ATENTIONβΌ New - CVE-2018-12371
π Read
via "National Vulnerability Database".
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.π Read
via "National Vulnerability Database".
β Joker Android Malware Dupes Its Way Back Onto Google Play β
π Read
via "Threatpost".
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.π Read
via "Threatpost".
Threat Post
Joker Android Malware Dupes Its Way Back Onto Google Play
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
π΄ Name That Toon: Tough Times, Tough Measures π΄
π Read
via "Dark Reading: ".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading: ".
Dark Reading
Name That Toon: Tough Times, Tough Measures - Dark Reading
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π 2,500 of FBI's Counterintelligence Cases Linked to China π
π Read
via "Subscriber Blog RSS Feed ".
The Federal Bureau of Investigationβs Director Christopher Wray discussed the Chinese Communist Party's vast influence on U.S. intellectual property, the financial sector, and democracy in a talk this week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
2,500 of FBI's Counterintelligence Cases Linked to China
The Federal Bureau of Investigationβs Director Christopher Wray discussed the Chinese Communist Party's vast influence on U.S. intellectual property, the financial sector, and democracy in a talk this week.
π How to enable Canonical Livepatch from the command line π
π Read
via "Security on TechRepublic".
If you have Ubuntu Servers in your data center, you should consider adding Canonical Livepatch to keep them up to date with kernel security patches.π Read
via "Security on TechRepublic".
TechRepublic
How to enable Canonical Livepatch from the command line
If you have Ubuntu Servers in your data center, you should consider adding Canonical Livepatch to keep them up to date with kernel security patches.
π Microsoft warns organizations of consent phishing attacks π
π Read
via "Security on TechRepublic".
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.π Read
via "Security on TechRepublic".
π΄ Fight Phishing with Intention π΄
π Read
via "Dark Reading: ".
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.π Read
via "Dark Reading: ".
Dark Reading
Fight Phishing with Intention
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
π΄ 56% of Large Companies Handle 1,000+ Security Alerts Each Day π΄
π Read
via "Dark Reading: ".
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.π Read
via "Dark Reading: ".
Dark Reading
56% of Large Companies Handle 1,000+ Security Alerts Each Day - Dark Reading
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.
π Highest-paying tech jobs: Where to find them π
π Read
via "Security on TechRepublic".
Find out what tech jobs and skills are most in-demand and where the positions are located.π Read
via "Security on TechRepublic".
TechRepublic
Highest-paying tech jobs: Where to find them
Find out what tech jobs and skills are most in-demand and where the positions are located.
π How to detect network abuse with Wireshark π
π Read
via "Security on TechRepublic".
With a few quick clicks, you can detect network abuse with Wireshark. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to detect network abuse with Wireshark
With a few quick clicks, you can detect network abuse with Wireshark. Jack Wallen shows you how.
π How expired domain names can redirect you to malicious websites π
π Read
via "Security on TechRepublic".
Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky.π Read
via "Security on TechRepublic".
TechRepublic
How expired domain names can redirect you to malicious websites
Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky.
ATENTIONβΌ New - CVE-2020-10756
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.π Read
via "National Vulnerability Database".
β Zoom Zero-Day Allows RCE, Patch on the Way β
π Read
via "Threatpost".
Researchers said that the issue is only exploitable on Windows 7 and earlier.π Read
via "Threatpost".
Threat Post
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier.
π΄ When WAFs Go Wrong π΄
π Read
via "Dark Reading: ".
Web application firewalls are increasingly disappointing enterprises today. Here's why.π Read
via "Dark Reading: ".
Dark Reading
When WAFs Go Wrong
Web application firewalls are increasingly disappointing enterprises today. Here's why.
ATENTIONβΌ New - CVE-2019-17638
π Read
via "National Vulnerability Database".
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).π Read
via "National Vulnerability Database".
β Microsoft Warns on OAuth Attacks Against Cloud App Users β
π Read
via "Threatpost".
Application-based attacks that use the passwordless "log in with..." feature common to cloud services are on the rise.π Read
via "Threatpost".
Threat Post
Microsoft Warns on OAuth Attacks Against Cloud App Users
Application-based attacks that use the passwordless "log in withβ¦" feature common to cloud services are on the rise.
π΄ 'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store π΄
π Read
via "Dark Reading: ".
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.π Read
via "Dark Reading: ".
Dark Reading
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
π΄ Omdia Research Launches Page On Dark Reading π΄
π Read
via "Dark Reading: ".
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.π Read
via "Dark Reading: ".
Dark Reading
Omdia Research Launches Page On Dark Reading
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
π΄ Up Close with Evilnum, the APT Group Behind the Malware π΄
π Read
via "Dark Reading: ".
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.π Read
via "Dark Reading: ".
Dark Reading
Up Close with Evilnum, the APT Group Behind the Malware
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
π΄ Huge DDoS Attack Launched Against Cloudflare in Late June π΄
π Read
via "Dark Reading: ".
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.π Read
via "Dark Reading: ".
Dark Reading
Huge DDoS Attack Launched Against Cloudflare in Late June
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.