Click2Mail Suffers Data Breach

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-2110PUBLISHED: 2019-10-11 In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro… CVE-2019-2114PUBLISHED: 2019-10-11 In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due…

October 12, 2019
Read More >>

7 SMB Security Tips That Will Keep Your Company Safe

With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks. 1 of 8 Here we are, nearly midway through the 16th annual National Cybersecurity Awareness Month (NCSAM), and while the good news is many large enterprises are more locked down than they were five or six years ago, it’s clear SMBs need some help. An August report by Untangle examining the current…

October 11, 2019
Read More >>

FBI: Phishing Can Defeat Two-Factor Authentication

A recent Privacy Industry Notification points to two new hacker tools that can turn a victim’s browser into a credential-stealing zombie. Human beings can be tricked. This fact is a hard-to-patch vulnerability in many systems. And that is the tl;dr version of a notice from the FBI that recently hit industry groups. According to the Private Industry Notification, criminals are bypassing two-factor authentication with a combination of well-known techniques including…

October 11, 2019
Read More >>

A Murderers’ Row of Poisoning Attacks

Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning and other attacks work can help you prepare the proper antidote. “Garbage in, Garbage out,” is a concept as old as computing. Results can be no better than the data used as input, and that is as true for network and application infrastructure as for enterprise applications. Attackers take advantage of this…

October 11, 2019
Read More >>

Creative Wi-Fi Passwords

Let’s see a hacker figure out one of these. [embedded content] Source: iwearyourshirt What security-related videos have made you laugh? Let us know! Send them to [email protected]. Beyond the Edge content is curated by Dark Reading editors and created by external sources, credited for their work. View Full Bio More Insights Source: http://www.darkreading.com

October 11, 2019
Read More >>

Close the Gap Between Cyber-Risk and Business Risk

Four steps outlining how security teams can better understand their company’s cyber-risk and demonstrate to company leadership what’s being done to mitigate the resulting business risk. In my role as CISO of a security company, I travel around the US and abroad quite a bit and have the opportunity to meet with security practitioners from many industry sectors. I also give talks and present to people on the front lines…

October 11, 2019
Read More >>

Build Your Cybersecurity Toolkit at Black Hat Europe in December

Now’s the time to start planning what to see and do at Black Hat Europe, which is jam-packed with relevant Briefings and Arsenal demos. Black Hat Europe kicks off in London this December, so it’s time to start looking over the Briefings schedule and Arsenal lineup to ensure you make the most of the event. Both are jam-packed with notable speakers and interesting content, so take advantage of the “Tracks”…

October 11, 2019
Read More >>

Of Interest

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-17504PUBLISHED: 2019-10-11 An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. CVE-2019-6333PUBLISHED: 2019-10-11 A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute…

October 11, 2019
Read More >>

iTunes Zero-Day Exploited to Deliver BitPaymer

The ransomware operators targeted an “unquoted path” vulnerability in iTunes for Windows to evade detection and install BitPaymer. Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report. Back in August, the Morphisec team noticed attackers targeting the network of an enterprise in the automotive industry. The researchers shared their discovery with Apple, and a…

October 11, 2019
Read More >>

AppSec ‘Spaghetti on the Wall’ Tool Strategy Undermining Security

At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds. New research suggests that the strategy for many companies to reduce application security risk is to simply stack up on multiple tools and hope they do the job. Radware recently surveyed some 300 senior executives, security researchers, app developers, and IT professionals from organizations with worldwide operations….

October 11, 2019
Read More >>