Lucene search
+L

2577 matches found

CISA
CISA
added 2016/01/29 12:0 a.m.18 views

FTC Announces Enhancements to IdentityTheft.gov

The Federal Trade Commission FTC has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the...

6.7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2016/01/21 11:48 p.m.13 views

Samsung Get Sued for Failing to Update its Smartphones

One of the world's largest smartphone makers is being sued by the Dutch Consumers' Association DCA for its lack in providing timely software updates to its Android smartphones. This doesn't surprise me, though. The majority of manufacturers fail to deliver software updates for old devices for...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2015/10/19 12:8 p.m.10 views

BSIMM6 Data Shows Poor Health Care Software Security

The folks behind the Building Security in Maturity Model BSIMM, its sixth iteration available today, tout the project as an intersection between science and computer security. “It’s more like a science experiment that escaped the test tube,” said Gary McGraw, chief technology officer of Citigal,...

6.9AI score
Exploits0References6
ThreatPost
ThreatPost
added 2015/09/11 8:16 a.m.9 views

IOT Security Pits Regulators Against Market

CAMBRIDGE, Mass. – Listening to today’s privacy panel at the Security of Things Forum, you might have thought you were beamed back to the early 2000s: government people hinting that legislation might be the ultimate solution for security and privacy concerns when it comes to embedded computers an...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/08/24 2:20 p.m.27 views

Court Rules FTC Has Authority to Punish Wyndham Over Breaches

In the latest installment of a long and winding court case related to multiple data beaches at Wyndham Worldwide several years ago, an appellate court has upheld the authority of the Federal Trade Commission to punish the hotel chain for lax security practices that allegedly led to the breaches...

0.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/08/03 11:14 a.m.18 views

EFF, AdBlock and Others Launch New Do Not Track Standard

After years of discussions, disagreements, and digressions, the Do Not Track header is supported by all of the major browsers. But because there’s no real requirement for sites or advertisers to respect it, DNT is not as effective as it could be. Now, the EFF, Disconnect, and several other...

6.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/06/24 10:53 a.m.12 views

Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates

A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services. The potential change comes in the form of a document from a working group of the Generic Names Supporting...

1.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/05/22 10:18 a.m.15 views

Android Factory Reset Improper Sanitization Exposes Data

The churn of Android devices, whether older smartphones being traded in or sold online, makes device sanitization imperative. The native feature in the OS, however, may not be doing as thorough a job as advertised. A paper, “Security Analysis of Android Factory Resets” pdf, published by Ross...

7.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/05/20 12:0 a.m.32 views

Debian Security Advisory DSA 3265-1 (zendframework - security update)

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154 , all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some...

7.5CVSS0.4AI score0.02802EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2015/04/01 10:54 a.m.12 views

Multicast DNS Vulnerability Could Lead to DDOS Amplification

The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks. “I...

0.9AI score
Exploits0References5
myhack58
myhack58
added 2015/02/12 12:0 a.m.39 views

BMW security vulnerability details: the ancient Bole to identify a good horse, today there are hackers escapement BMW-vulnerability warning-the black bar safety net

ADAC whole German automobile club want to in-depth understanding of embedded mobile network modem of the car to the manufacturer to send data. C't German computer technology magazine for the ADAC introduced a security expert. The expert in-depth analysis of the BMW ConnectedDrive system the data...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2015/02/10 11:17 a.m.18 views

Markey Car Security Report Just the Start for Automakers

This may come as a surprise to one of you, but it turns out that computers and, by extension, things that contain computers, are vulnerable to attackers. That includes cars, something that the United States government has now discovered, and Sen. Edward Markey is now warning consumers that...

0.1AI score
Exploits0References3
0day.today
0day.today
added 2015/02/05 12:0 a.m.53 views

Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by...

9.3CVSS0.7AI score0.16784EPSS
Exploits6
ThreatPost
ThreatPost
added 2015/02/03 1:44 p.m.12 views

White House Creates Cyber Governance Unit Within OMB

With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money. The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and...

6.8AI score
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2015/02/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before...

9.3CVSS5.8AI score0.26816EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2015/01/27 1:8 p.m.14 views

House Takes First Steps on Federal Data Breach Law

The House Subcommittee on Commerce, Manufacturing and Trade today held its first hearing of the 114th Congress in order to begin work on developing federal data breach legislation. Pre-hearing memos suggested that any data breach notification law would be primarily concerned with protecting...

6.7AI score
Exploits0References4
ThreatPost
ThreatPost
added 2015/01/12 1:55 p.m.9 views

President Proposes National Breach Notification Standard

Lacking precious detail, President Obama today proposed a national data breach notification standard, legislation that would mandate breached companies notify affected consumers inside of 30 days. The national law would supersede the current collection of state laws that govern notification...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/07 3:54 p.m.7 views

FTC Urges IoT Privacy, Security at Consumer Electronics Show

In her keynote address yesterday at the Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez imagined the dystopic convergence of big data conglomerates and a ceaseless information gathering machine fueled by the constant connectivity ushered in by the so-call...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/12/18 12:23 p.m.10 views

Misfortune Cookie Home Router Vulnerability Discovered

More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man-in-the-middle position on traffic going to and from home routers from just about every leading manufacturer. Mostly ISP-owned residential gateways manufactured...

7.4AI score
Exploits0References4
Cvelist
Cvelist
added 2014/12/16 6:0 p.m.28 views

CVE-2014-4936

The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...

7.2AI score0.16784EPSS
Exploits6References2
Rows per page
Query Builder