Threat Level as of August 2019

MS ISAC LOW Status

On August 22, 2019, the Cyber Threat Alert Level was evaluated and is being lowered to Green (Low). Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

MS ISAC Threar Map Slide Aug19

"Knowledge about your enemies will help you win. Thus, treat threat intelligence with the respect it deserves and use it to protect your organization from all the relevant adversaries."

- How to Collect, Refine, Utilize and Create Threat Intelligence, October 2016, Gartner

Are you living in a SMART HOME?

SMART HOMES based on the IoT (Internet of Things - Amazon Alexa, Google Siri, Ring Doorbell etc) provide comfort & convenient management of our complicated life, however, SMART HOMES are also the largest threat to our privacy and risk of identity theft --

RSS Threats with IoTs

RSS IoT For All

  • Are We Going in the Right Direction as Far as IoT Devices are Concerned? September 21, 2019
    The post Are We Going in the Right Direction as Far as IoT Devices are Concerned? appeared first on IoT For All As an increasingly large percentage of consumer electronics feature networked computers in some way, privacy and safety issues have become hot button issues. Some end-users have remained oblivious to concerns while others are […]
  • How to Ensure IoT Security in a World That Cannot Be Trusted September 20, 2019
    The post How to Ensure IoT Security in a World That Cannot Be Trusted appeared first on IoT For All The challenges surrounding IoT security remain today’s primary adoption rate inhibitor. Along with VPNs, a popular solution to today's IoT security challenge is found in software-defined perimeters (SDPs). The post How to Ensure IoT Security […]
  • What Shadow IoT Is and How to Mitigate the Risk September 19, 2019
    The post What Shadow IoT Is and How to Mitigate the Risk appeared first on IoT For All The number of IoT devices is increasing by the day. It has become extremely difficult to keep track of the devices people bring to work. This leads to the emergence of shadow IoT - the devices that […]
  • Two Thirds of IT Teams Say It Will Be “Impossible” to Keep Workplace IoT Devices up to Date September 18, 2019
    The post Two Thirds of IT Teams Say It Will Be “Impossible” to Keep Workplace IoT Devices up to Date appeared first on IoT For All New research from Kollective explores the challenges with scaling and maintaining large-scale IoT networks The post Two Thirds of IT Teams Say It Will Be “Impossible” to Keep Workplace […]
  • Xcel Energy Taps Itron to Transform Utility Operations, Experience of 5M+ Customers September 18, 2019
    The post Xcel Energy Taps Itron to Transform Utility Operations, Experience of 5M+ Customers appeared first on IoT For All Itron and Xcel Energy entered an agreement to secure smart meters that will allow for collaboration to improve customer experience and utility operations using the distributed intelligence capabilities of Itron’s IoT solution. Xcel Energy provides […]

NIST National Vulnerabilty Database

Search the NIST database for a known vulnerability now ---

RSS National Vulnerability Database

  • CVE-2015-9408 (xpinner_lite) September 20, 2019
    The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
  • CVE-2019-4505 (websphere_application_server, websphere_virtual_enterprise) September 20, 2019
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
  • CVE-2019-16643 (zrlog) September 20, 2019
    An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
  • CVE-2019-4565 (security_key_lifecycle_manager) September 20, 2019
    IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
  • CVE-2015-9405 (wp-piwik) September 20, 2019
    The wp-piwik plugin before 1.0.5 for WordPress has XSS.
  • CVE-2019-16644 (tuzicms) September 20, 2019
    App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
  • CVE-2015-9407 (xpinner_lite) September 20, 2019
    The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
  • CVE-2015-9399 (wp-stats-dashboard) September 20, 2019
    The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
  • CVE-2015-9398 (gocodes) September 20, 2019
    The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
  • CVE-2015-9404 (neuvoo-jobroll) September 20, 2019
    The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

RSS National Vulnerability Database

  • CVE-2019-16649 September 21, 2019
    On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
  • CVE-2019-16650 September 21, 2019
    On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
  • CVE-2019-6145 September 20, 2019
    Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.
  • CVE-2019-6649 September 20, 2019
    F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
  • CVE-2019-15138 September 20, 2019
    The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
  • CVE-2019-6650 September 20, 2019
    F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
  • CVE-2014-10397 September 20, 2019
    The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.
  • CVE-2015-9406 September 20, 2019
    Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
  • CVE-2014-10396 September 20, 2019
    The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.
  • CVE-2018-17789 September 20, 2019
    Prospecta Master Data Online (MDO) allows CSRF.

