Login

Register

Login

Register

Category

software update

Auto Added by WPeMatico

Next-gen DevSecOps A revamped version of OWASP’s Software Assurance Maturity Model (SAMM) adds automation along with maturity measurements to the open source security-related framework. OWASP SAMM v2 – released on Tuesday after three years of refinement – is geared towards helping organizations that develop software to travel down the path towards becoming more secure. The...
Read More
Fresh attack vector lacks working exploit… for now Web applications with regex-enabled search may soon be forced to defend against a new exploit class, after a security researcher unveiled what he’s calling ‘blind regular expression injection attacks’. During the OWASP Night 2020/02 event in Tokyo last week, Japanese security researcher Takashi Yoneuchi revealed the fruits...
Read More
HTTPS padlock gives users a false sense of security when downloading files Chrome will start blocking HTTP downloads started on secure (HTTPS) web pages – so-called ‘mixed content downloads’ – in a phased rollout culminating in October’s release of Chrome 86. In a post published on the Google Security Blog last week, Joe DeBlasio of...
Read More
Users urged to update open source text editor UPDATED A security update has been released for the popular open source text editor TinyMCE after a researcher discovered a a cross-site scripting (XSS) vulnerability impacting three of its plugins. Marked as ‘high’ severity, the flaw allows for “arbitrary JavaScript execution when inserting a specially crafted piece...
Read More
Expired cert blamed on Microsoft Teams outage; rancor over Iowa caucus app; and an artist with 99 smartphones causes traffic mayhem in Berlin This week didn’t get off to the smoothest of starts for Microsoft Teams users, as widespread reports surfaced on Monday that the collaboration software had ground to a halt. From around 8:30...
Read More
Dutch institution regrets striking ‘devil’s bargain’ but said it had to put staff and students first Maastricht University in the Netherlands has paid out nearly $220,000 worth of bitcoin to restore critical systems that were hit by a ransomware attack last year. Affecting file, email, and backup servers, the cyber-attack prompted a network-wide shutdown and...
Read More
… but the battle goes far beyond mobile monitoring apps Apps that exist for monitoring purposes are available within seconds of a quick search on Google. All you need is access to a device to install it. Take Spyic – software that describes itself as a “remote monitoring app” that’s compatible with both Android and...
Read More
A relentless pace and lack of autonomy are fueling an underreported psychological crisis A new report has highlighted the problem of burnout in the cybersecurity industry, concluding that 30% of security team members experience “tremendous” stress at work. Cybersecurity accreditation non-profit CREST, which produced the report (PDF), says it’s a growing problem in the industry. “It...
Read More
Webmasters need to resolve non-compliant cookies by February 17 Upcoming changes to how the Chrome browser handles cookies will result in a “modest” amount of website breakage, Google warns. A new cookie classification scheme will debut in the newest version of Chrome this month, after which any cookie that does not have a designated SameSite...
Read More
Cloud bug condensed Researchers have documented how they discovered a critical vulnerability on the Microsoft Azure Cloud infrastructure. Code sanitization shortcomings posed a remote cloud execution risk in the Azure App Service before Microsoft addressed the problem last October. Microsoft acknowledged that the flaw was exploitable via Azure Cloud and Azure Stack. A write-up from...
Read More
Coronavirus postpones DEF CON China; Avast caught in the act; and the UK gives the go ahead to Huawei on 5G Disappointing news came out of Beijing this week after DEF CON announced that it would be cancelling its annual conference in Asia over coronavirus fears. The event, initially intended for April, was preparing for...
Read More
Red teamers exonerated Charges against two US security consultants who were arrested during a physical security test at an Iowa courthouse last September have been dropped. Justin Wynn and Gary DeMercurio, workers at security consultancy Coalfire, were arrested while in the process of conducting a physical penetration test and initially charged with burglary before charges...
Read More
debug_backtrace reloaded A PHP bug initially dismissed as posing no security threat could potentially enable code execution outside the sandbox in shared-server environments, a new exploit has revealed. Discovered in the popular website language nearly two years ago, the vulnerability can allow attackers to execute arbitrary code by bypassing restrictions implemented using PHP’s . The...
Read More
Preliminary proposals seen as ‘GDPR-lite’ but tough on maliciously identifying people online Doxxing could soon become a criminal offense in Hong Kong, as lawmakers confront a surge in the spread of private information online linked to ongoing anti-government protests. The recommendation, part of a raft of proposals to overhaul the 1996 Personal Data (Privacy) Ordinance...
Read More
Err, isn’t this just ZombieLoad? Doubts have arisen over the significance of a speculative execution vulnerability affecting Intel CPUs that was announced with breathless excitement on Monday. CacheOut – an exploit that was unveiled with a dedicated website and eye-catching logo – was said to trigger data leaks from the OS kernel, co-resident virtual machines...
Read More
Financial and reputational rewards far outweigh initial outlay, Cisco says Security teams who implement strengthened data handling practices are reaping rewards that stretch far beyond compliance, as a new report indicates that organizations are recouping an average of 2.7 times their financial investment in data privacy. Polled for a study published to coincide with Data...
Read More
Card skimmer crew suspected of infecting nearly 200 e-commerce sites An investigation into the abuse of the Magecart JavaScript skimmer to compromise hundreds of e-commerce websites has led to the arrest of three suspects in Indonesia. The as-yet unnamed suspects allegedly ran command and control (C2) servers associated with a Magecart skimming operation in Indonesia...
Read More
Outdated plugins become manna for online scammers Attackers have taken control of more than 2,000 WordPress websites via unpatched and end-of-life plugins in order to redirect unsuspecting visitors to survey-for-gifts scam websites, new research has revealed. Vulnerable plugins for the popular content management system include CP Contact Form with PayPal, a plugin with 3,000 plus...
Read More
Doubts raised over Bezos iPhone hack analysis; EU considers temporary ban on facial recognition; and full metal ATM skimming in Brazil Allegations that staff of Saudi ruler Prince Mohammed bin Salman hacked the mobile phone of Amazon boss Jeff Bezos propelled tech news to the front pages this week. Team Bezos claims his phone was...
Read More
Industrial control systems taken to pieces in ‘drama-filled’ live hacking event The inaugural edition of Pwn2Own Miami closed its doors on Thursday (January 23), with organizers from Trend Micro’s Zero Day Initiative (ZDI) heralding the industrial control systems live hacking event a success. Taking place as part of the S4 industrial security conference, Pwn2Own Miami...
Read More
1 2 3 4 5
Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW