Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.π Read
via "Security on TechRepublic".
π‘ Cybersecurity & Privacy news π‘
Lots of PHI, low security, and multiple entry points make hospitals the perfect target for hackers and ransomware attacks are up 45% in Q3.Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.IBM's Chief People Hacker Stephanie "Snow" Carruthers describes how criminals use caller ID spoofing to get your private data.In iOS 13.2, you can opt out of Siri voice review requests and delete recording history from your Apple devices.Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.Dump Servlet information leak in jetty before 6.1.22.Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.Novemberβs Patch Tuesday arrived to plug 73 CVE-level vulnerabilities across Microsoftβs software products, including 13 'criticals'.Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.drupal6 version 6.16 has open redirection"Project Nightingale" is fully HIPAA-compliant, according to Google -- but researchers said they see big red flags for consumer data privacy.Avoid sinking security with principles of shipbuilding known since the 15th century.The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.New Risk Based Security report shows data breaches up 33.3% over last year so far.Yet another Chinese national - this time an employee at an Oklahoma petroleum company - has pleaded guilty to trade secret theft.The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.The consequences of security incidents in hospitals can be life-or-death, but security practices lag behind other industries.C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers' devices.PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.Facebook was quick to reassure iPhone users this week that it wasnβt secretly spying on them via its app, after someone found the software keeping the phoneβs rear camera active in the background.Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.The Comprehensive Compliance Guide can help security leaders save time and resources from creating their own compliance evaluation methods.The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.The sector has been hit by more data breaches than any other this year as criminal groups devise more advanced hacking methods, says threat intelligence company IntSights.Listen now!The APT is using small botnets to take espionage aim at military and academic organizations.Code-injection via third- and fourth-party scripts -- as seen with Magecart -- is a growing security problem for websites.The California Consumer Privacy Act (CCPA), which goes into effect Jan. 1, will have a longstanding impact on privacy regulation across the U.S., a security expert says.An IBM X-Force Red team member explains how her background in makeup and sales helps her social engineering career. Also, she demonstrates how cybercriminals can easily clone your work ID badge.FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.The same threat actor has been observed targeting companies in the US, Italy, and Germany, according to a new report from security provider Proofpoint.Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.Now that the checkm8 BootROM vulnerability has a working exploit, security pros are warning of potential attacks.In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.Seven chief information security officers share their pain points and two-year spending plans.Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.In this post, the first of two blogs, Tim Bandos helps break down the DFIR tools and processes he uses to carry out investigations.The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.Find out how to enable or disable permissions on a site-by-site basis in the Vivaldi browser.Learn how to make your SSH use more efficient and convenient with per-host configurations.Here are some important points to factor into your vulnerability disclosure policy.A lengthy, multi-stage infection process leads to a duo of payloads, bent on stealing data.Here are some important points to factor into your vulnerability disclosure policy.All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.An βEXTREMELY PERSONALβ, year-old pic, the woman said, that he had to scroll through 5,000 photos to get to. Police are investigating.It's showtime: Finally out of beta comes the browser that promises privacy, anonymity and cryptocurrency in exchange for your eyeballs.The FTC has reached a settlement with InfoTrax after thieves stole a million sensitive customer records from its servers in 2016.A serious Wi-Fi flaw shows how Linux handles security in plain sight.A new report reveals what defenders should know about the most prevalent and persistent malware families.A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos.Wi-Fi hotspots, public charging stations, and travel planning sites seem helpful, but they could actually be a traveler's worst nightmare.There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.Stephanie "Snow" Carruthers, Chief People Hacker at IBM, gives advice about protecting yourself online. She also explains how the robocalls and spoofing process works.Nearly half (47%) of executives believe they will be at a greater security risk in the next year, a Chubb and NCMM report found.Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.Kamerka is an OSINT tool that builds an interactive map of cameras, printers, tweets, and photos leveraging Flickr, Instagram, Shodan, and Twitter.Microsoft warns about BlueKeep - again, a real estate firm is fined $16M for violating GDPR, and more - catch up on the week's news with the Friday Five.Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.The threats follow a DDos attack bent on taking out the Labour Party's online presence.Former national intelligence director James Clapper discusses lessons learned from the 2013 Snowden leak as well as the top cyberthreats that the U.S. is currently facing.Don't let yourself be stuck in an unhealthy work environment with a toxic manager who takes advantage of your talent.Attend this London event next month for the latest on how security researchers are finding (and solving) security vulnerabilities in all of your favorite Internet-connected devices.Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say.The Illinois-based man operated a criminal service that launched millions of DDoS attacks and brought in hundreds of thousands of dollars.The copycat sites are using valid certificates to be more convincing.Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.From a fake news generator to critical flaws in Medtronic equipment - it's weekly roundup time.Tired of being a tracked, ad-bedeviled product sold by social media companies? The cost to immediately join a network with no tracking/ads: $12.99/month.Prosecutors allege that Meiggs and Harrington took over their targets' mobile phone and email accounts via SIM-swapping.The idea is simple β create a global platform for reporting and fixing vulnerabilities in open source projects before they do damage.US intelligence agencies wonβt harvest US residentsβ geolocation data in future investigations, revealed the US government this month.The secure perimeter as we know it is dissolving. So how do you protect your crown jewels when the castle has no walls?White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu.From serving as an artillery Marine to working a help desk, a baker's dozen of security pros share experiences that had the greatest influence on their careers.The web skimmer has been spotted on at least 17 popular eCommerce websites, a new Visa alert warns.Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.Threatpost talks to Anthony di Bello with OpenText, at ENFUSE 2019, about the successes and failures of security regulations, and how companies are changing as they struggle to keep up with compliancy issues.XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses.A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.While being pummeled by ransomware attacks, healthcare centers also face growing IoT-related threats. Here's how they manage security amid a complex set of risks.The conference, hosted by Columbia University, brought together CISOs, lawmakers, academics, and businesses to discuss GDPR, CCPA, and data privacy in all its forms.In this post, the second of two blogs, Bill Bradley breaks down DG Wingman and Digital Guardian's data protection capabilities.Thousands of accounts showed up on the Dark Web -- and customers say Disney has been no help.The flaw can be trivially exploited.Find out how to enable or disable permissions on a site-by-site basis in the Vivaldi browser.New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.Survey reveals that skepticism towards privacy issues remain at an all-time high.Eight out of every 10 US adults are worried over their inability to control how data about them is used, a new Pew Research survey shows.A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.The US is also juicing him for over half a million in profits from multiple DDoS-for-hire services.The SophosLabs 2020 Threat Report highlights a growing battle as smart automation technologies continue to evolve.Beware, holiday shoppers! The phishers hiding under typosquatting domains are waiting for your keyboard fumbles.If you think brand new, just-out-of-the-box Android smartphones are immune from security vulnerabilities - think again.Obfuscated Magecart script was discovered on two Macys.com webpages, scooping up holiday shoppers' payment card information.This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.Oh, I used to feel that way. (Until a BEC attack.)The retail giant discovered malicious code designed to capture customer data planted on its payment page.A malicious spam campaign that informs victims it contains a βcritical Windows updateβ instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, [β¦]Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.Trueface will provide Air Force bases with systems that can identify faces, license plates and guns.When he was first detained at the airport, the employee was found with six files containing trade secret data on a storage device connected to his laptop.Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.The malware has backdoor functionality and the ability to steal payment cards and credentials.Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.Google has disclosed a now-fixed issue that enabled third-party apps to access a disturbing set of permissions for its Camera App built into Android phones.DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.The list of routers that have critical RCE bugs, that have reached end of life and that wonβt get fixed has grown.The infection apparently made its way in through third-party systems.Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.If you've been happily using Adobe Reader 2015 software for the last few years, you're in for a rude awakening.The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.A data breach left personal information--including email and IP addresses and first and last namesβexposed in public databases, according to Troy Hunt.Attackers were collecting user credit card information for an entire week from the Macy's website before they were alerted. Here's how retailers can protect themselves.Vulnerability could allow an attacker to control the camera and storage without user knowledge or permission.SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.Why businesses need guidelines for managing their employees' personal information -- without compromising on security.A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one rulesetA memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.In an advisory published this week, the NSA outlined the risks of Transport Layer Security Inspection (TLSI) and provided security mitigations for organizations.In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.Twitter wagged its finger at the UK's Conservative party for renaming its press account "factcheckUK" during a live TV debate.Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code executive even if users update.If you downloaded the Monero command line wallet recently, check it before using it.A look at the characteristics of real-world business email compromise attacks - and what makes them tick.The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security teamβs main pillars.Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.A computer science degree isn't the only path into a cybersecurity career.The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.Amazon's Ring data collection policies are in the spotlight.The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.He was supposed to be serving a 24-year sentence in the "maximum security" prison, not continuing the fraud... and going to parties.What are ICOs, why are they so popular and why do crooks love them so much?The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.From stalkerware to Amazon Ring doorbell outrage, Threatpost editors break down the top news stories of the week.Financial institutions are in the crosshairs of hackers leveraging the malware to steal sensitive data.Iran's elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week.Android could be returning to its roots.Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.A phishing campaign targeting Microsoft Office 365 users, a mobile dining app breach, a medical group hacked, and more - catch up on the week's news with the Friday Five.Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites.A single server leaked four terabytes of personal data including social media profiles, work histories, and home and mobile phone numbers.Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.As security tools gather growing amounts of intelligence, experts explain how companies can protect this data from rogue insiders and other threats.The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.Some of the bugs allow remote code-execution.An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.DNS, rogue employees and phishing/social engineering should be top of the list of threat areas for organizations to address.Hackers turn to old-school mail-forwarding scams to commit modern-day ID theft and financial crimes.From a WhatsApp-attacking video file to the latest adopter of DNS-over-HTTPS, and everything in between. It's the weekly security roundup.The NeverQuest Trojan has been used by cybermuggers to try to weasel millions of dollars out of victimsβ bank accounts.The Russian Governmentβs campaign to control how its citizens use the internet seems to be gathering steam.Ad-blockers have figured out a way to block the unblockable - a pernicious tracker technique that hides advertising networks in plain sight.A lawyer who boasted of making "50 by 50" - as in, $50m by the age of 50 - is now facing a potential 50+ years behind bars.Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.Researchers notice year-end phishing attacks starting in July and ramping up in September.A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems.Every organization should be paying attention to the attacks targeting financial services systems.How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.In this Q&A, we sit down with Harlan Carvey, Digital Guardian's new Senior Threat Hunter, to dig into how he approaches threat hunting, incident response, and more.Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.The malware was introduced to the police network via a contractor who was installing a digital display.The breach, estimated to have affected more than a million customers, came from malicious external actors.Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.The info-stealing malware has updated its password-grabbing module.openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.Learn how to make your SSH use more efficient and convenient with per-host configurations.Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack.evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.Web inventor Sir Tim Berners-Lee has proposed a 'Contract for the Web' to rescue it from a headlong plunge into a moral abyss.Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.Ransomware attacks don't discriminate - and are just as happy targeting those with four legs as those with two.We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.The Taococo FREDI baby monitor has repeatedly been criticized for being easy to hack.Naked Security is looking for a content marketing intern to join the team for 12 months in 2020.Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.Convincing employees to take security seriously takes more than awareness campaigns.Cyber insurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.According to a recent GDPR survey, only 18 percent of respondents said they were highly confident of their organizations' ability to report a data breach within 72 hours.An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.This new skimming/phishing hybrid threat tactic means that even stores that send customers to external payment processors are vulnerable.Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.He and co-conspirators stole 50 gigs of music and leaked some of it onto the internet.Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.Gamification is becoming popular as companies look for new ways to keep employees from being their largest vulnerability.SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.SQL injection vulnerability in Jifty::DBI before 0.68.Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.Firefox is getting ready to turn on its automatic anti-snooping tools to stop web 'fingerprinting" tricks.Debug, another Chuckling Squadder, told Motherboard that the kid was weird, "Swatting celebrities for a follow back."EU officials have warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology.Splunk has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platformβs configuration files.Hundreds of users gave permission to these third-party apps to access their social media accounts, but the apps got more handsy than that.Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.A cryptomining malware has infected at least 80k devices and uses various tactics to evade detection.Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.Don't be a Billy ... or Jennie ... or Betty.A proactive approach to cybersecurity requires the right tools, not more tools.The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau.Yet another connected smartwatch for children has been discovered exposing personal and location data of kids - opening the door for various insidious threats.Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system - and gives Apple a new headache.Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.Malicious mobile apps could be created to scrape and share profile information, email addresses and more.Education and legislation are needed to combat the significant threat of deepfakes.In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.Firm defends controversial business offerings, claims it should be considered a force of good.By donating their security expertise, infosec professionals are supporting non-profits, advocacy groups, and communities in-need.Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen bookThe DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.It "was a miss on our part", Twitter said.The company has revealed that many of its SSDs are set to permanently fail by default after 32,768 hours of operation.In some cases, nurses canβt update and order drugs. For one assisted-living facility, lack of timely Medicaid billing could force closure.For researchers at testing outfit AV-Test, the SMA M2 kidsβ smartwatch is just the tip of an iceberg of terrible security.New episode available now!As cloud complexity increases, hackers are relying on more targeted attacks, scoping out weak points across a larger attack surface.38 million consumer health records have been exposed so far in 2019.Education and legislation are needed to combat the significant threat of deepfakes.Watch our latest Naked Security Live video for some handy and practical cybersecurity tips - for Black Friday and beyond.Master Go player Lee Se-dol has handed in his stones after deciding that there's just no way to beat a machine when playing the ancient Chinese board game.Pressure is gathering for a federal privacy law in the US with the introduction of a second bill that would protect consumer data.Adobeβs Magento Marketplace has suffered a data breach, the company has said in an email sent to customers.When it comes to managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know itβs on the case.Amazon's facial recognition would alert Ring users if "suspicious" individuals are near their house.The telltale signs are all there... but if you're in a hurry, this Netflix scam passes the "visual appeal" test.Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.From a warning from Hewlett Packard Enterprise to Russia's foreign tech anxieties. Get up to date with the top infosec stories of last week.Chinese-owned video-sharing app TikTok might be under fire from US politicians but itβs not going to go down without a fight.Google must remove details of a convicted murderer from its search results in Europe following a German court ruling, it emerged last week.All you bug hunters out there are about to get a nice Christmas gift - the US federal government finally wants to hear from you.The Russian βSandwormβ hacking group has been caught repeatedly uploading fake and modified Android apps to Googleβs Play Store.Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.More intelligence does not lead to more security. Here's why.TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.The issues have been patched or solved but researchers say they represent a worrying step in how attackers can manipulate trusted security systems.Manufacturers and utilities rank highest while e-commerce companies come in last.Hackers used email addresses, malicious Word docs, and compromised SharePoint sites to deliver malware.The music streaming service received reports indicating attackers gained unauthorized access to its systems.Do you do any cybersecurity-related volunteer work?Make your favorite security experts laugh with these affordable holiday gifts.The infrastructure behind a remote access tool (RAT) allowing full remote takeover of a victim machine has been dismantled.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.The Microsoft applications are vulnerable to an OAuth authentication flaw that could enable Azure account takeover.What if you could protect only one category of your organization's data?The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project."forbesbusinessinsider.com?" Names like that sound close enough to real news domains to pass, but bots are the only ones visiting.The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.A hacker is ransoming account data stolen from music streaming service Mixcloud, according to reports.Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.Itβs important for businesses of all sizes to not only view their suppliersβ attack surface as their own but also extend some of their security protections.Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.Anviz access control devices allow remote attackers to issue commands without a password.The Anviz Management System for access control has insufficient logging for device events such as door open requests.Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.Zabbix before 5.0 represents passwords in the users table with unsalted MD5.ReviewBoard: has an access-control problem in REST APIrhn-proxy: may transmit credentials over clear-text when accessing RHN SatelliteFreeBSD: Input Validation Flaw allows local users to gain elevated privilegespiwigo has XSS in password.php (incomplete fix for CVE-2012-4525)piwigo has XSS in password.phpHow fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.SaltStack RSA Key Generation allows remote users to decrypt communicationswebauth before 4.6.1 has authentication credential disclosureOpenShift cartridge allows remote URL retrievalKatello has multiple XSS issues in various entitiespiwigo has XSS in password.phpmom creates world-writable pid files in /var/runopenslp: SLPIntersectStringList()' Function has a DoS vulnerabilityAn undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in loggingReview Board: URL processing gives unauthorized users access to review listsshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesResearchers estimate the gun manufacturer's website was compromised sometime before Black Friday.More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.An increasing number of US executives expressed concern about the prevalence of threats coming from foreign powers.Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.A new set of guidelines from the European Data Protection Board helps inform data controllers of the safeguards that should be followed when designing data processing activities.Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.A successful attack could wreak havoc, given the potential for biometric forgery, and a lack of options in the event oneβs biometric profile is stolen.Now all travelers to and from the U.S. - even if they are U.S. citizens - will be subject to facial recognition-based checks, a new filing revealed.An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.It's a grabby little app, data-wise, but how is it different from, say, Google or Facebook?Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code with the help of Rust."Facebook did a great job," said Alex Tan, who admitted that his story about a whistleblower's arrest was based on hearsay.Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.With an average of 11 connected devices in US households, consumers are ready for faster and more reliable 5G networks.Prosecution asks for imprisonment of the hacker who stole nude photos and other personal data from womenβs iCloud accounts and then distributed some of the material online.The EFF explains how data is being tracked and used on the web and mobile devices, how consumers can protect themselves - and why it's not all bad news.Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.Common sense and a careful backup plan are just a couple of the ways to be prepared for online and traditional dangers during the season.FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.With cyberattacks increasing, it's becoming more and more important for companies to protect themselves. Tom Merritt lists five things you should know about cyber insurance.With cyberattacks increasing, it's becoming more and more important for companies to protect themselves. Tom Merritt lists five things you should know about cyber insurance.After a number of devastating breaches and hacks, the sheer size of data lost is no longer the only indicator of severity.Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.A previously undocumented loader has been discovered in several recent malware campaigns and being sold on underground markets.Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.One privacy bill would override state laws already on the books - like the CCPA - another would only pre-empt laws that conflict with certain provisions.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.Kaspersky creates a prototype ring you can wear on your finger for authentication.Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.Nebraska Medicine is warning that a rogue, former employee accessed patients' medical records, Social Security numbers and more.The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.Larger SMBs are more likely to feel targeted by APTs.The open source platform aims to make password-cracking more manageable and efficient for red teams.Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.More than a third of systems that handle biometric data were hit by at least one malware infection in the third quarter of 2019, according to a new Kaspersky report.Researchers uncovers βultimate man-in-the-middle attackβ that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.Listen now!The industry can only go so far in treating security as a challenge that can be resolved only by engineering.Yodel's mobile parcel delivery app was leaking people's delivery data to others using the app, a security researcher discovered.Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.The authentication bypass (CVE-2019-19521) is remotely exploitable.Androidβs December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating systemβs two patch levels.HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to "human error," on the bug bounty platform.Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.In the face of mounting attacks against critical infrastructure, NERC, which oversees the United States' electrical grid, is retooling how it addresses cybersecurity.Former Dutch city council member Mitchel van der K invaded hundreds of iCloud accounts βfrequently and repeatedlyβ.The AdKoob malware that sneakily peeks at how much you're spending on ads is back.Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.These outdated security rules we all know (and maybe live by) no longer apply.A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.Learn how iCloud Keychain can help you keep track of your app and website passwords.A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.It's about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn't hurt, either.Collecting children's data without their guardians' consent is illegal under COPPA and already earned TikTok a huge fine.The Lazarus hacking group are trying to sneak a βfilelessβ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.A new data breach report highlights risks for 2020, a website selling spying tools taken down, and more - catch up on the week's news with the Friday Five.Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.In a coffee-shop scenario, attackers can hijack "secure" VPN sessions of those working remotely, injecting data into their TCP streams.Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.In this past week, the authorities have cracked down on various BEC scams and cybercrime gangs.Authorities say they have halted over 600 domestic money mules β exceeding the 400 money mules stopped last year.The new tool will provide IT departments with system-wide visibility of all the patches needed.Security experts say most voting machines are safe and secure, but disinformation campaigns on platforms like Facebook and Twitter need to be addressed.An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policiesA Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.Money meant to fund an Israeli startup wound up directly deposited to the scammers.Most counties are not protected from impersonation-based spearphishing attacks.Get up to date with the hot security stories from the past week - from fake Android apps to malware targeting Mac users.Know where Maksim βAquaβ Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!Facebook says the company used celeb bait links to infect victims with malware and hijacked their ad accounts to sell diet pills.In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff duringβ¦ a bug submission.Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.No longer can you secure the perimeter and trust that nothing will get in or out.The platform has linked documents posted on its site to a vote-manipulation campaign already observed on Facebook earlier this year.This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.A PR and marketing provider exposed sensitive data for a raft of big-name companies.DroneSploit is a CLI framework that is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit.GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.Criminals are using free certificate services to apply real security certs to fraudulent sites - and to take advantage of victims looking for surfing safety.The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.Does turning location access off for all your apps mean that location access is off altogether?As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.A phishing attack is masquerading as messages from the game's developers.The Romanian nationals stole some $4 million in a vast malware, botnet, and cryptocurrency operation.The New York Department of Financial Services' Cybersecurity Regulation was implemented years ago but one of the regulation's compliance deadlines remains.Intel's Amit Elazari Bar On discussed IoT security, ethical hackers, bug bounties, and more.At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.Since 2007, the two allegedly operated a cybercrime ring called "Bayrob Group."The hard disks that fail abruptly at 32,768 hours of use - why simply 'adding 1' can send you into oblivion.A platform that allows online applications for copies of birth certificates did not store its data properly.Campaign views, arriving in public preview, aims to share more context around how attackers targeted an organization and whether its defenses worked.The key, only one-third the length of most commercial encryption keys, took more than 35 million compute hours to break.The $1.1m settlement is an βexcellent result,β TikTok said, unsurprisingly: compared with its $5.7m FTC fine, it's dirt cheap.Delete the data, and don't do any of that again, the FTC told the data analytics company, which already filed for bankruptcy in 2018.The Chinese company is at the heart of a security spat with the US that has also been causing some consternation in the UK.The Sophos Managed Threat Response (MTR) team has warned the industry of a dangerous new ransomware trick.Biometric facial scanning wonβt be a requirement for all U.S. citizens traveling internationally after all, the department decided.One network attack targeted the same vulnerability exploited in the Equifax data breach from September 2017, according to a new report.You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injectionopenstack-utils openstack-db has insecure password creationoVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalationTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight into the main ranges and factors of current cybersecurity salaries.Amazon is rolling out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.The patches are part of Adobe's regularly-scheduled fixes.Snatch has burst on the scene, featuring an array of executables and tools for carrying out carefully orchestrated attacks.Discovered and analyzed by security provider Sophos, Snatch attempts to bypass traditional security software by rebooting your PC into Safe Mode.MDS 2.0 helps admins modernize their workflow and deploy Apple hardware and software. Also, this Mac deployment utility is free.Mozilla has evolved its Lockbox password tool into a more standard password manager. Find out if Firefox Lockwise is right for you.We can't wait out this problem and hope that it goes away. We must be proactive.The cyberattack comes days after a shooting at U.S. military base Naval Air Station Pensacola rocked the city.A breakdown of the common ways criminals employ MitM techniques to snare victims, and tips for protecting users from these dirty tricks.Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.In a lawsuit filed last week, the company claims the ex-executive stole and retained confidential and trade secret data and lied to cover it up.December 2019's relatively light Patch Tuesday update also fixes seven critical flaws.