ATENTIONβΌ New - CVE-2019-12522
π Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12521
π Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.π Read
via "National Vulnerability Database".
π΄ New Malware Family Assembles IoT Botnet π΄
π Read
via "Dark Reading: ".
'Mozi' combines code from three previously known IoT malware.π Read
via "Dark Reading: ".
Dark Reading
New Malware Family Assembles IoT Botnet
'Mozi' combines code from three previously known IoT malware.
ATENTIONβΌ New - CVE-2019-12520
π Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12519
π Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.π Read
via "National Vulnerability Database".
β Update now! Windows zero-day flaws fixed in Patch Tuesday β
π Read
via "Naked Security".
...and there are fixes for Adobe, Oracle and Intel products too. Go get your updates!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β βDouble Extortionβ Ransomware Attacks Spike β
π Read
via "Threatpost".
More ransomware operators are setting up pages where they threaten to publish compromised data from victims - an added pressure for victims to pay the ransom.π Read
via "Threatpost".
Threat Post
βDouble Extortionβ Ransomware Attacks Spike
More ransomware operators are setting up pages where they threaten to publish compromised data from victims - an added pressure for victims to pay the ransom.
β 49 malicious Chrome extensions caught pickpocketing crypto wallets β
π Read
via "Naked Security".
They were posing as crypto wallets in order to rip off users' private keys and mnemonic phrases and drain real wallets. Google's yanked them.π Read
via "Naked Security".
Naked Security
49 malicious Chrome extensions caught pickpocketing crypto wallets
They were posing as crypto wallets in order to rip off usersβ private keys and mnemonic phrases and drain real wallets. Googleβs yanked them.
π΄ Which InfoSec Jobs Will Best Survive a Recession? π΄
π Read
via "Dark Reading: ".
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?π Read
via "Dark Reading: ".
Dark Reading
Which InfoSec Jobs Will Best Survive a Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a cost center. Are infosec careers vulnerable now?
ATENTIONβΌ New - CVE-2019-14009
π Read
via "National Vulnerability Database".
Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130π Read
via "National Vulnerability Database".
β S2 Ep35: TikTok woes, sextortion scams and passwords vs. single sign-on β Naked Security Podcast β
π Read
via "Naked Security".
We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!π Read
via "Naked Security".
Naked Security
S2 Ep35: TikTok woes, sextortion scams and passwords vs. single sign-on β Naked Security Podcast
We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!
ATENTIONβΌ New - CVE-2019-14007
π Read
via "National Vulnerability Database".
Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14001
π Read
via "National Vulnerability Database".
Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10625
π Read
via "National Vulnerability Database".
Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150π Read
via "National Vulnerability Database".
β Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report β
π Read
via "Threatpost".
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.π Read
via "Threatpost".
Threat Post
Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.
π΄ 5 Things Ransomware Taught Me About Responding in a Crisis π΄
π Read
via "Dark Reading: ".
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.π Read
via "Dark Reading: ".
Dark Reading
5 Things Ransomware Taught Me About Responding in a Crisis
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
ATENTIONβΌ New - CVE-2019-10624
π Read
via "National Vulnerability Database".
While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10623
π Read
via "National Vulnerability Database".
Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, Rennell, SC8180X, SDA845, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10622
π Read
via "National Vulnerability Database".
Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10621
π Read
via "National Vulnerability Database".
Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10620
π Read
via "National Vulnerability Database".
Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, MSM8996AU, QCN7605, SDM439, SDX24, SM8150π Read
via "National Vulnerability Database".