RSS Trending Cyber News

  • Multiple vulnerabilities in Moodle
    Description. CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied data when displaying fatal error messages.
  • Now Twitter users can enable two-factor without linking a phone number
    Twitter has finally made a change users have been waiting a long time to see. No, it's not editable tweets, but as of today everyone can enable two-factor authentication on their account without linking a phone number. While SMS-based two-factor can be a fallback for people who lose access to....
  • Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
    Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other browsers susceptible.
  • 山东:2023年实现县级以上城区5G网络连续覆盖
    原标题:山东:2023年实现县级以上城区5G网络连续覆盖 来源:C114通信网 颜翊. C114讯 11月21日消息(颜翊)为加快5G产业发展,山东省政府办公厅发布了关于加快5G产业发展的实施意见。该意见提出,到2020年,山东将实现设区市城区有重点应用需求的区域5G网络连续覆盖,在全国率先实现5G规模商用。到2023年,实现县级以上城区5G网络连续覆盖,网络规模、用户规模、流量规模、5G行业应用、产业融合发展居全国前列。 按照规划,2019年,开展商用试验和选点部署,完成济南、青岛、烟台核心城区网络覆盖;2020年,完成市区政府机构、热门景点、大型场馆、交通枢纽等区域网络覆盖,主城区提供5G商....
  • SD-WAN恰逢其时,助力企业在5G时代实现数字化转型
    原标题:SD-WAN恰逢其时,助力企业在5G时代实现数字化转型 来源:通信世界全媒体. 通信世界网消息(CWW)当前数字化转型轰轰烈烈,不论是对大型企业,还是中小微企业来说,“上云”已经成为拥抱未来网络的必由之路。然而即使企业实现了100%的业务上云,他们仍然需要维护基础设施,以便为企业用户、远程办公室、远程工作者或零售站点访问云资源,SD-WAN恰逢其时地出现,让企业能以经济的方式可靠地访问这些资源。 因此,SD-WAN被认为是多云时代之后的企业刚需,SD-WAN极大促进云网融合,在成本上、灵活性上、可用性、可靠性等方面都有极大的提升。为推动SD-WAN产业的健康发展,助力 SD-WAN....
  • 投资者提问:请问公司有那些核心技术,在区块链和数字货币领域有那些技术优势,...
    感知中国经济的真实温度,见证逐梦时代的前行脚步。谁能代表2019年度商业最强驱动力?点击投票,评选你心中的“2019十大经济年度人物”。【 投资者提问: 请问公司有那些核心技术,在区块链和数字货币领域有那些技术优势,和成就,谢谢. 董秘回答( SZ300579): 答:尊敬的投资者您好,公司全面掌握电子认证领域相关技术,是行业技术创新的重要参与者。公司是国内为数不多的既可以保障用户信息系统可靠运行,又可以保护业务可信开展,还可以保卫用户数字资产安全的综合性网络安全解决方案提供商,能结合客户业务信息系统特点,将公司自有产品、第三方信息系统和网络安全产品有效集成到用户业务系统中,为不同行业客户提....
  • El Corte Inglés obtiene 210 millones del BEI y el ICO para su digitalización
    El Corte Inglés logra fondos con unas condiciones muy favorables para dar un impulso a su transformación digital. El grupo de grandes almacenes selló ayer un acuerdo a diez años con el Banco Europeo de Inversiones (BEI) y el Instituto de Crédito Oficial (ICO) para obtener un total de 210 millones de euros.
  • Tech Tuesday: Holiday Travels
    Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense as you head over the river and through the woods to grandma’s house for the holidays. The kids are getting out of school this week, and you are packing your bags for the big trip to the in-laws.
  • #InfosecNA Interview: Frank Downs, Director Cybersecurity Practices, ISACA - Infosecurity Magazine
    Have you spotted any important trends at the show that surprised you? One of the pleasant surprises I encountered is a marked growth in the amount of discussions related to cyber-maturity. Cyber-maturity is a relatively new term used to describe an organization’s preparedness level.
  • InSecurity Podcast: Brian Haugli on Livin’ La Vida CISO
    at Ponemon, in a 24-month period, a business has a one-in-four chance of being hit with a significant security incident. A separate study shows that nearly 75% of businesses do not have an established incident response (IR) strategy that is applied consistently across their organization.