RSS Tenable Product Security Advisories

  • [R1] Nessus 8.6.0 Fixes One Vulnerability August 13, 2019
    Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.
  • [R2] Nessus 8.5.0 Fixes Multiple Vulnerabilities June 25, 2019
    Nessus versions 8.4.0 and earlier were found to contain multiple XSS vulnerabilities due to improper validation of user-supplied input. For CVE-2019-3961, an unauthenticated, remote attacker could exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.
  • [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability May 14, 2019
    Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to address the potential impact of […]
  • [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities March 26, 2019
    Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and Moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues […]
  • [R1] Nessus 8.2.2 Fixes One Vulnerability January 30, 2019
    Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.
  • [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities December 20, 2018
    Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus […]
  • [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities December 20, 2018
    Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus […]
  • [R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities November 6, 2018
    SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers.
  • [R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities October 23, 2018
    Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus […]
  • [R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities October 23, 2018
    Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in […]

RSS The State of Security

  • Over 12,000 WannaCry Variants Detected in the Wild September 19, 2019
    Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August 2019, for instance, […]
  • A Guide on 5 Common LinkedIn Scams September 19, 2019
    The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. […]
  • #TripwireBookClub – Practical Binary Analysis September 19, 2019
    After an extended delay, we’ve finally reviewed our next book for #TripwireBookClub. This time around, we looked at Practical Binary Analysis written by Dennis Andriesse and published by No Starch Press. This book is a deep dive into binary analysis, and I think that it’s best just to quote the opening paragraph of the book’s […]
  • CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency September 18, 2019
    Mac users can't ignore the need to protect their computers from malware with up-to-date anti-virus software and other security tools. The post CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency appeared first on The State of Security.
  • TFlower Ransomware Targeting Businesses via Exposed RDS September 18, 2019
    A new crypto-ransomware threat called “TFlower” is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine’s exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with TFlower. At that point, […]
  • Concerns and Challenges for Effective Cloud Security September 18, 2019
    In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web […]
  • Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign September 17, 2019
    The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]
  • How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3 September 17, 2019
    Part 1: Laying the Groundwork for Achieving Certification In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Varying standards – […]
  • Spam Campaign Targeting German Users with Ordinypt Malware September 16, 2019
    A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line “Bewerbung via Arbeitsagentur – Eva Richterwhich,” which translates […]
  • The Top 10 Highest Paying Jobs in Information Security – Part 1 September 16, 2019
    Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion […]

RSS Attacks!

RSS Network Threats

RSS Mobile Device Threats

RSS Threats From Malware

RSS Threats to Data

RSS Cloud Threats

RSS Executive Decisions

RSS Security Strategy

RSS InfoSecurity Magazine

RSS Application and Cybersecurity Blog

  • A fresh, new look for the CMD+CTRL Cyber Range: Part 5 September 10, 2019
    As you’ve seen, we’re announcing a bunch of new features and improvements in our CMD+CTRL Cyber Range to give you an experience that you’ll remember. Over the past few weeks, we dove into these new features showing you exactly how this latest version can benefit you and your team. Today we finish the series presenting […]
  • A fresh, new look for the CMD+CTRL Cyber Range: Part 4 September 5, 2019
    As you’ve seen, we’re announcing a bunch of new features and improvements in our CMD+CTRL Cyber Range to give you an experience that you’ll remember. Over a few weeks, we’ll dive into these new features to provide you with an idea of what to expect. Today we’ll show you how quickly and easily you can […]
  • A fresh, new look for the CMD+CTRL Cyber Range: Part 3 September 4, 2019
    As you’ve seen, we recently launched a slew of new features and improvements in our CMD+CTRL Cyber Range - new metrics, new player report cards, new hints - all with the aim of providing an experience that you’ll remember. Over a few weeks, we’ll dive into these new features to give you an idea of […]
  • A Recap of CMD+CTRL at DEF CON 27 August 27, 2019
    I was happy to help host our fourth annual DEF CON contest with the CMD+CTRL Cyber Range. As always the competition was fierce, but this year even more so! We had over 200 teams and players play over the weekend - many of them dedicating large chunks of their conference time to the contest. With […]
  • A fresh, new look for the CMD+CTRL Cyber Range: Part 2 August 20, 2019
    We recently launched a host of new features and improvements in our CMD+CTRL Cyber Range - new metrics, new player report cards, new hints - all with the aim of providing an experience that you’ll remember. Over the next few weeks, we’ll dive into these new features to give you an idea of what to […]

