Threat Level as of August 2019

MS ISAC LOW Status

On August 22, 2019, the Cyber Threat Alert Level was evaluated and is being lowered to Green (Low). Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

MS ISAC Threar Map Slide Aug19

"Knowledge about your enemies will help you win. Thus, treat threat intelligence with the respect it deserves and use it to protect your organization from all the relevant adversaries."

- How to Collect, Refine, Utilize and Create Threat Intelligence, October 2016, Gartner

Are you living in a SMART HOME?

SMART HOMES based on the IoT (Internet of Things - Amazon Alexa, Google Siri, Ring Doorbell etc) provide comfort & convenient management of our complicated life, however, SMART HOMES are also the largest threat to our privacy and risk of identity theft --

RSS Threats with IoTs

RSS IoT For All

  • Creating Your Personal IoT/Utility Dashboard Using Grafana, Influxdb & Telegraf on a Raspberry Pi November 12, 2019
    The post Creating Your Personal IoT/Utility Dashboard Using Grafana, Influxdb & Telegraf on a Raspberry Pi appeared first on IoT For All Create a personal IoT/ Utility dashboard using the latest frameworks and get familiar with the software development framework while doing so The post Creating Your Personal IoT/Utility Dashboard Using Grafana, Influxdb & Telegraf […]
  • Builtup Ventures to Present the Most Promising Israeli Startups at Mipim Proptech NYC November 12, 2019
    The post Builtup Ventures to Present the Most Promising Israeli Startups at Mipim Proptech NYC appeared first on IoT For All BuiltUp Ventures, an investor in early-stage proptech companies, is presenting the most promising Israeli startups at MIPIM PropTech NYC on November 12-13. The Tel Aviv- and New York-based venture capital firm has selected eight […]
  • EIR Healthcare Names Enlighted’s Innovative IoT Platform as Preferred Solution for Award-Winning MedModular Patient Rooms November 11, 2019
    The post EIR Healthcare Names Enlighted’s Innovative IoT Platform as Preferred Solution for Award-Winning MedModular Patient Rooms appeared first on IoT For All Enlighted's IoT technology is the latest addition to EIR Healthcare's MedModular patient rooms, which are nationally recognized as being the first patient rooms sold on Amazon and recently recognized with a Fast […]
  • How Blockchain and IoT Are Opening New Capabilities in the Construction Industry November 11, 2019
    The post How Blockchain and IoT Are Opening New Capabilities in the Construction Industry appeared first on IoT For All Blockchain and IoT are best viewed as business tools, not just some new technological innovations. When combined they have the potential to drive the construction industry towards effectiveness, accountability, and transparency. Whilst there are still […]
  • Shades Get Smarter with Hunter Douglas PowerView Motorization November 9, 2019
    The post Shades Get Smarter with Hunter Douglas PowerView Motorization appeared first on IoT For All Window treatments aren’t one-size-fits-all; Hunter Douglas combines connectivity and customization to suit any smart home. The post Shades Get Smarter with Hunter Douglas PowerView Motorization appeared first on IoT For All.

NIST National Vulnerabilty Database

Search the NIST database for a known vulnerability now ---

RSS National Vulnerability Database

  • CVE-2019-18854 (safe_svg) November 11, 2019
    A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring.
  • CVE-2019-18849 (tnef) November 11, 2019
    In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
  • CVE-2009-3614 (debian_linux, liboping) November 9, 2019
    liboping 1.3.2 allows users reading arbitrary files upon the local system.
  • CVE-2009-4011 (dtc-xen) November 9, 2019
    dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.
  • CVE-2019-5698 (virtual_gpu_manager) November 9, 2019
    NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.
  • CVE-2019-5701 (geforce_experience) November 9, 2019
    NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, […]
  • CVE-2019-5694 (gpu_driver) November 9, 2019
    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local […]
  • CVE-2019-5693 (gpu_driver) November 9, 2019
    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.
  • CVE-2019-5689 (geforce_experience) November 9, 2019
    NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.
  • CVE-2019-5692 (gpu_driver) November 9, 2019
    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.

RSS National Vulnerability Database

  • CVE-2019-15815 November 12, 2019
    ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
  • CVE-2019-17360 November 12, 2019
    A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
  • CVE-2018-21026 November 12, 2019
    A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
  • CVE-2019-18924 November 12, 2019
    Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.
  • CVE-2019-18655 November 12, 2019
    File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the URL. A similar issue to CVE-2019-17415, CVE-2019-16724, and CVE-2010-2331.
  • CVE-2019-18926 November 12, 2019
    Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.
  • CVE-2019-18925 November 12, 2019
    Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
  • CVE-2019-17234 November 12, 2019
    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.
  • CVE-2019-17235 November 12, 2019
    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure.
  • CVE-2019-17236 November 12, 2019
    includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.