RSS Vulnerabilities

  • Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
    Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other browsers susceptible.
  • Sicurezza di WhatsApp a rischio per un bug sui file video Mp4
    Un bug sul codice dei file Mp4 permetterebbe agli hacker di iniettare malware nel sistema dell’app di messaggistica. Facebook ha rivelato l’esistenza di una grave vulnerabilità. Un altro rischio critico per la sicurezza di WhatsApp e dei suoi milioni di utenti su piattaforma Android, iOS e Windows .
  • MS16-137 - Important: Security Update for Windows Authentication Methods (3199173) - Version: 2.0
    ### Mitigating Factors Microsoft has not identified any [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability.
  • 8 Best Android Web Browsers
    Hunting down the best Android web browsers was naturally on your go-to list if you’ve just bought a device running on Google’s mobile OS or are fed up (for whatever reason) with the tools you’ve been using to surf the internet on it. While it takes some time getting used to wandering the virtual....
  • Actualice sus servidores Linux con Webmin, vulnerabilidad crítica detectada
    que ejecutan instalaciones Webmin sin actualizar se encuentran bajo una seria campaña de ataque que tiene como objetivo integrar las implementaciones comprometidas a una botnet conocida como Roboto. Durante su investigación, los especialistas lograron recolectar los módulos de bot y de descarga de....
  • Skype v8.x - History Export v7 Web Vulnerability
    Solution - Fix & Patch: ======================= The vulnerability can be resolved by escaping the output location with the name, author & message-body variables correctly to prevent malicious script code execution attacks like cross site scripting, extern redirect, download of malware from external....
  • Ubuntu update for DjVuLibre
    1) NULL pointer dereference. Severity: Low. CVSSv3: CVE-ID: CVE-2019-18804. CWE-ID: Description. CWE-476 - NULL Pointer Dereference The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to a NULL pointer dereference error in the function DJVU::filter_fv at IW44EncodeCodec.
  • Beware: Windows 10 update email is a ransomware trap
    Windows updates are a complicated matter. They’re essential to keep your system safe from hackers and security bugs, but Microsoft doesn’t exactly have the best track record for stable updates. Click or tap here to see how the last Windows update broke several PCs.
  • [Bug 1775293] CVE-2019-17531 jackson-databind: enabling default typing leads to code execution
    A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.
  • [Bug 1775340] CVE-2019-13723 chromium-browser: use-after-free in bluetooth
    Or login using a Red Hat Bugzilla account. CVE-2019-13723 chromium-browser: use-after-free in bluetooth. CVE-2019-13723 chromium-browser: use-after-free in bluetooth ....

RSS Threats and Incidents

  • Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
    Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other browsers susceptible.
  • Sicurezza di WhatsApp a rischio per un bug sui file video Mp4
    Un bug sul codice dei file Mp4 permetterebbe agli hacker di iniettare malware nel sistema dell’app di messaggistica. Facebook ha rivelato l’esistenza di una grave vulnerabilità. Un altro rischio critico per la sicurezza di WhatsApp e dei suoi milioni di utenti su piattaforma Android, iOS e Windows .
  • MS16-137 - Important: Security Update for Windows Authentication Methods (3199173) - Version: 2.0
    ### Mitigating Factors Microsoft has not identified any [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability.
  • 8 Best Android Web Browsers
    Hunting down the best Android web browsers was naturally on your go-to list if you’ve just bought a device running on Google’s mobile OS or are fed up (for whatever reason) with the tools you’ve been using to surf the internet on it. While it takes some time getting used to wandering the virtual....
  • Actualice sus servidores Linux con Webmin, vulnerabilidad crítica detectada
    que ejecutan instalaciones Webmin sin actualizar se encuentran bajo una seria campaña de ataque que tiene como objetivo integrar las implementaciones comprometidas a una botnet conocida como Roboto. Durante su investigación, los especialistas lograron recolectar los módulos de bot y de descarga de....
  • Skype v8.x - History Export v7 Web Vulnerability
    Solution - Fix & Patch: ======================= The vulnerability can be resolved by escaping the output location with the name, author & message-body variables correctly to prevent malicious script code execution attacks like cross site scripting, extern redirect, download of malware from external....
  • Ubuntu update for DjVuLibre
    1) NULL pointer dereference. Severity: Low. CVSSv3: CVE-ID: CVE-2019-18804. CWE-ID: Description. CWE-476 - NULL Pointer Dereference The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to a NULL pointer dereference error in the function DJVU::filter_fv at IW44EncodeCodec.
  • Beware: Windows 10 update email is a ransomware trap
    Windows updates are a complicated matter. They’re essential to keep your system safe from hackers and security bugs, but Microsoft doesn’t exactly have the best track record for stable updates. Click or tap here to see how the last Windows update broke several PCs.
  • [Bug 1775293] CVE-2019-17531 jackson-databind: enabling default typing leads to code execution
    A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.
  • [Bug 1775340] CVE-2019-13723 chromium-browser: use-after-free in bluetooth
    Or login using a Red Hat Bugzilla account. CVE-2019-13723 chromium-browser: use-after-free in bluetooth. CVE-2019-13723 chromium-browser: use-after-free in bluetooth ....

