How to steal a million (of your data)

By GIXnews

Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or services, and, if the desire or opportunity is…

Roon Labs’ Nucleus music server review: Exquisite hardware for exceptional software

By GIXnews

Roon Labs’ Roon music server software is is unparalleled in terms of its performance, its robust metadata support, and its flexibility. You can integrate any AirPlay, Chromecast, or native Roon RAAT (Roon Advanced Audio Transport) speakers and other audio gear for multi-room streaming. The high-end music-streaming services Tidal and Qobuz have integrated Roon so their…

Mozilla to add password manager, hack alert to Firefox 70

By GIXnews

Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22. At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack. [ Further reading: 14 must-have…

Guide to top security certifications

By GIXnews

Cyberattacks against enterprise networks are on the rise, and the bad guys, from solo actors all the way up to nation states, show no signs of easing up anytime soon. As the cost of a data breach keeps increasing, companies are spending more money on security, resulting in tons of unfilled security positions. So, what…

Plusnet Shamed for Q1 2019 UK Broadband and Phone Complaints

By GIXnews

A new report from Ofcom has revealed that Plusnet attracted the most UK consumer complaints for fixed line broadband and phone in Q1 2019, while Vodafone attracted the most gripes for Mobile and TalkTalk for Pay TV services. On the flip side Sky Broadband (Sky TV) and EE generated the fewest fixed line moans. The…

Equifax to Pay up to $700 Million in 2017 Data Breach Settlement

By GIXnews

Equifax, one of the three largest credit-reporting firms in the United States, has to pay up to $700 million in fines to settle a series of state and federal investigations into the massive 2017 data breach that exposed the personal and financial data of nearly 150 million Americans—that’s almost half the country. According to an…

Government Creates Security Framework for the UK Telecoms Sector

By GIXnews

The Government has concluded its Telecoms Supply Chain Review and plans to establish new Telecoms Security Requirements, which will be underpinned by a legislative framework that hands stronger enforcement powers to Ofcom in order to “protect” UK full fibre (FTTP) broadband and 5G networks from threats. But no decision on Huawei. At the root of…

Introducing AI-Driven Social Media Dashboard

By GIXnews

AI-Driven Social Media Dashboard is a solution that monitors and ingests specified tweets using stream processing and leverages a serverless architecture and machine learning services to translate and extract insights from those tweets. The solution is easy to deploy and contains a data lake you can use to quickly and easily perform additional analytics on…

Jenkins core/src/main/java/hudson/model/FileParameterValue.java Path Traversal Vulnerability

By GIXnews

A vulnerability in the core/src/main/java/hudson/model/FileParameterValue.java code of Jenkins could allow an authenticated, remote attacker to write arbitrary files on a targeted system. The vulnerability exists because the affected software could allow a file parameter definition to be defined outside the intended directory. An attacker with Job and Configure permissions could exploit this vulnerability by specifying…

Jenkins Stapler Web Framework Bypass Vulnerability

By GIXnews

A vulnerability in the Jenkins Stapler Web Framework could allow an authenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to improper security restrictions when accessing view fragments by the affected software. An attacker with user permissions could exploit this vulnerability by using plugins on the targeted system. A…

Linux Kernel parse_hid_report_descriptor Out-of-Bounds Write Vulnerability

By GIXnews

A vulnerability in the Linux Kernel could allow a local attacker to cause an out-of-bounds write condition on a targeted virtual host system. The vulnerability exists in the parse_hid_report_descriptor function, as defined in the drivers/input/tablet/gtco.c source code file of the affected software. An attacker with local access could exploit this vulnerability by inserting a malicious…

Wireshark ASN.1 BER Dissector Denial of Service Vulnerability

By GIXnews

A vulnerability in the Abstract Syntax Notation One (ASN.1) Basic Encoding Rules (BER) dissector component of Wireshark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists because the epan/asn1.c source code file of the affected software does not properly restrict buffer increments. An…

ClusterLabs libqb Predictable Filenames Arbitrary File Overwrite Vulnerability

By GIXnews

A vulnerability in ClusterLabs libqb could allow a local attacker to overwrite arbitrary files on a targeted system. The vulnerability exists because the affected software uses predictable filenames under the /dev/shm and /temp directories. In addition, the O_EXCL flag is not used when opening files. An attacker could exploit this vulnerability by conducting a symlink…

ClusterLabs fence-agents Guest VM Comments Denial of Service Vulnerability

By GIXnews

A vulnerability in ClusterLabs fence-agents could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper handling of non-ASCII characters in a guest VM’s comment or other fields by the affected software. An attacker could exploit this vulnerability by including non-ASCII characters…

Hackers Exploit Recent WordPress Plugin Bugs for Malvertising

By GIXnews

An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence’s Defiant Threat Intelligence team​​​​​​​. […] Source:: BleepingComputer

Windows 10 1809 Cumulative Update KB4505658 Released With Fixes

By GIXnews

Microsoft has released a new cumulative update for Windows 10 version 1809 that fixes numerous bugs including one that would crash Internet Explorer when dragging tabs and one that prevented newly installed applications from showing up in Windows search results. […] Source:: BleepingComputer