RSS Tenable Product Security Advisories

  • [R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x November 4, 2019
    Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (PHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a stand-alone PHP patch to address the potential impact of these issues […]
  • [R1] Nessus 8.7.0 Fixes One Vulnerability October 22, 2019
    Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.
  • [R1] Nessus 8.6.0 Fixes One Vulnerability August 13, 2019
    Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.
  • [R2] Nessus 8.5.0 Fixes Multiple Vulnerabilities June 25, 2019
    Nessus versions 8.4.0 and earlier were found to contain multiple XSS vulnerabilities due to improper validation of user-supplied input. For CVE-2019-3961, an unauthenticated, remote attacker could exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.
  • [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability May 14, 2019
    Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to address the potential impact of […]
  • [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities March 26, 2019
    Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and Moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues […]
  • [R1] Nessus 8.2.2 Fixes One Vulnerability January 30, 2019
    Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.
  • [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities December 20, 2018
    Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus […]
  • [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities December 20, 2018
    Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus […]
  • [R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities November 6, 2018
    SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers.

RSS The State of Security

  • VERT Threat Alert: November 2019 Patch Tuesday Analysis November 12, 2019
    Today’s VERT Alert addresses Microsoft’s November 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-859 on Wednesday, November 13th. In-The-Wild & Disclosed CVEs CVE-2019-1429 A vulnerability in the scripting engine in Internet Explorer can lead to code execution. The attacker could corrupt memory and execute code in […]
  • Mexico’s Pemex Said It Quickly Neutralized Digital Attack November 12, 2019
    Mexican state-owned petroleum company Petroleos Mexicanos (Pemex) said that it quickly neutralized a digital attack that struck its computer systems. In a statement released on November 11, a spokesperson for Pemex said that the company had quickly responded to digital attacks that struck its systems a day before. This response time helped limit the breadth […]
  • What Is NIST’s Cybersecurity Framework Manufacturing Profile? November 12, 2019
    Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” directed the development of the voluntary Cybersecurity Framework that provides a prioritized, flexible, repeatable, performance-based and cost-effective approach to manage cybersecurity risk for those processes, information and systems directly involved in the delivery of critical infrastructure services. To address the sector specific cybersecurity challenges of the manufacturing industry, […]
  • BlueKeep: What you Need to Know November 11, 2019
    What is BlueKeep? BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion […]
  • Moving to the Cloud to Save Money? Think Again… November 11, 2019
    When I meet with customers, I always ask about their primary objective in moving to the cloud. The majority of these customers have the same response: “to save money.” I can’t blame customers for taking this position. Google “cloud deployment” and the headers are dominated by positive articles that offer up anecdotal evidence of how […]
  • Texas HHS Commission Penalized $1.6M for HIPAA Violations November 8, 2019
    The Texas Health and Human Services Commission (TX HHS) must pay a civil penalty of $1.6 million for having violated HIPAA. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) imposed the penalty in response to HIPAA violations that took place between 2013 and 2017. Prior to reorganizing […]
  • Phishing Campaign Used Subpoena-Themed Email to Deliver Infostealer November 7, 2019
    Digital fraudsters launched a new phishing campaign that used subpoena-themed emails to deliver information-stealing malware. Detected by Cofense, the campaign targeted employees of insurance and retail companies with phishing emails informing them that they had been subpoenaed. The emails instructed recipients to click on a link so that they could learn more about the case. […]
  • Thunder on the Horizon: 4 Security Threats for the Cloud November 7, 2019
    Security is both a benefit and a concern for enterprises when it comes to cloud computing. On the one hand, Datamation found in its State of the Cloud, 2019 survey that many organizations are moving to the cloud because they found that cloud-service providers (CSPs) offer better all-around security than they could achieve by themselves. […]
  • Escaping the Egregious Eleven – Part One November 7, 2019
    Helping to define and examine the top perceived cloud security threats of the day, the ‘Egregious Eleven’ is the most recent iteration in an evolving set of summary reports published by the Cloud Security Alliance (CSA). It follows on from the ‘Treacherous Twelve,’ which they defined for us in 2016, and the ‘Notorious Nine,’ which […]
  • New MegaCortex Ransomware Variant Changes Victims’ Windows Passwords November 6, 2019
    Researchers discovered a new variant of the MegaCortex ransomware family that changes a victim’s Windows password upon execution. Discovered by MalwareHunterTeam and reverse engineered by Vitali Kremez, the threat seized the attention of Bleeping Computer when its ransom note stated that “All of your user credentials have been changed and your files have been encrypted.” […]

RSS Attacks!

