Google Play Touts Certs in Quest For Enterprise Security
Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and
[...]
AuthorLindsey O Donnell
WordPress Plugin Removed After Zero Day Discovered
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
Source:
[...]
MyPillow and Amerisleep Targeted in Magecart Group Attacks
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
Source: Threat Post – Web
[...]
Cisco Patches High-Severity Flaws in IP Phones
The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or
[...]
Years-Long Phishing Campaign Targets Saudi Gov Agencies
The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of
[...]
ThreatList: DDoS Attack Sizes Drop 85 Percent Post FBI Crackdown
The FBI’s crackdown on 15 DDoS-for-hire sites appears to have had an impact on DDoS attacks, the average size for which dropped 85
[...]
Mirai Variant Goes After Enterprise Systems
The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises.
Source: Threat Post –
[...]
Lenovo Patches High-Severity Arbitrary Code Execution Flaws
Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.
Source: Threat Post – Mobile Security
[...]
Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’
Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns.
Source: Threat Post –
[...]
Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.
Source: Threat Post – Web Security – Threat Groups
[...]