The Daily Ledger 11/22/2019 Edition:

Official Monero site delivers malicious cash-grabbing wallet

By Lisa Vaas on Nov 21, 2019 07:18 am

If you downloaded the Monero command line wallet recently, check it before using it.

Popular Apps on Google Play Store Remain Unpatched

By Elizabeth Montalbano on Nov 21, 2019 07:05 am

Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update.

As Retailers Prepare for the Holiday Season, So Do Cybercriminals

By Jai Vijayan Contributing Writer on Nov 20, 2019 07:00 pm

Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.

Senior DHS cyber official Jeanette Manfra to step down

By Sean Lyngaas on Nov 20, 2019 06:25 pm

Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined […]

The post Senior DHS cyber official Jeanette Manfra to step down appeared first on CyberScoop.

What's in a WAF?

By Sara Peters Senior Editor at Dark Reading on Nov 20, 2019 06:00 pm

Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.

Tories change Twitter name to ‘factcheckUK’ during live TV debate

By Lisa Vaas on Nov 20, 2019 05:12 pm

Twitter wagged its finger at the UK's Conservative party for renaming its press account "factcheckUK" during a live TV debate.

Security Firms, Nonprofits Team to Fight Stalkerware

By Tara Seals on Nov 20, 2019 05:00 pm

The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.

Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis

By Robert Lemos Contributing Writer on Nov 20, 2019 04:52 pm

Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.

Google Cloud Update Gives Users Greater Data Control

By Dark Reading Staff on Nov 20, 2019 04:50 pm

External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.

Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor

By Lindsey O'Donnell on Nov 20, 2019 04:04 pm

In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.

Apache Solr Bug Gets Bumped Up to High Severity

By Tom Spring on Nov 20, 2019 02:41 pm

Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.

Employee Privacy in a Mobile Workplace

By Michael J. Covington Vice President of Product Strategy at Wandera on Nov 20, 2019 02:00 pm

Why businesses need guidelines for managing their employees' personal information -- without compromising on security.

Former White House CIO Shares Enduring Security Strategies

By Kelly Sheridan Staff Editor, Dark Reading on Nov 20, 2019 01:15 pm

Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.

Mozilla ups bug bounty rewards to $15,000 on critical sites

By Jeff Stone on Nov 20, 2019 12:31 pm

Bug bounty researchers probing for vulnerabilities in Mozilla software now will be tempted with more cash after the browser-maker doubled most of its rewards and expanded the list of targets. In a blog post Tuesday, Mozilla said it’s marking the 15-year anniversary of its Firefox browser by dedicating a higher budget to its bounty program. Rewards for critical, core and other Mozilla sites are doubled, while remote code-execution vulnerabilities now are worth up to $15,000 on critical sites. Meanwhile, Mozilla also is asking researchers to try hacking its Autograph cryptography service, its Lando code repository tool, the Phabricator, which reviews code changes in Firefox, and Taskcluster, the framework for continuous integration, among others. “We hope the new sites and increased payments will encourage [researchers] to have another look at our sites and help us keep them safe for everyone who uses the web,” Simon Bennetts, a security automation engineer, said […]

The post Mozilla ups bug bounty rewards to $15,000 on critical sites appeared first on CyberScoop.

High-Severity Windows UAC Flaw Enables Privilege Escalation

By Lindsey O'Donnell on Nov 20, 2019 12:20 pm

Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.

ThreatList: Admin Rights for Third Parties is the Norm

By Tara Seals on Nov 20, 2019 12:00 pm

The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.

Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments

By Alex Wawro, Special to Dark Reading on Nov 20, 2019 12:00 pm

Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.

Why Multifactor Authentication Is Now a Hacker Target

By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit on Nov 20, 2019 10:00 am

SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.

Consumer watchdog says Equifax settlement 'flunks' fairness test

By Jeff Stone on Nov 20, 2019 09:33 am

As a court weighs the proposed class action settlement stemming from Equifax’s 2017 data breach, an independent legal watchdog is saying the agreement fails to treat victims equally. The nonprofit Center for Class Action Fairness, which advocates on behalf of consumers involved in class action suits, said in a court filing Tuesday the Equifax settlement — which proponents value at $700 million — “flunks” federal requirements for fairness and adequacy. This is the same agreement that Equifax said would include up to $425 million for customers who were affected by the data breach, which compromised information about 147 million Americans. After suggesting individual customers could be paid up t o $125 under certain conditions or accept free credit monitoring, Equifax introduced new requirements forcing Americans to prove they had credit monitoring in place at the time of the breach, otherwise they would be paid nothing. The terms of the deal could result in […]

The post Consumer watchdog says Equifax settlement 'flunks' fairness test appeared first on CyberScoop.

Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online

By Elizabeth Montalbano on Nov 20, 2019 09:03 am

The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.

Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones

By Dark Reading Staff on Nov 20, 2019 09:00 am

Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.

Recent Articles:

Update WhatsApp now: MP4 video bug exposes your messages
Instagram stalker app Ghosty yanked from Play store
XSS security hole in Gmail’s dynamic email
Large layoffs and reorg to hit silicon valley soon
Adobe Acrobat and Reader 2015 reach end of support
Copyright © 2019 Box Jump LLC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list