FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Yesterday β€” May 26th 2020Your RSS feeds

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

By noreply@blogger.com (Unknown)
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the
  • May 26th 2020 at 14:40

The Problem with Artificial Intelligence in Security

By Dr. Leila Powell Lead Security Data Scientist, Panaseer
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.

  • May 26th 2020 at 14:00

Certifications compared: Linux+ vs RHCSA/RHCE

By Daniel Brecht

Introduction: Linux talent most sought-after by employers In the past couple of years, there has been a growing demand for open source skills in order to fill shortage gaps. According to the 2018 Open Source Technology Jobs Report, 87% of surveyed hiring companies had difficulties finding the right talents, and 83% are prioritizing hiring professionals […]

The post Certifications compared: Linux+ vs RHCSA/RHCE appeared first on Infosec Resources.


Certifications compared: Linux+ vs RHCSA/RHCE was first posted on May 26, 2020 at 8:05 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Recruiting externally vs. training internally: 5 tips to improve your cybersecurity talent pipeline in 2020

By Patrick Mallory

Introduction If you are in the market for cybersecurity talent, you do not need to hear (again) just how hard it is to find candidates for your job postings. Across every industry and organizations big and small, you see the impact that each one of the 3.5 million unfilled cybersecurity jobs have on operations. Instead, […]

The post Recruiting externally vs. training internally: 5 tips to improve your cybersecurity talent pipeline in 2020 appeared first on Infosec Resources.


Recruiting externally vs. training internally: 5 tips to improve your cybersecurity talent pipeline in 2020 was first posted on May 26, 2020 at 8:03 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

6 tips for getting a salary increase in cybersecurity

By Christine McKenzie

Whether you’re saving up for a dream house or simply want some extra spending money on the weekend, getting a salary raise in cybersecurity will certainly help you achieve your financial goals. However, going out and getting the salary bump can often feel easier said than done!Β  So, what are some things you can do […]

The post 6 tips for getting a salary increase in cybersecurity appeared first on Infosec Resources.


6 tips for getting a salary increase in cybersecurity was first posted on May 26, 2020 at 8:01 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

Fraud is a big issue for etailer, but there are privacy and consent concerns too

Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running on your machine.…

  • May 26th 2020 at 12:39

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

By Elizabeth Montalbano
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.

Europol, Capgemini team up in cybercrime prevention, awareness campaigns

Capgemini is now also supporting the No More Ransom Project.
  • May 26th 2020 at 12:01

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in β€œmaterial” changes at Forescout. The company disagrees.
  • May 26th 2020 at 11:26

Trump's New Intelligence Chief Spells Trouble

By Garrett M. Graff
John Ratcliffe is the least-qualified director of national intelligence in historyβ€”and a staunch partisan as well.

EasyJet faces Β£18 billion class-action lawsuit over data breach

The lawsuit aims to secure up to Β£2,000 per impacted customer.
  • May 26th 2020 at 10:38

Galaxy S20 security is already old hat as Samsung launches new safety silicon

Passport-grade chippery to help mobile devices prove their identity

Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…

  • May 26th 2020 at 10:32

Turla hacker group steals antivirus logs to see if its malware was detected

Turla, one of Russia's most advanced hacker groups, has created malware that gets its orders from email attachments sent to an arbitrary Gmail inbox.
  • May 26th 2020 at 09:30

Contact-tracing app may become a permanent fixture in major Chinese city

Hangzhou wants a 'health and immunity firewall'

One of China's major tech hubs is planning to make a health and movement tracking system developed to fight the COVID-19 epidemic a permanent fixture in daily life.…

  • May 26th 2020 at 06:02

RangeAmp attacks can take down websites and CDN servers

Twelve of thirteen CDN providers said they fixed or planned to fix the problem.
  • May 25th 2020 at 21:28

Thousands of enterprise systems infected by new Blue Mockingbird malware gang

Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.
  • May 25th 2020 at 14:33

How much can I make in cybersecurity?

By Daniel Brecht

Introduction: The cybersecurity job market Cybersecurity is a growing field, and with the shortage of specialists expected to grow and the prospect of up to 3.5 million unfilled job positions by 2021, it’s a good time to enter the profession. In the cybersecurity labor market, there’s an increasingly high demand with a relatively low supply, […]

The post How much can I make in cybersecurity? appeared first on Infosec Resources.


How much can I make in cybersecurity? was first posted on May 25, 2020 at 8:00 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Don't Be Fooled by Covid-19 Contact-Tracing Scams

By Lily Hay Newman
Fraudsters have found yet another way to take advantage of the pandemic.

What is the dark web? Your questions answered, in plain English

By Paul Ducklin
Watch this new video from our YouTube channel - the dark web explained without jargon or judgment.

Pre-authentication, remote root hole in call-center software? Thanks, Cisco. Just what a long weekend needs

This and more bits and bytes from infosec world

Roundup It's once again time to catch up on the latest happenings from the world of infosec.…

  • May 25th 2020 at 09:31

Monday review – the hot 16 stories of the week

By Naked Security writer
From virtual machine ransomware to changes in Signal secure messaging - and everything in between. It's your weekly roundup time.

Monday Review

Zloader Maldoc Analysis With xlm-deobfuscator, (Sun, May 24th)

Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).
  • May 25th 2020 at 07:09

[remote] Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)

Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
  • May 25th 2020 at 00:00

[webapps] Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting

Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
  • May 25th 2020 at 00:00

[webapps] Online Discussion Forum Site 1.0 - Remote Code Execution

Online Discussion Forum Site 1.0 - Remote Code Execution
  • May 25th 2020 at 00:00

[local] GoldWave - Buffer Overflow (SEH Unicode)

GoldWave - Buffer Overflow (SEH Unicode)
  • May 25th 2020 at 00:00

[webapps] Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)

Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
  • May 25th 2020 at 00:00

[remote] Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)

Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
  • May 25th 2020 at 00:00

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

By Elizabeth Montalbano
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

By noreply@blogger.com (Ravie Lakshmanan)
Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with
  • May 26th 2020 at 09:36

Two years later, has GDPR fulfilled its promise?

By Tony Anscombe

Has the landmark law helped build a culture of privacy in organizations and have consumers become more wary of sharing their personal data?

The post Two years later, has GDPR fulfilled its promise? appeared first on WeLiveSecurity

Before yesterdayYour RSS feeds

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

By noreply@blogger.com (Ravie Lakshmanan)
The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version. Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said "every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next
  • May 25th 2020 at 08:02

Wireshark 3.2.4 Released, (Sun, May 24th)

Wireshark version 3.2.4 was released.
  • May 24th 2020 at 18:07
❌