ATENTION‼ New - CVE-2016-11033
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11032
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11031
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11030
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11029
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11028
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11027
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11026
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11025
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).📖 Read
via "National Vulnerability Database".
🔐 Experts question abrupt decision by New York City to ban Zoom from use in all public schools 🔐
📖 Read
via "Security on TechRepublic".
The hotly debated move does little to address underlying issues many teachers and parents are having with the platform and other tools, educators say.📖 Read
via "Security on TechRepublic".
TechRepublic
Experts question abrupt decision by New York City to ban Zoom from use in all public schools
The hotly debated move does little to address underlying issues many teachers and parents are having with the platform and other tools, educators say.
🕴 The Coronavirus & Cybersecurity: 3 Areas of Exploitation 🕴
📖 Read
via "Dark Reading: ".
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.📖 Read
via "Dark Reading: ".
Dark Reading
The Coronavirus & Cybersecurity: 3 Areas of Exploitation - Dark Reading
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.
ATENTION‼ New - CVE-2017-18647
📖 Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).📖 Read
via "National Vulnerability Database".
🔏 NYDFS Postpones Cybersecurity Certification of Compliance Deadline 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
The New York Department of Financial Services has extended its usual April 15 cybersecurity Certification of Compliance deadline for entities experiencing issues arising from COVID-19📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NYDFS Postpones Cybersecurity Certification of Compliance Deadline
The New York Department of Financial Services has extended its usual April 15 cybersecurity Certification of Compliance deadline for entities experiencing issues arising from COVID-19
🕴 Mature DevOps Teams Are Secure DevOps Teams 🕴
📖 Read
via "Dark Reading: ".
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.📖 Read
via "Dark Reading: ".
Dark Reading
Mature DevOps Teams Are Secure DevOps Teams
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
🕴 How Do I Make Sure My Work-From-Home Users Install Updates? 🕴
📖 Read
via "Dark Reading: ".
Most enterprise endpoint solutions will support policies to enforce recommended updates.📖 Read
via "Dark Reading: ".
Dark Reading
How Do I Make Sure My Work-From-Home Users Install Updates?
Most enterprise endpoint solutions will support policies to enforce recommended updates.
ATENTION‼ New - CVE-2015-9545
📖 Read
via "National Vulnerability Database".
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-9544
📖 Read
via "National Vulnerability Database".
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-7488
📖 Read
via "National Vulnerability Database".
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.📖 Read
via "National Vulnerability Database".
❌ Serious Exchange Flaw Still Plagues 350K Servers ❌
📖 Read
via "Threatpost".
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.📖 Read
via "Threatpost".
Threat Post
Serious Exchange Flaw Still Plagues 350K Servers
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.
🕴 The Edge Names 'Holy Cow' Cartoon Caption Winners 🕴
📖 Read
via "Dark Reading: ".
What can cows possibly have to do with cybersecurity?📖 Read
via "Dark Reading: ".
Dark Reading
The Edge
What can cows possibly have to do with cybersecurity?
🕴 Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates 🕴
📖 Read
via "Dark Reading: ".
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.📖 Read
via "Dark Reading: ".
Dark Reading
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.