RSS Cyber Crime

  • Multiple vulnerabilities in Moodle
    Description. CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied data when displaying fatal error messages.
  • Now Twitter users can enable two-factor without linking a phone number
    Twitter has finally made a change users have been waiting a long time to see. No, it's not editable tweets, but as of today everyone can enable two-factor authentication on their account without linking a phone number. While SMS-based two-factor can be a fallback for people who lose access to....
  • Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
    Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other browsers susceptible.
  • Tech Tuesday: Holiday Travels
    Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense as you head over the river and through the woods to grandma’s house for the holidays. The kids are getting out of school this week, and you are packing your bags for the big trip to the in-laws.
  • #InfosecNA Interview: Frank Downs, Director Cybersecurity Practices, ISACA - Infosecurity Magazine
    Have you spotted any important trends at the show that surprised you? One of the pleasant surprises I encountered is a marked growth in the amount of discussions related to cyber-maturity. Cyber-maturity is a relatively new term used to describe an organization’s preparedness level.
  • U.S. Government Report Sheds New Light on Cyber Attacks
    In September 2018, the National Cyber Strategy was released, complete with the Presidential seal. The National Cyber Strategy is supposed to complement The Federal Information Security Modernization Act of 2014 - the intention of which was to reduce the impact of cyberattacks on American government agencies.
  • Truffe online durante il Black Friday, carte di credito in pericolo
    Un periodo dove lo shopping frenetico può portare a distrazioni fatali che potrebbero facilitare il lavoro degli hacker. Truffe online durante il Black Friday? Ci sono e sono pericolose. Quello delle truffe online sembra un discorso trito e ritrito ma non bisogna mai e poi mai abbassare la guardia .
  • Cybereason and Advens Partner to Bring New, Advanced Security Services to the French Market
    Cybereason, creators of the leading Cyber Defense Platform and Advens, one of France's most respected pure-players in Cybersecurity solutions and services, today announced a partnership to extend Advens’ security offering to protect joint customers from the ever-evolving set of attack vectors like....
  • Opodo Ltd Paypal Scam Emails Sent by Cybercriminals
    If you have received PayPal emails that claim you have authorized payment for Opodo Ltd, please do not click on the link or follow the instructions in the same emails. This is because the emails maybe fakes being sent by cybercriminals. The links in the fake emails go to a fake or phishing PayPal....
  • Tentative "massive" de phishing: des SMS frauduleux circulent au nom du SPF Finances
    Le SPF Finances a mis en garde jeudi contre une tentative " massive " de phishing (" hameconnage "). Des SMS frauduleux qui circulent actuellement demandent aux citoyens de rembourser une prétendue dette envers le service public fédéral. Or, ce dernier ne réclame jamais de paiement par SMS, souligne encore l'administration.
Digitpol to attend the The 2nd Europol-ENISA IoT Security Conference, the conference focuses on the...
Digitpol’s CEO Mr Martin Coyne attends the INTERPOL General Assembly in Beijing China Launch Tech...
CARPOL’s plenary meeting took place at Europol in The Hague, held under  the current Dutch Presidency of the Council of the EU. CARPOL is the network of EU law enforcement contact points for tackling cross-border vehicle crime, established based on the Council Decision 919/2004 of 17 December 2004. 
IAATI UK will play host to the National Vehicle Crime Seminar at the Holywell Park Conference Centre at Loughborough LE11 3GR, on Wednesday the 31st May & 1st June 2017; a day and a half event attracting senior practitioners, opinion formers, law enforcement, intuitive projects, vehicle examiners and a healthy cross section of key players from the plant, agricultural, haulage, leisure, salvage, I.T., insurance and motor manufacturer industries. Digitpol vehicle experts, partners and IAATI members attended the important event.