Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along...

How Facebook Tracks Non-Users via Android Apps

LEIPZIG, GERMANY – If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest. Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking an...

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...

CentOS 7 : sos-collector (CESA-2018:3663)

An update for sos-collector is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Shamoon Returns to Wipe Systems in Middle East, Europe

ARCHIVED STORY Shamoon Returns to Wipe Systems in Middle East, Europe By Alexandre Mundo · December 14, 2018 Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive...

Top 5 Threat Hunting Myths: “Threat Hunting Is Too Complicated”

The cybersecurity landscape is in a constant state of change and, as many organizations have learned, it’s no longer a matter of if you’ll face a cyberattack, but when. In today’s world, attackers intentionally look normal to evade automated defenses. With the rise of ransomware, fileless and...

Oracle Linux 7 : sos-collector (ELSA-2018-3663)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3663 advisory. 1.5-3.0.1 - To recognize OL systemOraBug 28807430 - import os module to detect /etc/redhat-release OraBug 28740046 1.5-3 - Resolve race condition in cluster...

Moderate: Red Hat Security Advisory: sos-collector security update

An update for sos-collector is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : sos-collector (RHSA-2018:3663)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3663 advisory. sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it c...

The vulnerability of the syntactic analyzer in LQS files of data collection and process automation monitoring tools like LAquis SCADA allows a perpetrator to execute arbitrary code.

The vulnerability of the LQS syntax analyzer in data collection files and in the LAquis SCADA system for process automation control is related to buffer overflow in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the syntactic analyzer in LQS files of data collection and process automation monitoring tools like LAquis SCADA allows a perpetrator to execute arbitrary code.

The vulnerability of the LQS syntax analyzer in data collection files and in LAquis SCADA, a tool for industrial automation control, is related to the use of pointers. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the syntactic analyzer in LQS files of data collection and process automation monitoring tools like LAquis SCADA allows a perpetrator to execute arbitrary code.

The vulnerability of the data collection and industrial automation control tool LAquis SCADA is related to insufficient verification of the name of the path to the catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary codes remotely...

The vulnerability of the LAquis SCADA data collection and process control tool, related to buffer overflow in memory, allows a intruder to execute arbitrary code.

The vulnerability of the data collection and industrial automation control tool LAquis SCADA is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

General Motors collected location & radio listening habits data of 90,000 drivers

By Waqas The listening habits of around 90,000 drivers of General Motors in Chicago and Los Angeles were monitored by the company for three months in 2017 under its radio-tracking program. The Detroit Free Press reported later released a report that General Motors was involved in targeted...

Are the Police Using Smart-Home IoT Devices to Spy on People?

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third party the manufacture...

BloodHound Ingestor

This module will execute the BloodHound C Ingestor aka SharpHound to gather sessions, local admin, domain trusts and more. With this information BloodHound will easily identify highly complex attack paths that would otherwise be impossible to quickly identify within an Active Directory environmen...

The 4 Core Pillars of Endpoint Security

Cb Connect is always an exciting time for me. At Cb Connect 2017, we unveiled our vision for the Cb Predictive Security Cloud PSC. Over the past year, this platform has expanded and grown to provide better prevention, detection and response for our global customers. Today, at CbConnect18, we...

Adding Cb ThreatHunter to the Cb Predictive Security Cloud (PSC)

This is another big day for Carbon Black. Earlier, we announced Cb ThreatHunter, our newest offering on the Cb Predictive Security Cloud PSC, which delivers powerful threat hunting and incident response IR capabilities to the platform. The announcement of Cb ThreatHunter, which will be the fourth...

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure

FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected firmware version: V1.01-0bb5b27 TrafiOne Codename: TrafiOne E1.00.09 TI BPL2 EDGE Codename: TIIP4EDGE V1.02.P01 TI x-stream Codename: TIIP2 V1.05.P01 ThermiC...

The vulnerability of the Intel Computing Improvement Program’s data collection tool, caused by privilege management errors, allows a perpetrator to execute arbitrary code with administrator privileges.

The vulnerability of the Intel Computing Improvement Program’s data collection tool is caused by privilege management errors. Exploiting this vulnerability could allow a attacker to execute arbitrary code with administrator privileges...