayers have reportedly taken credit for the breach, which they say consists of 6 million records.Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.Don't let bystanders see your Android passwords as you type them. Find out how to disable this feature.Android apps have more critical vulnerabilities than iOS apps do, according to a Positive Technologies report.Don't let bystanders see your Android passwords as you type them. Find out how to disable this feature.This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.If your Wordpress site is stuck in maintenance mode, there's a simple fix.Gain more security with your open source FTP server with the help of OpenSSL and TLS.From 2018 to 2019, the percentage of cyberattacks costing $10 million or more nearly doubled, hitting 13%.Oracle is urging users to update after a critical WebLogic Server Flaw was found being actively exploited in the wild.IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.The biggest 'serverless' risks don't stem from the technonology itself. They occur when organizations respond to the adoption from the outside in.A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.A data breach and mounting cybersecurity consulting costs, legal requirements, and regulatory obligations, proved too much for this company to come back from.Google's new multi-party computation tool allows companies to work together with confidential data sets.Mozilla has released patches for the bug reported by Coinbase.How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.Rampant security-operations bungling allowed cyberattackers to infiltrate JPL's network, which carries human mission data.Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.The Facebook ad agency xSocialMedia exposed 150K medical histories, along with identifying information for the people involved.Unless youβve been under a rock, youβll know that earlier this week Facebook announced plans for a new global cryptocurrency for absolutely everyone called Libra.A road map for improving the update process will help reduce the risks from vulnerabilities.The KGB Espionage Museum's Agne Urbaityte explains various technologies and methods of eavesdropping used by the intelligence service, including Deadly Kiss and cameras in rings.While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go.Here are steps G Suite administrators should take when a phishing email gets through to an account.Dan Patterson interviews the KGB Espionage Museum's Agne Urbaityte about how agents in the field would blend in with their environment in order to spy.The "Suspicious Site Reporter" extension lets users easily report dubious sites, while a new warning flags potential typosquatting pages.Mozilla has fixed a critical zero-day bug in the latest point releases of the Firefox web browser.The KGB Espionage Museum's curator Agne Urbaityte describes how agents concealed spying devices in what they wore when working in the field.Cisco has patched a slew of critical and high-severity flaws in its DNA Center and SD-WAN.The KGB Espionage Museum's curator Agne Urbaityte explains why and how plates and ashtrays were used as eavesdropping and spying devices.The KGB Espionage Museum's Agne Urbaityte explains various technologies and methods of eavesdropping used by the intelligence service, including Deadly Kiss and cameras in rings.The update patches critical flaw (CVE-2019-11707), a type confusion vulnerability in the Mozilla Firefox code that Tor uses.2019 has, so far, been a busy year for venture capitalists in the security industry. Here are 7 funding rounds important because of the technologies or market trends they represent.As defenders increasingly use machine learning to remove spam, catch fraud, and block malware, concerns persist that attackers will find ways to use AI technology to their advantage.The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.Malware adds ransomware to its malicious bag of tricks.How fraud experts can fight cybercrime by 'downloading' their knowledge and experience into computer models.The zero day - which was actually two zero days chained together - was used in attacks against a popular cryptocurrency exchange on Monday.Dan Patterson interviews the KGB Espionage Museum's Agne Urbaityte about how agents in the field would blend in with their environment in order to spy.Riviera Beach's decision to pay ransom to criminals might get files back, but it almost guarantees greater attacks against other governments.Riviera Beach's decision to pay ransom to criminals might get files back, but it almost guarantees greater attacks against other governments.A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally.Riviera Beach, a Florida city, is coughing up $600,000 to hackers after a ransomware attack brought down its computer systems.Analysts at ProPrivacy say the dating apps collect everything from chat content to financial data on their users -- and then they share it.Early information suggests threat actors gained access to the managed service provider's remote monitoring and management tools and used them to attack the firm's clients.DHS and FBI investigators are using Facebook profile IDs in court records - IDs that are easily used to look up their profile pages.Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.