RSS Network Threats

RSS Mobile Device Threats

RSS Threats From Malware

RSS Threats to Data

RSS Cloud Threats

RSS Executive Decisions

RSS Security Strategy

RSS InfoSecurity Magazine

RSS Application and Cybersecurity Blog

  • Five Ways to Train Security Champions in Cross-Functional DevOps Teams November 6, 2019
    As organizations seek to better embed security into DevOps and Agile software development, they’re going to need to find better ways of scaling security knowledge across cross-functional teams.
  • Attack in Autumn - A Record-Breaking Recap October 28, 2019
    Over the last year our team has been excited to see a small but passionate community forming around our Cyber Range events. This community has solved tens of thousands of challenges, provided invaluable feedback, shared their stories in profiles to help others learn, and given back in numerous other ways. For Attack in Autumn 2019 this community […]
  • Software Total Risk Management (SToRM) – Modernizing Our Thinking October 15, 2019
    Our world is driven by software. Our phones, homes, cars, commerce, and communication all depend on it. The marvelous conveniences of our on-demand economy have also created large attack surfaces for our adversaries. An always-on connected-everywhere world doesn’t just put digital data at risk anymore. The cyber/physical boundaries are quickly disappearing. And if you subscribe […]
  • From Academic Anthropologist to Cybersecurity: Lessons Learned October 8, 2019
    Entering the world of cybersecurity can be a process that has many more questions than answers, particularly if you don’t have a community to help you along the way. Finding the resources, guidance, and time to jump into a challenging field can intimidate many and often discourages talented minds from fully exploring their capabilities.
  • Prepare to Attack in Autumn October 2, 2019
    We still love feedback! Our quarterly event series launched last December with hundreds of participants and dozens of great suggestions. Since then we’ve had two more quarterly events, hosted dozens of OWASP, ISSA, and conference Cyber Ranges, and received inboxes full of overwhelmingly positive suggestions. This feedback has allowed our team to provide even more […]

RSS Naked Security

RSS Cyber security updates

RSS Cyber Security

  • Google Confirms Play Store Security Threat: Here’s The Fix—But Does It Make You Safer? November 11, 2019
    submitted by /u/Nereval [link] [comments]
  • Best security-oriented home/small office router recommendations? November 10, 2019
    Howdy folks, I'm shopping for a new small office router with security as a primary consideration. I need SNMP, QoS, IDS/IPS, VPN, firewall, MAC filtering, and at least 4 VLANs if possible. Wireless not necessary. If anyone knows of such a thing, and which is the best, I'd sure appreciate any input. Thanks in advance. […]
  • Best practices for traveling in China and returning to the US November 8, 2019
    I was just traveling in China with an iPhone X and Lenovo work laptop. I followed general good security practices like disabling Bluetooth, encrypting devices, etc. Do I need to completely wipe/reset my laptop and iphone? If I don't and connect to a wifi network do I risk infecting other devices on my network with […]
  • New Mini Documentary Examines How University of New Haven is Addressing Cybersecurity Talent Gap, Preparing Workforce of the Future November 5, 2019
    submitted by /u/ZihanT [link] [comments]
  • Where to go after security+ November 5, 2019
    I'm trying to find out the best path after completing my Security+ exam a few months ago. I'm working on the government side as a background and have been in IT for 3 years now. I'm looking to break into Cyber Security/IA. I've been looking at either CySa or CAP. In terms of a next […]
  • What is your plan if the major ISP's go dark? November 4, 2019
    I am trying to research what to do if some/all of the major ISP's suffered a crippling attack. What is your plan, if any, to maintain access to the internet if your home ISP stops working? For preface, I am a novice and just trying to learn. This question may be poorly worded. Any and […]
  • Entry level Cyber Sec Job? November 4, 2019
    Okay so this is my first post in this subreddit, if I posted my question in the wrong place please bare with me.... So I’m going to be graduating next semester with a degree in computer science and a concentration in cyber security. I’m curious as to what an entry level position with my qualifications […]
  • Job in Cyber security November 4, 2019
    Will a degree in computer information assurance and security allow me to get in to the Cyber security field? submitted by /u/Hoover-92 [link] [comments]
  • Wanting to start learning early November 1, 2019
    Im currently 16 and living in a rural area, so not many cyber security experts up around me. I have started looking at online courses for Cyber Security and I just really want to learn the bare basics of it all and slowly understand it. Anyone have any recommendations? What should I learn first? submitted […]
  • Your Opinioun Matters! November 1, 2019
    I'm a kind of an enthusiast in trying to get myself as secure as possible at a lowprice without investing to much time either. Currently using an S8 with a custom rom, Magisk and a not properly implented Nethunter (rofl). I'm using Wireguard to tunnel my VPN, Orbot(with VPN) + Tor on the Go and/or […]