RSS Naked Security

RSS Cyber security updates

RSS Cyber Security

RSS Cyber Attacks, Cyber Crime and Cyber Security

RSS Krebs on Security

  • Before He Spammed You, this Sly Prince Stalked Your Mailbox September 18, 2019
    A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: it was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these "advance fee" or "419" scams- - so-called […]
  • Man Who Hired Deadly Swatting Gets 15 Months September 17, 2019
    An Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison.
  • NY Payroll Company Vanishes With $35 Million September 11, 2019
    MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in countless people having money drained from their bank accounts and has left […]
  • Patch Tuesday, September 2019 Edition September 10, 2019
    Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on […]
  • Secret Service Investigates Breach at U.S. Govt IT Contractor September 9, 2019
    The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government […]
  • ‘Satori’ IoT Botnet Operator Pleads Guilty September 4, 2019
    A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the "Satori" botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
  • Spam In your Calendar? Here’s What to Do. September 3, 2019
    Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application […]
  • Feds Allege Adconion Employees Hijacked IP Addresses for Spamming September 2, 2019
    Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the […]
  • Phishers are Angling for Your Cloud Providers August 30, 2019
    Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client's brand and their customers. Here's a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction […]
  • Ransomware Bites Dental Data Backup Firm August 29, 2019
    PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack.

RSS McAfee Blogs

  • 5 Hidden Hashtag Risks Every Parent Needs Know September 21, 2019
    Adding hashtags to a social post has become second nature. In fact, it’s so common, few of us stop to consider that as fun and useful as hashtags can be, they can also have consequences if we misuse them. But hashtags are more than add-ons to a post, they are power tools. In fact, when […]
  • Cybersecurity Platforms: 8 Must-Have Attributes September 20, 2019
    Defending enterprises against the growing frequency and complexity of cyberattacks is becoming an ever-increasing burden to cybersecurity budgets and manpower. An ESG enterprise-class cybersecurity technology platform white paper commissioned by McAfee shows CISOs have “reached a tipping point where the current cybersecurity point tools are no longer acceptable.” Current high-cost, complex strategies using disconnected point […]
  • Is Your Medical Data Safe? 16 Million Medical Scans Left Out in the Open September 19, 2019
    Have you ever needed to get an X-ray or an MRI for an injury? It turns out that these images, as well as the health data of millions of Americans, have been sitting unprotected on the internet and available to anyone with basic computer expertise. According to ProPublica, these exposed records affect more than 5 million […]
  • Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness September 19, 2019
    The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is a key component of the federal government’s cybersecurity posture. This important program provides real-time, continuous monitoring of federal networks while also auditing networks for unauthorized changes. While the CDM program has been a boon to the security of many civilian agencies, there […]
  • Chapter Preview: It All Starts with Your Personal Data Lake September 19, 2019
    Once, not long ago, data was nestled in paper files or stored on isolated computer networks, housed in glassed-off, air-conditioned rooms. Now, data is digital, moves effortlessly, and gets accessed from devices and places around the world at breakneck speeds. This makes it possible for businesses, organizations, and even individuals to collect and analyze this […]
  • Solving the Gamer’s Dilemma: Security vs. Performance September 17, 2019
    As of last year, 2.2 billion1 people consider themselves gamers across the globe. Of that 2.2 billion, over 50% – 1.22 billion2 – play their game of choice on a PC. The sheer number of PC gamers throughout the world, however, has sparked the interest of cybercriminals and cyberthreats targeting gamers have spiked. Threats including malware, […]
  • Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know September 14, 2019
    I can’t recall the last time I gave my teenage daughter cash for anything. If she needs money for gas, I Venmo it. A Taco Bell study break with the roommates? No problem. With one click, I transfer money from my Venmo account to hers. She uses a Venmo credit card to make her purchase. […]
  • Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt September 12, 2019
    Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial […]
  • Countdown to MPOWER 2019: Survival Guide September 11, 2019
    This year, we’re excited to host the 12th annual MPOWER Cybersecurity Summit at the ARIA in Las Vegas, where fellow security experts will strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. With the show nearly upon us, I’m sharing a “survival guide” for first-time attendees and anyone […]
  • How To Practise Good Social Media Hygiene September 11, 2019
    Fact – your social media posts may affect your career, or worse case, your identity! New research from the world’s largest dedicated cybersecurity firm, McAfee, has revealed that two thirds (67%) of Aussies are embarrassed by the content that appears on their social media profiles. Yikes! And just to make the picture even more complicated, […]

