FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Yesterday β€” April 18th 2019Your RSS feeds

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

By noreply@blogger.com (Swati Khandelwal)
Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. <!-- adsense --> Facebook today quietly updated its March press release, adding that the actual number of

Slackware Security Advisory - libpng Updates

Slackware Security Advisory - New libpng packages are available for Slackware 14.2 and -current to fix security issues.
  • April 18th 2019 at 13:08

Cisco Patches Critical Flaw In ASR 9000 Routers

By Lindsey O'Donnell
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.

Serious Security: Ransomware you’ll never find – and how to stop it

By Paul Ducklin
What if you got hit by ransomware - but the malware program itself was on the other side of the world where you'd never find it?

Protecting the Secret Sauce: What You Need to Know About Intellectual Property (IP)

By Penny Hoelscher

Intellectual property (IP) rights may apply to a multitude of things, from corporate branding names and new inventions to product designs and secret recipes. Do you have a secret sauce whether a novel or a novel idea? How is your secret sauce best protected? Types of Intellectual Property (IP) In the US, intellectual property rights […]

The post Protecting the Secret Sauce: What You Need to Know About Intellectual Property (IP) appeared first on Infosec Resources.


Protecting the Secret Sauce: What You Need to Know About Intellectual Property (IP) was first posted on April 18, 2019 at 8:01 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Fowsniff 1: CTF walkthrough

By Nikhil Kumar

In this article, we will solve a Capture the Flag (CTF) challenge that was posted on VulnHub by berzerk0. As per the description given by the author, this is a beginner-level CTF but requires more than just an ExploitDB search or Metasploit to run. This makes this CTF especially interesting. You can check my previous […]

The post Fowsniff 1: CTF walkthrough appeared first on Infosec Resources.


Fowsniff 1: CTF walkthrough was first posted on April 18, 2019 at 8:00 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

This Week in Security News: Medical Malware and Monitor Hacks

By Jon Clay (Global Threat Communications)

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware.

Read on:

Is Your Baby Monitor Susceptible to Hacking?

In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news.Β 

Β 

Global Governments Demonstrate Rising Commitment to Cybersecurity

According to the International Telecommunications Union’s (ITU) 2018 Global Cybersecurity Index, only half of countries around the globe had a government cybersecurity strategy in 2017, which rose to 58 percent in 2018.

What Did We Learn from the Global GPS Collapse?

The problem highlights the pervasive disconnect between the worlds of IT and OT.

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz

A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.

Medical Format Flaw Can Let Attackers Hide Malware in Medical Images

Research into DICOM has revealed that the medical file format in medical images has a flaw that can give threat actors a new way to spread malicious code through these images.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

A hacker or group of hackers broke into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

New Business Email Compromise Scheme Reroutes Paycheck by Direct Deposit

A new business email compromise (BEC) scheme, where the attacker tricks the recipients into rerouting paychecks by direct deposit, has emerged.

Leadership Turnover at DHS and Secret Service Could Hurt US Cybersecurity Plans

Departures of top officials at the Secret Service and Department of Homeland Security (DHS) will add to an already difficult public-private disconnect on cybersecurity, especially since Kirstjen Nielsen has a rare set of cybersecurity skills that helped the DHS protect companies in critical industries.

Microsoft Disclosed Security Breach From Compromised Support Agent’s Credentials

Microsoft has notified affected Outlook users of a security breach that allowed hackers access to email accounts from January 1 to March 28, 2019.

Do you think the leadership turnover at DHS and the Secret Service will hurt US cybersecurity plans? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Medical Malware and Monitor Hacks appeared first on .

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

So that's all OK then

Facebook has admitted to harvesting email contacts from 1.5 million people without permission.…

  • April 18th 2019 at 12:31

Vuln: Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability

Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability
  • April 18th 2019 at 00:00

Vuln: FreeType 2 CVE-2017-8105 Out of Bounds Write Heap Buffer Overflow Vulnerability

FreeType 2 CVE-2017-8105 Out of Bounds Write Heap Buffer Overflow Vulnerability
  • April 18th 2019 at 00:00

[remote] MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow

MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
  • April 17th 2019 at 00:00

[dos] Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
  • April 17th 2019 at 00:00

[dos] ASUS HG100 - Denial of Service

ASUS HG100 - Denial of Service
  • April 17th 2019 at 00:00

[dos] DHCP Server 2.5.2 - Denial of Service (PoC)

DHCP Server 2.5.2 - Denial of Service (PoC)
  • April 17th 2019 at 00:00

[dos] Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
  • April 17th 2019 at 00:00

Cisco Patches Critical Flaw In ASR 9000 Routers

By Lindsey O'Donnell
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.

