Blog | Cyberday.ai

Critical Remote Code Execution Bug Fixed in OpenBSD SMTP Server

A critical vulnerability in the free OpenSMTPD email server present in many Unix-based systems can be exploited to run shell commands with root privileges. [...]

Go to article at

15.5.2020

Unpatched Vulnerabilities

CA: Panama-Buena Vista School District ransomware attack will delay report cards

23ABC reports: The Panama-Buena Vista School District said that due to the recent ransomware attack, teachers will not be...

Go to article at

15.5.2020

Ransomware

Police Warn of Physical IT Risk from Malicious Contractors

Insiders at cleaning, decorating and other firms could access networks

Go to article at

15.5.2020

Supply Chain Attacks

Intel CSME bug is worse than previously thought

Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected.

Go to article at

15.5.2020

Unpatched Vulnerabilities

Belgian Data Protection Authority Releases Direct Marketing Recommendation

On February 10, 2020, the Belgian Data Protection Authority published its Recommendation on data processing activities for direct marketing purposes. The Recommendation aims to clarify the complex rules relating to processing personal data for direct marketing purposes. Continue Reading

Go to article at

15.5.2020

Illegal Personal Data Processing

Android malware can steal Google Authenticator 2FA codes

A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.

Go to article at

15.5.2020

Malware

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

While Microsoft Edge shares the same source code as the popular Chrome browser, it offers better privacy control for users. New research, though, indicates that it may have more privacy-invading telemetry than other browsers. [...]

Go to article at

15.5.2020

Violations of Data Subject Rights

When it comes to zero-day vulnerabilities, the best approach is preventative action

Zero-day vulnerabilities are software security flaws with the potential to be exploited by cybercriminals – they’re unintended flaws found in programs or operating systems that, if left unaddressed, create security holes that can and almost certainly will be exploited. The problem stems from the traditional software development and QA testing processes that fail to identify bugs and flaws that manifest in live usage. Static and dynamic testing, RASP, and vulnerability assessments all look for known problems or known fallible coding techniques which makes it difficult to identify zero-day vulnerabilities (which are, by definition, unknown.) Even using blue-green or canary staging approaches, software bugs may not be seen and will propagate, meaning the code or application problems caused by these flaws are pushed live, because that code is not tested with production traffic. Since the existing testing methodologies have trouble finding these critical zero-day vulnerabilities, other approaches are being tried, including advanced log analysis and bug bounty programs.

Go to article at

15.5.2020

Unpatched Vulnerabilities

New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc

Data Center Network Manager bugapalooza with three must-fix flaws Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager.…

Go to article at

15.5.2020

Unpatched Vulnerabilities

Weekly #cybersecurity digest to your inbox

🛡️ Cyberdigest: Most important documents in ISO 27001 audit 📑 Join our NIS2 & ISO 27001 webinars ➡️ Look into cyberthreat trends 👾

🛡️ Cyberdigest: 7 new frameworks! 🎉 Explore our ISO 27001 collection 📚 Malware & privacy news 📰

🛡️ Cyberdigest: Secure your passwords! 📝 DORA has come into effect 💰 News: data protection 🔐

Admin training (part 3/5): Risk management and security control implementation

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Admin training (part 4/5): Automating employee awareness, guidance and training

ISO 27001 (part 3/5): Certification audit fundamentals

Admin training (part 2/5): Framework selection and asset identification

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Become a Cyberday partner: Features, benefits and best practices

Cyberday Community has been launched!

ISO 27001 standard updated to 2022 version - what changed?

Efficient cyber risk management with new autopilot mode

Infographic: Why is cyber security getting more and more important?

Cyberday Teams app is now available!

Content update published to Cyberday

Cyberday launched: Frameworks, Teams-integration and much more

Critical Remote Code Execution Bug Fixed in OpenBSD SMTP Server

CA: Panama-Buena Vista School District ransomware attack will delay report cards

Police Warn of Physical IT Risk from Malicious Contractors

Intel CSME bug is worse than previously thought

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Android malware can steal Google Authenticator 2FA codes

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

When it comes to zero-day vulnerabilities, the best approach is preventative action

New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc

Get started today

How it works?

Use cases

Resources

Contact us

Weekly #cybersecurity digest to your inbox

🛡️ Cyberdigest: Most important documents in ISO 27001 audit 📑 Join our NIS2 & ISO 27001 webinars ➡️ Look into cyberthreat trends 👾

🛡️ Cyberdigest: 7 new frameworks! 🎉 Explore our ISO 27001 collection 📚 Malware & privacy news 📰

🛡️ Cyberdigest: Secure your passwords! 📝 DORA has come into effect 💰 News: data protection 🔐

Admin training (part 3/5): Risk management and security control implementation

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Admin training (part 4/5): Automating employee awareness, guidance and training

ISO 27001 (part 3/5): Certification audit fundamentals

Admin training (part 2/5): Framework selection and asset identification

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Become a Cyberday partner: Features, benefits and best practices

Cyberday Community has been launched!

ISO 27001 standard updated to 2022 version - what changed?

Efficient cyber risk management with new autopilot mode

Infographic: Why is cyber security getting more and more important?

Cyberday Teams app is now available!

Content update published to Cyberday

Cyberday launched: Frameworks, Teams-integration and much more

Critical Remote Code Execution Bug Fixed in OpenBSD SMTP Server

CA: Panama-Buena Vista School District ransomware attack will delay report cards

Police Warn of Physical IT Risk from Malicious Contractors

Intel CSME bug is worse than previously thought

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Android malware can steal Google Authenticator 2FA codes

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

When it comes to zero-day vulnerabilities, the best approach is preventative action

New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc

Stay up-to-date on cyber security

Subscribe for our free, weekly newsletter

* Your email won't be sold nor disclosed forward. Confirmation has more info. Learn more

Get started today

Pysy kärryillä digiturvasta

Tilaa Digiturvauutiset sähköpostiisi

* Osoitetta ei myydä tai luovuteta eteenpäin. Vahvistusviestissä lisätietoja. Lue lisää

How it works?

Use cases

Resources

Contact us