RSS WeLiveSecurity

  • Week in security with Tony Anscombe September 20, 2019
    A nationwide data leak is believed to affect almost all citizens of Ecuador, putting them at risk of identity theft The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Universities warned to brace for cyberattacks September 19, 2019
    The UK’s cybersecurity agency also outlines precautions that academia should take to mitigate risks The post Universities warned to brace for cyberattacks appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Remote access flaws found in popular routers, NAS devices September 18, 2019
    In almost all tested units, the researchers achieved their goal of obtaining remote root-level access The post Remote access flaws found in popular routers, NAS devices appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Nearly all of Ecuador’s citizens caught up in data leak September 17, 2019
    The humongous collection of extensive personal details about millions of people could be a gold mine for scam artists The post Nearly all of Ecuador’s citizens caught up in data leak appeared first on WeLiveSecurity
    Tomáš Foltýn
  • Week in security with Tony Anscombe September 13, 2019
    ESET researchers found an undocumented backdoor used by the infamous Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. With the launch of the Safer Kids online initiative, a guide to help parents protect their kids when they take selfie. The discovery of a serious vulnerability […]
    Gabrielle Ladouceur Despins
  • A vulnerability in Instagram exposes personal information of users September 12, 2019
    The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. The post A vulnerability in Instagram exposes personal information of users appeared first on WeLiveSecurity
    Juan Manuel Harán
  • Selfies for kids – A guide for parents September 11, 2019
    Are you – and especially your children – aware of the risks that may come with sharing selfies? The post Selfies for kids – A guide for parents appeared first on WeLiveSecurity
    Tomáš Foltýn
  • ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group September 9, 2019
    ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East The post ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group appeared first on WeLiveSecurity
    ESET Research
  • Week in security with Tony Anscombe September 6, 2019
    This week, we present an introduction to the MITRE ATT&CK framework, the review of the mobile threats and vulnerabilities detected for mobile during the first half of 2019, and Firefox 69 new features. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Gabrielle Ladouceur Despins
  • Firefox 69: Third‑party tracking cookies and cryptomining now blocked by default September 6, 2019
    Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. The post Firefox 69: Third‑party tracking cookies and cryptomining now blocked by default appeared first on WeLiveSecurity
    Gabrielle Ladouceur Despins

RSS We Live CyberSecurity Feed

  • Week in security with Tony Anscombe September 20, 2019
    A nationwide data leak is believed to affect almost all citizens of Ecuador, putting them at risk of identity theft The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Universities warned to brace for cyberattacks September 19, 2019
    The UK’s cybersecurity agency also outlines precautions that academia should take to mitigate risks The post Universities warned to brace for cyberattacks appeared first on WeLiveSecurity
  • Remote access flaws found in popular routers, NAS devices September 18, 2019
    In almost all tested units, the researchers achieved their goal of obtaining remote root-level access The post Remote access flaws found in popular routers, NAS devices appeared first on WeLiveSecurity
  • Nearly all of Ecuador’s citizens caught up in data leak September 17, 2019
    The humongous collection of extensive personal details about millions of people could be a gold mine for scam artists The post Nearly all of Ecuador’s citizens caught up in data leak appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe September 13, 2019
    ESET researchers found an undocumented backdoor used by the infamous Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. With the launch of the Safer Kids online initiative, a guide to help parents protect their kids when they take selfie. The discovery of a serious vulnerability […]
  • A vulnerability in Instagram exposes personal information of users September 12, 2019
    The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. The post A vulnerability in Instagram exposes personal information of users appeared first on WeLiveSecurity
  • Selfies for kids – A guide for parents September 11, 2019
    Are you – and especially your children – aware of the risks that may come with sharing selfies? The post Selfies for kids – A guide for parents appeared first on WeLiveSecurity
  • ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group September 9, 2019
    ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East The post ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe September 6, 2019
    This week, we present an introduction to the MITRE ATT&CK framework, the review of the mobile threats and vulnerabilities detected for mobile during the first half of 2019, and Firefox 69 new features. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Firefox 69: Third‑party tracking cookies and cryptomining now blocked by default September 6, 2019
    Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. The post Firefox 69: Third‑party tracking cookies and cryptomining now blocked by default appeared first on WeLiveSecurity