CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
by Augusto Remillano II and Robert Malagad In March 2019, Atlassian published an advisory covering two critical vulnerabilities involving Confluence, a widely used collaboration and planning software. In April, we observed one of these vulnerabilities, the widget connector vulnerability CVE-2019-3396, being exploited by threat actors to perform malicious attacks. Security provider Alert Logic also discovered […] more…UK Publishes Proposed Regulation for IoT Device Security
The UK government has published a consultation document on the proposed regulation of consumer IoT devices. The consultation is not designed to see whether regulation is necessary, but to help the government “make a decision on which measures to take forward into legislation.” read more more…Vulnerabilities Found in Over 100 Jenkins Plugins
A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more more…Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada. We started detecting the attacks against multiple campus store websites on April 14, during which the sites were injected with […] more…Confused about Cybersecurity Platforms? We Can Help.
“Cybersecurity platform” continues to be an industry buzzword. Vendors talk about it at industry events, and many analysts. But can every vendor claim to offer a platform and also be credible? More importantly, how does that help your business? The security industry has evolved by responding to emerging threats with new, shiny tools, resulting in […] more…Xinjiang Surveillance App Targets Legal, Everyday Behaviour: Rights Group
Chinese authorities are using a mobile app designed for mass surveillance to profile, investigate and detain Muslims in Xinjiang by labelling “completely lawful” behaviour as suspicious, a Human Rights Watch report said Thursday. read more more…Why Data Security Is Important
The Increasing Regulatory Focus on Privacy The ongoing trend of data breaches and the increasing privacy risks associated with social media continue to be a national and international concern. These issues have prompted regulators to seriously explore the need for new and stronger regulations to protect consumer privacy. Some of the regulatory solutions focus on […] more…Microsoft Expands Security and Compliance Features for 365 Customers
Microsoft this week announced more control and options designed to provide Microsoft 365 customers with the ability to strengthen their data privacy and compliance practices. Following the update, customers get new capabilities as part of Microsoft 365 E5 and E5 Compliance (previously known as Information Protection & Compliance). read more more…‘Privacy-Focused’ Facebook Puts the Spotlight on Groups
Facebook is launching a major redesign of its app and website built around letting people connect with groups that share their interests — an attempt to shift its focus away from the untrammeled public sharing that has helped spread hate speech, extremism, misinformation and livestreamed video of massacres. read more more…Why local governments are a hot target for cyberattacks
Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S. On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the internet due to what officials said was a RobinHood ransomware infection, a […] more…Difference Between Pool Heat Pumps and Pool Heaters
Swimming season is a time a lot of us look forward to each year. Some of us are lucky enough to live in areas where the climate rarely changes, while others only get a set amount of time to enjoy the beautiful water in a swimming pool. Pool heat pumps and heaters are the best […] more…How to Improve Back Door Security
Gaining access to a home through backdoor is one of the most preferred methods of burglary. Usually, backdoors are not in plain sight, which provides enough time for thieves to break into a house. Due to the lack of visibility, back doors are also the most common targets of burglars in the United States accounting […] more…ImmuniWeb Launches Free Testing Tool for Website Security and PCI Compliance
Swiss-based web security company ImmuniWeb, known until recently as High-Tech Bridge, on Monday announced the availability of a free tool designed for testing websites. read more more…How to Arrange Flowers Properly – The Ultimate Guide
When you have a nice bouquet of flowers, it can be an art trying to arrange them properly. So, this is why we thought we would guide you through the steps require on how to arrange flowers properly. How to Arrange Flowers – Step-by-Step Guide to Follow Step 1 Bring together your materials. You will […] more…Digital Parenting: ‘Eat Your Veggies, Brush Your Teeth, Strengthen Your Passwords’
As adults, we know the importance of strong passwords, and we’ve likely preached the message to our kids. But let’s rewind for a minute. Do our kids understand why strong passwords are important and why it needs to become a habit much like personal health and hygiene? If we want the habit to stick, the […] more…7 Ways to Use Glass Boards to Entirely Change the Look of your Office Ambiance
Would you like working in an office space with a boring and dull looking interior? Obviously, you would like to work in a space having an atmosphere that gives positive vibes. Thus, adding charm and elegance to your office’s interior is important because appealing interior décor and aesthetics not only attract skilled employees but also […] more…More information
- Apono Raises $15.5 Million for Cloud Access Platform
- Zyxel Patches Critical Vulnerability in NAS Firmware
- State AGs Send Letter to Meta Asking It to Take ‘Immediate Action’ on User Account Takeovers
- Online Learning – Does It Pay Off?
- Tips for Hardening Networks Against IoT-based DDoS Attacks
- Credential Harvesting Campaign Targets Unpatched NetScaler Instances
- Russian Cyberspies Use UEFI Rootkit in Attacks
- 12 privacy-destroying technologies that should scare you
- Serious XSS vulnerability discovered in Signal
- Plenty Of Fish hooked by Canada’s anti-spam laws, faces 48k penalty