Embracing creativity to improve cyber-readiness

By Editor

How approaching cybersecurity with creativity in mind can lead to better protection from digital threats

The post Embracing creativity to improve cyber-readiness appeared first on WeLiveSecurity

Google plays Whack-A-Mole with naughty Android developers

By Lisa Vaas
Android developers without a track record are going to be submitted to more checks in order to stamp out those of β€œbad faith.”

shutterstock_778139566-compressor

Chrome flaw on iOS leads to 500 million unwanted pop-up ads

By John E Dunn
If you own an iOS device and use the Chrome browser, you may have encountered some strange-looking pop-up ads in the past week.

shutterstock_556579390-compressor

Oracle issues nearly 300 patches in quarterly update

By Danny Bradbury
Oracle's latest security update covers 297 vulnerabilities, many of which come with a "patch now" warning.

shutterstock_439056304-compressor

Send Me Proof - Enterprise Security Weekly #133

By paul@securityweekly.com

This week, we interview Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop, to discuss "The Three Horsemen of SOC Intel"! In the news segment, Solarwinds to acquire Samanage for $350M, Tufin goes public, and Tenable releases Predictive Prioritization. And this week, our third segment airs our interview with Matt Tierney from Endgame for InfoSec World 2019. So stay tuned, for all that and more, on this episode, of Enterprise Security Weekly! To get involved with ExtraHop, vist: https://securityweekly.com/extrahop

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit http://securityweekly.com/eswΒ for all the latest episodes!

  • April 18th 2019 at 09:00

Google hits brand slam stamping AMP with more crypto glam

All your URLs are belong to us

On Tuesday Google renovated its Accelerated Mobile Pages (AMP) web publishing format, making it more secure with less Chocolate Factory branding – a change certain to be welcomed by publishers committed to AMP.…

  • April 18th 2019 at 08:03

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

By noreply@blogger.com (Swati Khandelwal)
Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns

Malware Sample Delivered Through UDF Image, (Wed, Apr 17th)

I found an interesting phishing email which was delivered withΒ a malicious attachment: an UDF image (.img). UDF means β€œUniversal Disk Format” and, as said by Wikipedia[1], is an open vendor-neutral file system for computer data storage. It has supplented the well-known ISO 9660 format (used for burning CD & DVD)Β that was also used in previous campaign to deliver malicious files[2].
  • April 18th 2019 at 06:13

Vuln: FasterXML Jackson-databind CVE-2018-14718 Remote Code Execution Vulnerability

FasterXML Jackson-databind CVE-2018-14718 Remote Code Execution Vulnerability
  • April 18th 2019 at 00:00

Insane in the domain: Sea Turtle hackers pwn DNS orgs to dash web surfers on the rocks of phishing pages

Website settings altered to point visitors to malicious clones

Internet domain registrars and at least one registry were hijacked to change certain websites' DNS settings so that visitors to said sites were in fact directed to password-stealing phishing pages, researchers detailed on Wednesday.…

  • April 17th 2019 at 23:25

Gentoo Linux Security Advisory 201904-17

Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.
  • April 17th 2019 at 23:19

Gentoo Linux Security Advisory 201904-19

Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.
  • April 17th 2019 at 23:19

Ubuntu Security Notice USN-3914-2

Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.
  • April 17th 2019 at 23:19

Gentoo Linux Security Advisory 201904-18

Gentoo Linux Security Advisory 201904-18 - A vulnerability in libseccomp allows for privilege escalation. Versions less than 2.4.0 are affected.
  • April 17th 2019 at 23:19

Red Hat Security Advisory 2019-0782-01

Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.
  • April 17th 2019 at 23:19

Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic

By Jai Vijayan Freelance writer
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.

  • April 17th 2019 at 22:50

VPN Vulnerabilities Point Out Need for Comprehensive Remote Security

By Curtis Franklin Jr. Senior Editor at Dark Reading
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.

  • April 17th 2019 at 21:45

Tips for the Aftermath of a Cyberattack

By Kelly Sheridan Staff Editor, Dark Reading
Incident response demands technical expertise, but you can't fully recover without non-IT experts.

  • April 17th 2019 at 21:25

Researchers: Facebook’s Data-Leveraging Scandal Puts Users on Notice

By Lindsey O'Donnell
After a report revealed that Facebook used user data to leverage its relationships with other companies, researchers are stressing that both firms and users need to re-assess data privacy.

New Malware Campaign Targets Financials, Retailers

By Dark Reading Staff
The attack uses a legitimate remote access system as well as several families of malware.

  • April 17th 2019 at 19:41

Dark Web Drug Seller Sinmed Goes Downβ€”Thanks to ATM Withdrawals

By Brian Barrett
Investigators from the New York district attorney's office stumbled across dark web drug vendor "sinmed" thanks to suspicious ATM transactions.

Enough about me, why do you hate Kaspersky so much? Revealed: Insp Clouseau-esque bid to smear critics as shills

Please speak clearly for the tape... I mean, my ears

Interview A gauche "spy" has made clumsy efforts to get critics of Russian antivirus biz Kaspersky Lab to incriminate themselves as shills for rival security companies.…

  • April 17th 2019 at 18:33

Legacy Apps: The Security Risk Lurking in Dusty Corners

By Tim Buntel VP, Application Security Products, Threat Stack
Four best practices to keep old code from compromising your enterprise environment.

  • April 17th 2019 at 18:30

Ever-Sophisticated Bad Bots Target Healthcare, Ticketing

By Robert Lemos Technology Journalist/Data Researcher
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.

  • April 17th 2019 at 18:20

Inside the Dark Web's How-To Guides for Teaching Fraud

By Dark Reading Staff
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.

  • April 17th 2019 at 18:15
❌