RSS Cyber Attacks, Cyber Crime and Cyber Security

RSS Krebs on Security

  • Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin November 11, 2019
    Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and […]
  • Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks November 7, 2019
    Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security -- […]
  • NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm November 3, 2019
    Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used […]
  • Breaches at NetworkSolutions, Register.com, and Web.com October 30, 2019
    Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.
  • Takeaways from the $566M BriansClub breach October 29, 2019
    Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world's largest financial institutions tend to have a much better idea of which merchants and which bank cards have been breached than do the thousands of smaller […]
  • Cachet Financial Reeling from MyPayrollHR Fraud October 25, 2019
    When NY based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payments processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.
  • Ransomware Hits B2B Payments Firm Billtrust October 22, 2019
    Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups.
  • Avast, NordVPN Breaches Tied to Phantom User Accounts October 22, 2019
    Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that -- while otherwise unrelated -- shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.
  • When Card Shops Play Dirty, Consumers Win October 17, 2019
    Cybercrime forums have been abuzz this week over news that BriansClub -- one of the underground's largest shops for stolen credit and debit cards -- had been hacked, and its inventory of 26 million cards leaked to security contacts in the banking industry. Now it appears this brazen heist may have been the result of […]
  • “BriansClub” Hack Rescues 26M Stolen Cards October 15, 2019
    "BriansClub," a popular underground store for buying stolen credit card data that uses Yours Truly's likeness in its advertising, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records […]

RSS McAfee Blogs

  • Threat Hunting or Efficiency: Pick Your EDR Path? November 12, 2019
    “Do You Want It Done Fast, Or Do You Want It Done Right?” “Yes.” “Help out more with our business objectives.” “Cover an increasing number of endpoints.” “Cut budgets.” “Make it all work without adding staff.” Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 […]
  • It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Black Friday & Cyber Monday Purchases November 11, 2019
    As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at […]
  • Sadfishing, Deepfakes & TikTok: Headlines You May Have Missed November 9, 2019
    Technology trends move fast and the digital newsfeeds run non-stop. No worries, we’ve got your backs, parents. Here are three important headlines you may have missed about some of the ways kids are using their devices and how you can coach them around the risks. What’s Sadfishing and is Your Child Doing it Online? Sadfishing […]
  • Spanish MSSP Targeted by BitPaymer Ransomware November 8, 2019
    Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new but, by interacting with one of the cases in Spain, we want to highlight in this blog how well prepared and targeted an attack can be and how it appears to […]
  • Veterans Day U.S. – A McAfee MoM’s Reflection November 7, 2019
    By: Deb, Executive Assistant, Plano TX On Monday, November 11, the U.S. celebrates Veterans Day. We at McAfee U.S. are able to spend this holiday paying tribute to coworkers, friends and family members who have served our country in the various branches of military service. Being able to honor, celebrate and remember our nation’s heroes […]
  • Buran Ransomware; the Evolution of VegaLocker November 5, 2019
    McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware […]
  • Are Some Phone Charging Cables Dangerous to Plug in? November 5, 2019
    We’ve all felt helpless as our phone’s battery dwindles in a moment of dire need. 25%…15%… 5%. The panic sets in, and suddenly, any port in the proverbial storm will do. You start outlet hunting and maybe even ask strangers if you can borrow their cable. But have you ever wondered whether every charging station […]
  • Helping Kids Think Critically About Influencers They Follow Online November 3, 2019
    When I was a teenager, my role model was Olympic gymnast Mary Lou Retton. I admired everything about her. I cut my hair like hers and brushed my teeth three times a day, determined to get my smile to sparkle like hers. I even started eating Wheaties when she endorsed them, thinking it would help […]
  • What You Need to Know About the Google Chrome Vulnerabilities November 1, 2019
    While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720). […]
  • ST12: IoT in Energy & Manufacturing November 1, 2019
    In this episode, security operations solutions strategists Andrew Lancashire and Kate Scarcella discuss the world of Internet of Things inside the Energy and Manufacturing industries. The post ST12: IoT in Energy & Manufacturing appeared first on McAfee Blogs.

