Collaborate Disseminate
With the April 15th filing deadline date just a week away, it’s important to stay vigilant and be on the lookout for tax scams. For most of us tax season is an anxious time, and criminals are eager to take advantage of our anxiety. During … Continue reading Lookout for Tax Scams
Roughly 28 million users have downloaded a malicious version of a popular open source framework that masquerades as the real thing, but in fact gives a hackers a back door into applications. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability is serious — hackers […]
The post Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution appeared first on CyberScoop.
The potential threat posed by Huawei to the UK national infrastructure continues to be played out. GCHQ called for a ban on Huawei technology within UK critical networks, such as 5G networks, while Three said a Huawei ban would delay the UK 5… Continue reading Cyber Security Roundup for March 2019
This is your Shared Security Weekly Blaze for March 18th 2019 with your host, Tom Eston. In this week’s episode: Equifax and Marriott data breach updates, facial recognition coming to 20 US airports, and the Citrix password spraying attack. Prote… Continue reading Equifax and Marriott Data Breach Updates, Facial Recognition at the Airport, Citrix Password Spraying Attack
Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an u… Continue reading Iranian APT, Equifax, & Crowdfense – Hack Naked News #210
Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job. Continue reading Where’s the Equifax Data? Does It Matter?
Data-exposure “lowlights” for the week ending Feb. 15, 2019. Continue reading Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps
In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome ext… Continue reading Application News – Application Security Weekly #50
Watch this episode on our YouTube Channel! This is your Shared Security Weekly Blaze for January 28th 2019 with your host, Tom Eston. In this week’s episode: Where are the US federal privacy regulations and details on Nest camera’s being hi… Continue reading The Lack of US Privacy Regulations, Nest Camera’s Hijacked – WB53
Like most of the security community, I have spent hours digesting the recently released U.S. House of Representatives Committee on Oversight and Government Reform report on the Equifax breach. I read the report with a mix of heartfelt empathy and fear-… Continue reading Equifax: A study in accountability but not authority responsibility