BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Australia's Intelligence Agency Publishes its Vulnerability Disclosure Process

view counter
The Australian Signals Directorate (ASD), Australia's intelligence agency responsible for foreign signals intelligence, has joined America's NSA and the UK's GCHQ in publishing an account of its vulnerabilities disclosure process. All...
Continue reading
  0 Comments
0 Comments

Beto O'Rourke 'Mortified' Over Articles Written as Teen Member of Cult of the Dead Cow Hacker Group

view counter
Democratic presidential candidate Beto O’Rourke expressed regret Friday over writings he contributed as a teenage member of the Cult of the Dead Cow hacker group. “I’m mortified to read it now,...
Continue reading
  0 Comments
0 Comments

Dragos Acquires NexDefense, Releases Free ICS Assessment Tools

view counter
Industrial cybersecurity firm Dragos on Monday announced the acquisition of NexDefense, a company that specializes in visibility technology for industrial control systems (ICS), and the launch of free ICS security assessment...
Continue reading
  0 Comments
0 Comments

Ukraine Ready to Take on Russian Election Hackers

view counter
At the headquarters of Ukraine's SBU security service more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month's...
Continue reading
  0 Comments
0 Comments

EU to Slap Google With Fresh Fine: Sources

view counter
The EU's anti-trust regulator is to slap tech giant Google with a new fine over unfair competition practices, sources told AFP on Friday. Brussels has targeted the Silicon Valley firm's AdSense...
Continue reading
  0 Comments
0 Comments

Google Took Down 2.3 Billion Bad Ads in 2018

view counter
Google this week revealed that it took down 2.3 billion bad ads last year, including 58.8 million phishing ads. The ads were taken down for violations of both new and existing...
Continue reading
  0 Comments
0 Comments

E-Commerce Company Gearbest Leaked User Information

Gearbest statement on data leak
view counter
Chinese e-commerce company Gearbest has failed to properly secure some of its databases, thus leaking users’ personally identifiable information (PII), VPNMentor’s researchers have discovered. Gearbest has downplayed the impact of the...
Continue reading
  0 Comments
0 Comments

China Does Not Ask Firms to Spy on Others: Premier

view counter
China will "never" ask its firms to spy on other nations, Premier Li Keqiang said Friday, amid US warnings that Chinese telecommunications behemoth Huawei poses security risks. The United States has...
Continue reading
  0 Comments
0 Comments

Hackers Bypass MFA on Cloud Accounts via IMAP Protocol

view counter
Over the past several months, threat actors have been increasingly targeting Office 365 and G Suite cloud accounts that are using the legacy IMAP protocol, in an attempt to bypass multi-factor...
Continue reading
  0 Comments
0 Comments

Uncovering the Data Security Triad

Data Security Triad
view counter
Data Must be Protected as it Exists at All Points in the Processing Lifecycle Data is often an organization’s largest and most valuable asset, making it a prime target for all...
Continue reading
  0 Comments
0 Comments

Recently Patched WinRAR Flaw Exploited in APT Attacks

view counter
A recently patched WinRAR vulnerability has been exploited by several threat groups, including advanced persistent threat (APT) actors. The flaw, tracked as CVE-2018-20250, impacts the unacev2.dll library used by WinRAR for...
Continue reading
  0 Comments
0 Comments

G Suite Admins Can Now Disable Phone 2-SV

view counter
Google is making G Suite accounts more secure by allowing administrators to remove phone-based 2-step verification (2-SV) from the available multi-factor verification options. With the new policy in place, admins enforcing...
Continue reading
  0 Comments
0 Comments

Leading Israeli Candidate for PM Targeted by Iranian Hackers

Israeli PM candidate targeted by Iranian hackers
view counter
The campaign of a former Israeli military chief who is a leading challenger to Prime Minister Benjamin Netanyahu in his tight race for re-election says the candidate has been targeted by...
Continue reading
  0 Comments
0 Comments

Details of Actively Exploited Windows Flaw Made Public

view counter
Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has...
Continue reading
  0 Comments
0 Comments

NATO Takes Huawei Security Concerns Seriously: Stoltenberg

view counter
Security concerns about the role of Huawei in Western 5G telecom infrastructure are to be taken seriously, the head of NATO said Thursday, as Washington steps up pressure on Europe not...
Continue reading
  0 Comments
0 Comments

WordPress 5.1.1 Patches Remote Code Execution Vulnerability

view counter
WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.  The vulnerability impacts the manner in which comments are filtered...
Continue reading
  0 Comments
0 Comments

Code Execution Flaw Found in Sonatype Nexus Repository Manager

view counter
A critical remote code execution vulnerability has been found and patched in Sonatype’s Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. The flaw, tracked...
Continue reading
  0 Comments
0 Comments

U.S. Senators Want Transparency on Senate Cyberattacks

view counter
U.S. Senators Ron Wyden and Tom Cotton believe all senators should receive information on successful cyberattacks aimed at the Senate. In a letter sent this week to the U.S. Senate Sergeant...
Continue reading
  0 Comments
0 Comments

US Warns of Sophisticated Cyberattacks From Russia, China

view counter
Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee...
Continue reading
  0 Comments
0 Comments

Default Account in Cisco CSPC Allows Unauthorized Access

view counter
Cisco on Wednesday informed customers that updates released for its Cisco Common Services Platform Collector (CSPC) software address a critical vulnerability. Cisco CSPC is an SNMP-based tool that collects information from...
Continue reading
  0 Comments
0 Comments