RSS WeLiveSecurity

  • Can regulations improve cybersecurity? In APAC, opinions vary November 12, 2019
    An ESET-commissioned survey among enterprises also shows that while respondents in most countries agree on the need to bolster cyber-defenses, some are reluctant to adopt cybersecurity solutions The post Can regulations improve cybersecurity? In APAC, opinions vary appeared first on WeLiveSecurity
    Amer Owaida
  • First BlueKeep attacks prompt fresh warnings November 11, 2019
    The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store The post First BlueKeep attacks prompt fresh warnings appeared first on WeLiveSecurity
    Amer Owaida
  • Week in security with Tony Anscombe November 8, 2019
    To mark this year’s Antimalware Day, we outlined five simple ways to increase engagement and instill cybersecurity awareness in the workplace The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Tomáš Foltýn
  • How much do data breaches affect stock prices? November 7, 2019
    A study looks at just how badly the news of a data breach impacts the company’s share price, revealing some surprising findings The post How much do data breaches affect stock prices? appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Android keyboard app caught red‑handed trying to make sneaky purchases November 5, 2019
    The virtual keyboard app ai.type, which has racked up 40 million downloads, has been found to sign up users to premium services without their consent The post Android keyboard app caught red‑handed trying to make sneaky purchases appeared first on WeLiveSecurity
    Amer Owaida
  • Five ways to strengthen employee cybersecurity awareness November 5, 2019
    How can organizations foster a workplace environment that enables employees to acquire the skills needed to keep cyber-threats at bay? The post Five ways to strengthen employee cybersecurity awareness appeared first on WeLiveSecurity
    Juan Manuel Harán
  • Antimalware Day 2019: Building a culture of cybersecurity awareness November 3, 2019
    The introduction to a series of articles marking this year’s Antimalware Day and highlighting the importance of cyber-readiness The post Antimalware Day 2019: Building a culture of cybersecurity awareness appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Week in security with Tony Anscombe November 1, 2019
    When we hear about a breach, we assume that attackers used a fiendish exploit to breach the victim's defenses – but is this how breaches typically occur? The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Safe downloading habits: What to teach your kids November 1, 2019
    Even if you are careful about what you download, chances are your children will be less cautious. Here’s how you can help them – and your entire family – stay safe. The post Safe downloading habits: What to teach your kids appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Deepfakes: When seeing isn’t believing October 31, 2019
    Is the world as we know it ready for the real impact of deepfakes? The post Deepfakes: When seeing isn’t believing appeared first on WeLiveSecurity
    Jake Moore

RSS We Live CyberSecurity Feed

  • Can regulations improve cybersecurity? In APAC, opinions vary November 12, 2019
    An ESET-commissioned survey among enterprises also shows that while respondents in most countries agree on the need to bolster cyber-defenses, some are reluctant to adopt cybersecurity solutions The post Can regulations improve cybersecurity? In APAC, opinions vary appeared first on WeLiveSecurity
  • First BlueKeep attacks prompt fresh warnings November 11, 2019
    The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store The post First BlueKeep attacks prompt fresh warnings appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe November 8, 2019
    To mark this year’s Antimalware Day, we outlined five simple ways to increase engagement and instill cybersecurity awareness in the workplace The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • How much do data breaches affect stock prices? November 7, 2019
    A study looks at just how badly the news of a data breach impacts the company’s share price, revealing some surprising findings The post How much do data breaches affect stock prices? appeared first on WeLiveSecurity
  • Android keyboard app caught red‑handed trying to make sneaky purchases November 5, 2019
    The virtual keyboard app ai.type, which has racked up 40 million downloads, has been found to sign up users to premium services without their consent The post Android keyboard app caught red‑handed trying to make sneaky purchases appeared first on WeLiveSecurity
  • Five ways to strengthen employee cybersecurity awareness November 5, 2019
    How can organizations foster a workplace environment that enables employees to acquire the skills needed to keep cyber-threats at bay? The post Five ways to strengthen employee cybersecurity awareness appeared first on WeLiveSecurity
  • Antimalware Day 2019: Building a culture of cybersecurity awareness November 3, 2019
    The introduction to a series of articles marking this year’s Antimalware Day and highlighting the importance of cyber-readiness The post Antimalware Day 2019: Building a culture of cybersecurity awareness appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe November 1, 2019
    When we hear about a breach, we assume that attackers used a fiendish exploit to breach the victim's defenses – but is this how breaches typically occur? The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Safe downloading habits: What to teach your kids November 1, 2019
    Even if you are careful about what you download, chances are your children will be less cautious. Here’s how you can help them – and your entire family – stay safe. The post Safe downloading habits: What to teach your kids appeared first on WeLiveSecurity
  • Deepfakes: When seeing isn’t believing October 31, 2019
    Is the world as we know it ready for the real impact of deepfakes? The post Deepfakes: When seeing isn’t believing appeared first on WeLiveSecurity