ATENTIONβΌ New - CVE-2019-14094
π Read
via "National Vulnerability Database".
Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14092 (mdm9206_firmware, mdm9207c_firmware, mdm9607_firmware, rennell_firmware, saipan_firmware, sm8150_firmware, sm8250_firmware, sxr2130_firmware)
π Read
via "National Vulnerability Database".
System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14091 (mdm9607_firmware, qcs405_firmware, rennell_firmware, saipan_firmware, sc8180x_firmware, sdx55_firmware, sm8150_firmware, sm8250_firmware, sxr2130_firmware)
π Read
via "National Vulnerability Database".
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14080
π Read
via "National Vulnerability Database".
Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14076
π Read
via "National Vulnerability Database".
Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14073
π Read
via "National Vulnerability Database".
Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14062
π Read
via "National Vulnerability Database".
Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14047
π Read
via "National Vulnerability Database".
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10626
π Read
via "National Vulnerability Database".
Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10597
π Read
via "National Vulnerability Database".
kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
β Twitter apologizes for leaking businessesβ financial data β
π Read
via "Naked Security".
Twitter emailed business clients to tell them that their financial data may have been seen by the uninvited.π Read
via "Naked Security".
Naked Security
Twitter apologizes for leaking businessesβ financial data
Twitter emailed business clients to tell them that their financial data may have been seen by the uninvited.
π΅ Report: Data from 10 online services in 156 countries reveals significant price discrimination π΅
π Read
via "VPNpro".
π Read
via "VPNpro".
VPNpro
Report: Data from 10 online services in 156 countries reveals significant price discrimination
Price discrimination revealed after comparing prices of 10 entertainment platforms in 156 countries. Check out the cheapest/priciest countries!
ATENTIONβΌ New - CVE-2019-20892
π Read
via "National Vulnerability Database".
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.π Read
via "National Vulnerability Database".
β Patch time! NVIDIA fixes kernel driver holes on Windows and Linux β
π Read
via "Naked Security".
Kernel driver bugs often let crooks take over your entire system from even the weediest foothold.π Read
via "Naked Security".
Naked Security
Patch time! NVIDIA fixes kernel driver holes on Windows and Linux
Kernel driver bugs often let crooks take over your entire system from even the weediest foothold.
π΄ 'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China π΄
π Read
via "Dark Reading: ".
Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China.π Read
via "Dark Reading: ".
Dark Reading
'GoldenSpy' Malware Hidden in Tax Software Spies on Companies Doing Business in China
Advanced persistent threat (APT) campaign aims to steal intelligence secrets from foreign companies operating in China.
π Why organizations should consider HTTPS inspection to find encrypted malware π
π Read
via "Security on TechRepublic".
Some 67% of all malware seen in the first quarter was delivered via HTTPS, according to security firm WatchGuard Technologies.π Read
via "Security on TechRepublic".
TechRepublic
Why organizations should consider HTTPS inspection to find encrypted malware
Some 67% of all malware seen in the first quarter was delivered via HTTPS, according to security firm WatchGuard Technologies.
β Office 365 Users Targeted By βCoronavirus Employee Trainingβ Phish β
π Read
via "Threatpost".
Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise.π Read
via "Threatpost".
Threat Post
Office 365 Users Targeted By βCoronavirus Employee Trainingβ Phish
Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise.
π΄ Lucifer Malware Aims to Become Broad Platform for Attacks π΄
π Read
via "Dark Reading: ".
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.π Read
via "Dark Reading: ".
Dark Reading
Lucifer Malware Aims to Become Broad Platform for Attacks
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
π΄ Better Collaboration Between Security & Development π΄
π Read
via "Dark Reading: ".
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.π Read
via "Dark Reading: ".
Dark Reading
Better Collaboration Between Security & Development
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
β Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs β
π Read
via "Threatpost".
Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.π Read
via "Threatpost".
Threat Post
Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.
π΄ Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods π΄
π Read
via "Dark Reading: ".
Malicious botnet sources explode in new attacks that push boundaries in terms of volume and duration.π Read
via "Dark Reading: ".
Dark Reading
Another Record-Breaking DDoS Attack Signals Shift in Criminal Methods
Malicious botnet sources explode in new attacks that push boundaries in terms of volume and duration.