ATENTIONβΌ New - CVE-2019-10552
π Read
via "National Vulnerability Database".
Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10550
π Read
via "National Vulnerability Database".
Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10549
π Read
via "National Vulnerability Database".
Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10546
π Read
via "National Vulnerability Database".
Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10526
π Read
via "National Vulnerability Database".
Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11838
π Read
via "National Vulnerability Database".
Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20π Read
via "National Vulnerability Database".
β Facebook: No, we are not killing Libra β
π Read
via "Naked Security".
Facebook denies that it's cringing away from its virtual currency plans due to the fact that regulators loathe it.π Read
via "Naked Security".
Naked Security
Facebook: No, we are not killing Libra
Facebook denies that itβs cringing away from its virtual currency plans due to the fact that regulators loathe it.
β High-Severity Cisco Webex Flaws Fixed β
π Read
via "Threatpost".
The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.π Read
via "Threatpost".
Threat Post
High-Severity Cisco Webex Flaws Fixed
The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.
π΄ Advanced Tech Needs More Ethical Consideration & Security π΄
π Read
via "Dark Reading: ".
Unintended consequences and risks need board-level attention and action.π Read
via "Dark Reading: ".
Darkreading
Advanced Tech Needs More Ethical Consideration & Security
Unintended consequences and risks need board-level attention and action.
π SQLMAP - Automatic SQL Injection Tool 1.4.3 π
π Go!
via "Security Tool Files β Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Businesses should be texting customers, but with cybersecurity in mind π
π Read
via "Security on TechRepublic".
Consumers now expect businesses to communicate via text, but there are ways to do it securely without using a smartphone.π Read
via "Security on TechRepublic".
TechRepublic
Businesses should be texting customers, but with cybersecurity in mind
Consumers now expect businesses to communicate via text, but there are ways to do it securely without using a smartphone.
π Mimecast tracks Malware-as-a-Service trend in analysis of 202 billion emails π
π Read
via "Security on TechRepublic".
Software security company identified 92 billion malicious mails in Q4 and a spike in Emotet and ransomware.π Read
via "Security on TechRepublic".
TechRepublic
Mimecast tracks Malware-as-a-Service trend in analysis of 202 billion emails
Software security company identified 92 billion malicious mails in Q4 and a spike in Emotet and ransomware.
π Coronavirus adds uncertainty and cost to tech company supply chains π
π Read
via "Security on TechRepublic".
Just-in-time manufacturing and low inventory levels mean even a short disruption can cause business interruptions.π Read
via "Security on TechRepublic".
TechRepublic
Coronavirus adds uncertainty and cost to tech company supply chains
Just-in-time manufacturing and low inventory levels mean even a short disruption can cause business interruptions.
π΄ Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover π΄
π Read
via "Dark Reading: ".
The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.π Read
via "Dark Reading: ".
Darkreading
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover
The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.
π΄ Search Engine Aims to Make Dark Markets More Accessible π΄
π Read
via "Dark Reading: ".
Two years after the administrator of the Grams search engine shuttered the service, another search engine for finding questionable and illegal goods on the Dark Web has opened up shop.π Read
via "Dark Reading: ".
Dark Reading
Search Engine Aims to Make Dark Markets More Accessible
Two years after the administrator of the Grams search engine shuttered the service, another search engine for finding questionable and illegal goods on the Dark Web has opened up shop.
π Americans worry more about identity theft than being murdered π
π Read
via "Security on TechRepublic".
A study finds that ID fraud is a greater concern than murder for 47% of Americans.π Read
via "Security on TechRepublic".
TechRepublic
Americans worry more about identity theft than being murdered
A study finds that ID fraud is a greater concern than murder for 47% of Americans.
π΄ 6 Steps CISOs Should Take to Secure Their OT Systems π΄
π Read
via "Dark Reading: ".
The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.π Read
via "Dark Reading: ".
Dark Reading
6 Steps CISOs Should Take to Secure Their OT Systems
The first question each new CISO must answer is, What should I do on Monday morning? My suggestion: Go back to basics. And these steps will help.
π How to maintain safe cybersecurity practices while transitioning workers from the office to remote workstations π
π Read
via "Security on TechRepublic".
With the spread of coronavirus, businesses are increasingly asking staff to work from home. We asked experts how to keep cybersecurity policies in place.π Read
via "Security on TechRepublic".
TechRepublic
How to maintain safe cybersecurity practices while transitioning workers from the office to remote workstations
With the spread of coronavirus, businesses are increasingly asking staff to work from home. We asked experts how to keep cybersecurity policies in place.
π΄ Poll: Strengthening Security ... by Easing Security? π΄
π Read
via "Dark Reading: ".
If security measures were made easier for end users, would your organization be more secure?π Read
via "Dark Reading: ".
Dark Reading
Poll: Strengthening Security ... by Easing Security?
If security measures were made easier for end users, would your organization be more secure?
π Digital Guardian's Data Protection Platform Rated Five Stars, Named A "Best Buy" by SC Magazine π
π Read
via "Subscriber Blog RSS Feed ".
SC Labs' review highlights the visibility provided by the solution, its ability to identify, tag, and fingerprint sensitive data, and provide insider/external threat protection.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Digital Guardian's Data Protection Platform Rated Five Stars, Named A "Best Buy" by SC Magazine
SC Labs' review highlights the visibility provided by the solution, its ability to identify, tag, and fingerprint sensitive data, and provide insider/external threat protection.
β Chris Eng: Patch Management Challenges Drive βSecurity Debtβ β
π Read
via "Threatpost".
Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.π Read
via "Threatpost".
Threat Post
Chris Eng: Patch Management Challenges Drive βSecurity Debtβ
Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.