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.'Tis the season for open source gifts. But what to buy? Jack Wallen has a few ideas that are sure to put a smile on the faces of the open source lovers in your life.This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.Ad-blocking technologies can block the cookies that record consumers' privacy choices, they claim.Thinking of giving a young person an internet-connected βsmartβ toy this Christmas? You may want to think again.He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.If youβre one of the tiny hardcore still using Windows 10 Mobile, 10 December 2019 is probably a day youβve been dreading for nearly a year.An unprecedented connection between the North Korean APT and the crimeware giant spells trouble for global banks and other cybercrime targets.While hardware-level attacks are high, only 59% of companies have implemented a hardware security strategy, Dell and Forrester found.New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.Most systems remain offline to prevent the attack from spreading.The Intel attack uses a similar technique that gamers commonly use to overclock their CPUs.Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.Researchers with SentinelLabs say they have found one of "the first known links between cybercrime groups and nation-state actors."A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.Deficiencies in the Social Security Administration's ability to protect sensitive data could impact the confidentiality and integrity of its systems and personally identifiable information, a new report says.Deficiencies in the Social Security Administration's ability to protect sensitive data could impact the confidentiality and integrity of its systems and personally identifiable information, a new report says.The secure messaging service is looking to address usability issues.In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.Apple fixes bug that allows nearby hackers to render iPads and iPhones unusable.Several toys that were tested have been found lacking authentication measures, opening them up to an array of insidious attacks.The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies - established and and startups, alike - to pursue their fortunes elsewhere. Here's where many are going.The malware affected 100 different online publishers.Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.Researchers were able to extract AES encryption key using SGX's voltage-tuning function.North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.Bullet-proof authentication is just a tap away!December 2019βs Patch Tuesday updates are, including a fix for the Windows flaw used in recently discovered WizardOpium attacks.A couple of factors this year are making the 2019 holiday shopping season a circus for cybercriminals when it comes to cyberattacks against retail orgs.Manufacturers of the Twinkly IoT-connected lights slightly boosted security by switching out the Wi-Fi module, according to Pen Test Partners.You can't rely on the words, intentions, or security measures of others to guard your company, customer and brand.New episode available now!More companies are using third-party vendors and crowdsourced testing to meet their security needs, according to a new survey from Synack.Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.In 2020, expect to hear more about smart building security.These crooks stashed a message in the virus code itelf - we found it, but we don't know which way to take it!Maze exfiltrates data as well as locks down systems. Officials said they don't know yet whether any residents' personal information has been breached.Β Version 79 of Chrome is out, and it promises to do a better job of protecting you against phishing sites and credential stuffing attacks.Congress on Tuesday told Facebook it must put backdoors into its end-to-end encryption, or it'll be forced to.A no-tech trick, a la social engineering, can lead to huge corporate security consequences -- and it might just score the criminal a new car.What cybercrime group FIN7 can teach us about using agile frameworks.Check out our list of top 10 things to do to protect your organization from the deepening scourge of ransomware.Ignoring the value in behavioral analytics could leave your data vulnerable to attack. We asked 18 security experts why behavioral analysis should factor into your data protection program.Hacking group has been targeting telecommunication providers.A new report looks at computer activity in the 50 largest metropolitan areas.Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants.Commodity malware and ransomware continue to be the biggest threats, says VMWare Carbon Black.Mozilla has evolved its Lockbox password tool into a more standard password manager. Jack Wallen shows you how to use the Firefox Lockwise password manager.Researchers scanned 4,200 Android apps and found many exhibit malicious behavior or have a dangerous level of permissions.The telecomms company violates the EU's GDPR by allegedly failing to fully authenticate people phoning up to access their accounts.Twitter CEO Jack Dorsey has announced a research effort to explore a decentralised version of the microblogging platform.The new policy addresses how coordinated online abuse often happens in real life: poisonous drips spanning multiple videos/comments.If you're logged into Facebook, it will suck up information such as which apps you use to provide "relevant content, including ads.βCapital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.Paying at the pump has landed in the sights of the notorious PoS-skimming group.Trojans, knights, and medieval wordplay. And the winners are ...Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.Ransomware hits 100+ dentists' offices, the U.K. warns charities about a new internet fraud campaign, and more - catch up on all the week's news with the Friday Five.It plans to integrate CyberSponse's SOAR platform into the Fortinet Security Fabric.Industry veteran and former Intel security chief Malcolm Harkins pinpoints three essential elements for leaders to connect with their employees and drive business objectives.One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.The BITS file-transfer component of Windows as a key piece of sLoad's attack methodology.Omnichannel views of customers are a competitive edge -- but they have to be appropriately implemented.At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data.The DevOps lifecycle management said that response to its year-old bug-bounty program has been robust.Jack Wallen runs through 10 of the most important cybersecurity threats, breaches, tools, and news of the year.From Snatch ransomware's safe-mode reboot to Facebook's view on end-to-end encryption - and everything in between. It's roundup time.It's built on junk science, yet it's being used to determine who gets hired, fired, insured, medicated and more, the research institute says.If webmail, WhatsApp and IM are killing SMS, someone might want to tell Google - as it continues to add new features to its Messages app.JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.Investigators are using geofence warrants to get anybody and everybody who's near a crime at a given time.Turns out that if you drop your CPU voltage just enough, it makes mistakes that could let you sneak in where you shouldn't.While the best protective measures can't protect your business completely from a zero-day attack, many of the same cybersecurity best practices are useful for protecting against zero-day exploits.You wouldn't buy an expensive sports car if you couldn't use it properly. So, why make a pricey security investment without knowing whether it will fit into your ecosystem?We've compiled 101 Data Protection Tips to help you protect your passwords, financial information, and identity online.Apparently, dead men *can* tell tales... especially when millions and millions of cryptocoins are missing.The ransomware attack earlier this month led the hospital system to reschedule surgeries and appointments.13 new exploits have been added to the malware's bag of tricks.Fraudulent account creation typically skyrockets during the holiday shopping season, but it's down this year. What's changing?Experts say don't leave your devices open to cyberattacks from hackers anxious to steal your information.Disinformation attacks are just as detrimental to businesses as they are to national elections. Here's what's at stake and what infosec teams can do about it.Disinformation attacks are just as detrimental to businesses as they are to national elections. Here's what's at stake and what infosec teams can do about it.The entertainment company discovered malicious content on the Shopify platform for its online store and removed it the same day.We asked experts the best way to avoid stress and anxiousness, how to stay safe, and make your journey easier.Jack Wallen gazes into his crystal ball and makes his mobility predictions for 2020.The right candidate will possess the following skills.The design of SQL Data Discovery & Classification could let attackers pinpoint sensitive information while flying under organizations' radars.Capital One mega breach in March 2019 was the third worst data loss ever.DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic.Discovered and analyzed by security provider Sophos, Snatch attempts to bypass traditional security software by rebooting your PC into Safe Mode.Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.Keyfactor says it was able to break nearly 250,000 distinct RSA keys - many associated with routers, wireless access points, and other Internet-connected devices.While far less common than breaches in other industry sectors, financial services breaches were more than twice as expensive, per record exposed, than the average for tech businesses.Bye-bye, payroll data for 29,000 US Facebook employees that got left on an unencrypted drive in an employee's car.Mozilla last week fired off an important memo to all Firefox extension developers telling them to turn on authentication (2FA) on their addons.mozilla.org (AMO) accounts.Security pros in banking and finance make the most money but bonuses were common across all roles and industries.IoT devices are using weak digital certificates that could expose them to attack, according to a study released over the weekend.There are signs that the attackers used the particularly pernicious Ryuk strain of ransomware.Big business aren't the only ones susceptible to password-related blunders, Dashlane found.Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live.Disinformation attacks are just as detrimental to businesses as they are to national elections. Here's what's at stake in 2020 and what infosec teams can do about them.Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.How to move beyond one-off campaigns and build a true security awareness program.David Tinley, 62, rigged software he wrote for the company starting in 2014 and into 2016, causing the programs to fail.A chief financial officer shares five winning strategies for an effective board-level conversation about right-sizing risk.The Epilepsy Foundation has filed a criminal complaint against undisclosed Twitter users who users its Twitter feed to post seizure-inducing content.Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.For every manufacturing firm, sensitive data is the most valuable asset. If this critical information β in particular, intellectual property (IP) β is ever lost or stolen, manufacturers not only face significant fines and penalties but also suffer a hit to their reputations and public trust. Perhaps most importantly, they risk losing their competitive advantage, which can ultimately lead to business failure and bankruptcy.The streaming video and podcast content company was hit by a payment-card attack.Vendors get low marks for customer support and committing to benchmarks.Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.Flaw allowed attackers to repeatedly crash group chat and force users to uninstall and reinstall app, Check Point says.A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia.This "I am well aware" email is just another sextortion scam where crooks try to blackmail you with a video they don't actually have.Protecting the places where application services meet is critical for protecting enterprise IT. Here's what security pros need to know about "the invisible glue" that keeps apps talking to each other.If you're entering a username and password to give an app access to a G Suite account, beware: you won't be able to do it for much longer.He allegedly stole over $88,000 from Wells Fargo's vault, then posed with cash and "his" Mercedes-Benz in posts and an Instagram rap.Firefox users interested in turning on the browserβs DNS-over-HTTPS (DoH) privacy feature now have two providers to choose from.That's pretty slow for thieves' bots & scripts to grab it and test it, said a researcher who posted his card online.Jack Wallen shares cybersecurity predictions that might make your IT skin crawl. Find out what he thinks could be the silver lining to this security nightmare.As the adage goes, you can't secure what you can't see. So, we asked 21 security experts what they think the best tools and practices for data visibility and monitoring are.When it comes to choosing unsecure passwords, people instead show a preference for '123456' and '123456789.'It's easy to get overwhelmed in your new position, but these tips and resources will help you get started.Online shopping offers plenty of convenience, but it might come at an unexpected price: Your sensitive information. Tom Merritt offers five tips for staying safe while shopping online.Online shopping offers plenty of convenience, but it might come at an unexpected price: Your sensitive information. Tom Merritt offers five tips for staying safe while shopping online.Network segmentation is considered a key security control to prevent attackers from easily accessing critical assets from compromised, but unprivileged, computers. So why aren't more companies doing it?The data breach disclosure was met with ire from customers whose lab test results, health card numbers and more were accessed.From an IT manager's perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.Researchers share how everyday users can check for malicious code on e-commerce websites.Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN.Are you an army of one tasked with compliance and data privacy? Try these tips to get you and your organization in alignment with regulators.The update repairs vulnerabilities that could lead to very effective phishing messages.An attacker could exploit CVE-2019-1491 to obtain sensitive information that could be used to mount further attacks.Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.A Motherboard report found Ring lacking basic security measures for preventing hackers from hijacking the devices.Many employees don't follow company security policies when they use handy productivity tools.Whether you're traveling by plane, planning a road trip, or hosting guests for the holidays, it's important to practice good cybersecurity.An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.Prepare your applications and users for big changes on 13 October 2020.Instagram's expanding its fact-checking program but, like Facebook, says it won't keep political speech away from "public debate and scrutiny."For years, organisations have been using a common tactic called the warrant canary to warn people that the government has secretly demanded access to their private information. Now, a proposed standard could make this tool easier to use.It's not a bread line, and it's not a line to see Santa - it's an analog response to a nasty cyber attack.Latest podcast episode - listen now!Google has rushed out a fix for a bug in the Android version of Chrome that left some app users unable to access accounts or retrieve stored data.Learn about identity and access management (IAM), how IAM works, and why organizations should have IAM in Data Protection 101, our series on the fundamentals of information security.Certain security flaws in 2G, 3G, and 4G have not been resolved, and 5G is vulnerable as well, says a new report from Positive Technologies.If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.The leaky database was online for about a week, exposing customers' vehicles information and personal identifiable information.Just because a malware family isn't all over the headlines doesn't mean it isn't interesting... or important... or dangerous!Between Europe's and California's privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.Phishers are using "black SEO" to lure users in to malicious downloads masquerading as the latest Star Wars movie.Other poor choices include "password," "princess," "qwerty," "iloveyou" and "welcome," according to the 2019 list from SplashData.The Craig Newmark Trustworthy Internet and Democracy Program will develop security toolkits -- and enhance existing ones -- ahead of the 2020 presidential election.Fingerprinting is a new way of tracking your online usage. Find out what this is and how to make sure Firefox is blocking it.Fingerprinting is a new way of tracking your online usage. Find out what this is and how to make sure Firefox is blocking it.Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.Cybercriminals continue to exploit weaknesses in JavaScript to try to steal sensitive data from consumers through advertising, according to DEVCON.Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.The newly discovered Legion Loader infects computers with a huge quantity and variety of malware, making it a serious threat.Add terminal- and web-based Apache access.log view with Goaccess.Real-time payment services like The Clearing House and Zelle will completely clear transactions in an instant...but account takeover attackers love that speed as much as you do.Add terminal- and web-based Apache access.log view with Goaccess.Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen bookResearchers believe that criminals were able to obtain personal information for millions of Facebook users.Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.83 users have already been affected by 65 malicious files disguised as copies of Star Wars: The Rise of Skywalker according to Kaspersky.Once again, it reins supreme as the #1 smelliest old fish of a password on the list of ones that most frequently turn up in data breaches.Reports surfaced this week that the president of Russia is still using Windows XP as his primary operating system.Does Facebook continue to track the locations of its users even when theyβve told it not to? Yes!They hijacked the Epilepsy Foundation's hashtags and name during national epilepsy awareness month, when the most people follow the feed.The tech giant is looking for full working exploits with any vulnerability submission.A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraudBut longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.LibreOffice and OpenOffice automatically open embedded contentecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalationCybercriminals expose Santa's naughty list -- names and reasons -- on the Internet. "Ho, ho, ho! God, what a mess!" exclaims a source who requested anonymity.Mobile devices are lost or hacked while in transit far too frequently. Here are some steps to protect your business.Wawa said that payment-processing system malware had potentially affected all 850 of its locations.Artificial intelligence can provide manpower, context and risk assessment.Cultivate these half-dozen qualities and watch your career soar.If you have a reason to log in to your macOS machine, from a remote machine on your network, why not enable the SSH daemon.Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync functioncups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the systemThe Swedish climate-change activist is the lure in a massive global malware campaign.From ransomware ramp up, to voice assistant privacy perils, the Threatpost team breaks down the top news stories from this past year.If you have a reason to log in to your macOS machine, from a remote machine on your network, why not enable the SSH daemon.The technique is notable because it can be implemented using low-cost, standard hardware components.Ransomware hits New Orleans, a web hosting firm hit with a $10M GDPR fine, and a 15 million person breach - catch up on the week's news with the Friday Five.Find out what Jack Wallen predicts for the cloud and cloud-adjacent technology in 2020 and why he encourages you to dream big.The acquisition adds fraud detection and prevention to the application delivery company's tool collection.Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.Lithuanian Evaldas Rimasauskas has been sentenced to five years in jail for successfully defrauding two US companies out of $122 million.Want 50% off Sophos Home? You can get it here!From porn scam emails to the ransomware that seized New Orleans, get up to date with everything we've written in the last week.Facebook clearly likes to use as much of your personal data as it feels it can, and that includes the phone number linked to your 2FA setting.Fraudsters with social engineering skills are hijacking cell phone SIM cards to access victims' bitcoin and social media accountsA bill to punish robocallers has finished its passage through Congress and is expected to become law any day now.In todayβs smartphone economy, hiding your location has become a major challenge.In this sponsored podcast, Threatpost sits down with Arctic Wolf's Matt Duench to discuss the lessons learned from this year's top data breaches.From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children's connected toys, here are the top IoT disasters in 2019.What a cloud access security broker, or CASB? Learn about the benefits, best practices, and use cases in this week's Data Protection 101, our series on the fundamentals of information security.Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.The acquisition is expected to close in the first quarter of 2020.We explain why you really need to RTFM. Even if TFM is very long and complicated and you are very experienced.Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.How would the world's most generous elf operate in a world of zero-trust security? A group of cybersecurity experts lets us know.Security analysts say multifactor authentication is an absolute must for any company running multiple interfaces.From the bizarre, through the crazy, all the way to the outright impossible - there's still plenty to learn from all of these stories.As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.Cyber-disclosure statements noting how long a company can go without a breach can help customers understand the reality of cyber-incidents and their exposure to loss.An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).This follow-up sextortion demand, timed to align with Christmas, has a much more aggressive and menacing tone that last week's version.2019 was another banner year for bots, trojans, RATS and ransomware. Letβs take a look back.Firejail allows you to easily sandbox Linux applications. Find out how to add this extra layer of security.Firejail allows you to easily sandbox Linux applications. Find out how to add this extra layer of security.If you're concerned about the security of your code within Docker Hub, you might want to enable two-factor authentication.If you're concerned about the security of your code within Docker Hub, you might want to enable two-factor authentication.Yes. there's a message in the Christmas tree.CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020.2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.Mature machine learning can analyze attack strategies and look for underlying patterns that the AI system can use to predict an attacker's next move.He claimed to have logins for millions of iCloud accounts, and told Apple he'd shut them all down unless he received a payoff.Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.The flaw resides in the Citrix Application Delivery Controller and Gateway.An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote attackers to cause a denial of service (system out-of-memory event).File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.Knowing where your digital certificates are is just the start.Majority of survey respondents seek to share their security expertise with causes they care about.Is climate change impacting your cybersecurity, cyber-risk, or cyber-incident response plans?Learn how to hide or encrypt specific files in Windows in order to better protect them.Security teams should coordinate and operate by standard practices to ensure their efforts yield the maximum results. Learn some tips from an industry insider on how to make it happen.Threatpost examines the challenges - and opportunities - that women are facing in the cybersecurity landscape.2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.Security professionals recommend technology to detect attacks that have already infiltrated a network.Altruism is alive and well among Edge readers, who seek to share their security expertise with causes they care about.Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.Researchers warn that five vulnerabilities that stem from SQLite could enable remote code execution.Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code ExecutionWordPress Xorbin Digital Flash Clock 1.0 has XSSSencha Labs Connect has XSS with connect.methodOverride()SPBAS Business Automation Software 2012 has CSRF.SPBAS Business Automation Software 2012 has XSS.You're invited to a climate demonstration... but to find the time and place, you need to open an attachment. Don't do it!A phishing attack targets PayPal customers, two bugs are discovered in the Twitter Android app, and a cyber attack causes flight cancellations in Alaska - catch up on the week's news with the Friday Five.Collabtive 1.0 has incorrect access controlMultiple Vivotek IP Cameras remote authentication bypass that could allow access to the video streamAVTECH AVN801 DVR has a security bypass via the administration login captchaHikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentialsHikvision DS-2CD7153-E IP Camera has Privilege EscalationKarotz API 12.07.19.00: Session Token Information DisclosureElectronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijackingINSTEON Hub 2242-222 lacks Web and API authenticationReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review requestSamsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.Static HTTP Server 1.0 has a Local OverflowXorbin Analog Flash Clock 1.0 extension for Joomia has XSSMagnolia CMS before 4.5.9 has multiple access bypass vulnerabilitiesthttpd 2007 has buffer underflow.Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.Here's a short list of 7 malware categories we hope you never encounter. Sadly, it's not an exhaustive list... but it's a helpful start.If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.We asked chief information security officers how they plan to get their infosec departments in shape next year.From smartphone tracking to "climate change" malware, get up to date with everything we've written in the last week.If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost's Top 10 mobile security stories of 2019.Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits.Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growthKnowing where your digital certificates are is just the start.The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database.Too much information.Here's what organizations considering using a mobile device management server should keep in mind.Understanding the new risks and threats posed by increased use of artificial intelligence.A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.Crime pays. Really well. Here's a look at just how much a cybercriminal can earn in a month.Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren't buried at the bottom of a pile of mostly irrelevant data.Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.'Thallium' nation-state threat group used the domains to target mostly US victims.Access to advanced technology and expertise at a cost-effective price is making managed security services an increasingly attractive prospect for many organizations.From VR training to heads-up schematics, industrial wearables may be the wave of the future.The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.Some payment cards were mistakenly swiped on order-entry systems that lacked the security of its point-of-sale terminals.Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.On Wednesday California adopted the strictest privacy law in the United States.E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.Learn how to gain more security in your git repository with the help of the git-secret tool.E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.The FBI sounded the alarm around two strains of ransomware, LockerGoga and MegaCortex, shortly before the holiday break.Landry's announced that more than 60 of its restaurants may be affected by payment processing system malware.Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.The attack on the unnamed facility began with a malicious email link.Learn how to gain more security in your git repository with the help of the git-secret tool.The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621.Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.Is Python 2 *really* dead. Or is it just shagged out after a long squawk?The issue came to light after a Reddit user claimed being able to see strangers on his Xiaomi Mijia smart camera.While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're usingThe recent proposal by Germany, backed by France, to fuse the infrastructures of Europe's cloud providers could challenge every data center storing a European's data.The New Year's Eve malware attack forced Travelex employees to resort to manual operations.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.The foreign-currency-exchange giant said that it has been hit by a virus, affecting retail customers and banking partners alike.Ransomware takes down a USCG Maritime Facility, an email server belonging to the Special Olympics New York is hacked, and more - catch up on all the week's news with the Friday Five.Yes, there was a breach. But it's an old one that the crooks are trying to use again.Gas stations will become liable for card-skimming at their pay-at-the-pump mechanisms starting in October.Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was "temporarily suspending operations."Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.Among them are three for critical authentication bypass flaws.Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.As demand for personalization and seamless consumer experiences grow, security must keep up, said VISA's chief risk officer.From 'Greta Thunberg' malware to Python 3, get yourself up to date with everything we've written since Christmas.Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.There is no free Macbook. There IS no free Macbook. There is NO free Macbook.Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.One threat actor appears to be behind several ongoing, related campaigns.The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.The latest attack takes aim at a vertical-specific e-commerce platform.The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.Comcast is making its internet service faster and more secure with new hardware and free security features that alerts customers to threats.The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.The latest attempt to prove it's not under China's thumb: TikTok's first transparency report.He cooked up an IT vendor, its invoices, its vapor-gear, and the phantom employees who never showed up to do all those services.US cable and wire manufacturer, Southwire, last week filed a civil suit against Mazeβs mysterious makers in Georgia Federal court.A user reported to Google that he was seeing images from other people's devices.Despite the difficulties of identifying deepfakes, social media sites are recognizing the need to crack down on the manipulated, misleading videos.Emerging specs and protocols expected to make the simple act of opening an email a less risky propositionThis deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.It's unclear yet whether the Cupertino giant will assist, given past history of court battles over such incidents.The purchase, for an undisclosed amount, is scheduled to close in March.The top-three carmakers sell only connected vehicles in the United States - and other manufacturers are catching up - creating a massive opportunity for attacks, which black-hat hackers are not overlooking.Researchers suspect the cybercriminals attacked using an unpatched critical vulnerability in the company's seven Pulse Secure VPN servers.It's the latest in a series of stories involving investigations of suspected intellectual property theft at medical schools and research laboratories.You can sign into Windows 10 via your face, as long as your computer has a supported camera.The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched."Teams" and a new browser security acquisition expand the cloud firm's security offerings.Google's first security update of 2020 addressed seven high and critical severity Android flaws.Quick-n-sleazy edits are still OK, such as the 75% slowdown that made Nancy Pelosi slur or the edit that turned Joe Biden into a racist.The DHS has issued three warnings in the last few days encouraging people to be on alert for physical and cyber attacks from Iran.The FTC can fine content creators up to $42,530 per violation - even though they don't collect, receive, nor have access to kids' data.Researchers report flaws, vendors issue patches, organisations apply them - and everyone lives happily ever after. Right? Wrong!January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hot fixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.The video sharing app has fixed several flaws allowing partial account takeover and information exposure.At CES 2020, Facebook privacy officer says new California law doesn't apply because the company doesn't sell data, only ads.How business executives' best intentions may be negatively affecting security and risk mitigation strategies - and exposing weaknesses in organizational defenses.Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature .The case highlights the rising issue of stalkerware, which has reached epidemic proportions.No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.The company alleges a former employee violated company policy and betrayed its trust as he "intentionally decimated" its North American business.Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.A hacker who apparently likes the musician Drake leaves lyrics from the artist's song In My Feelings behind in an attack that delivers malware Lokibot or Azorult.Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.Snare for Linux before 1.7.0 has CSRF in the web interface.Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.Koala Framework before 2011-11-21 has XSS via the request_uri parameter.The attack, still under investigation, hit early in the morning of Jan. 7.Increasing sophistication of ransomware attacks might be forcing victims to open their wallets.Commentary: Rust keeps getting hotter. Here are a few of the top reasons.Google's Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches.The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection.This could signal a renewed war between Apple and law enforcement over breaking encryption.Googleβs controversial voice Assistant is getting a series of new commands designed to work like privacy-centric βundoβ buttons.It isn't new, all the tech giants do it, and your privacy's intact - unless you're dealing in illegal imagery with telltale hashing.We discuss the latest cybersecurity news and advice in our latest podcast. Listen now!Firefox has issues an emergency 72.0.1 patch to fix a zero day vulnerability.How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.TheΒ California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.Ring said that four employees were fired because they for inappropriate access to customers' connected video feeds.Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.The European Data Protection Supervisor has issued a preliminary opinion on how data protection obligations should factor into scientific research in the EU.Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.