β NSA Warns Smartphones Leak Location Data β
π Read
via "Threatpost".
The agency known for its own questionable surveillance activity advised how mobile users can limit othersβ ability to track where they are.π Read
via "Threatpost".
Threat Post
NSA Warns Smartphones Leak Location Data
The agency known for its own questionable surveillance activity advised how mobile users can limit othersβ ability to track where they are.
β Microsoft Teams Patch Bypass Allows RCE β
π Read
via "Threatpost".
An attacker can hide amidst legitimate traffic in the application's update function.π Read
via "Threatpost".
Threat Post
Microsoft Teams Patch Bypass Allows RCE
An attacker can hide amidst legitimate traffic in the application's update function.
ATENTIONβΌ New - CVE-2020-14347
π Read
via "National Vulnerability Database".
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14344
π Read
via "National Vulnerability Database".
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13921
π Read
via "National Vulnerability Database".
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13819
π Read
via "National Vulnerability Database".
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.π Read
via "National Vulnerability Database".
β High-Severity Android RCE Flaw Fixed in August Security Update β
π Read
via "Threatpost".
Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.π Read
via "Threatpost".
Threat Post
High-Severity Android RCE Flaw Fixed in August Security Update
Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.
π΄ Microsoft Teams Vulnerable to Patch Workaround, Researchers Report π΄
π Read
via "Dark Reading: ".
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.π Read
via "Dark Reading: ".
Darkreading
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
π΄ CISA Offers Tool for Career Navigation π΄
π Read
via "Dark Reading: ".
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.π Read
via "Dark Reading: ".
Dark Reading
CISA Offers Tool for Career Navigation
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.
π΄ 3 Tips for Securing Open Source Software π΄
π Read
via "Dark Reading: ".
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.π Read
via "Dark Reading: ".
Dark Reading
3 Tips for Securing Open Source Software
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
π΄ Attack of the Clone: Next-Gen Social Engineering π΄
π Read
via "Dark Reading: ".
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.π Read
via "Dark Reading: ".
Dark Reading
Attack of the Clone: Next-Gen Social Engineering
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
π΄ Building Cybersecurity Strategies in Sub-Saharan Africa π΄
π Read
via "Dark Reading: ".
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.π Read
via "Dark Reading: ".
Dark Reading
Building Cybersecurity Strategies in Sub-Saharan Africa
Evelyn Kilel and Laura Tich of Shehacks Ke discuss how they are working to build cybersecurity strategies that suit the needs and capabilities of developing nations.
π΄ Russian Election Interference: What's Next? π΄
π Read
via "Dark Reading: ".
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?π Read
via "Dark Reading: ".
Dark Reading
Russian Election Interference: What's Next?
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
π΄ Voatz Delivers Multi-Layered Security to Protect Electronic Voting π΄
π Read
via "Dark Reading: ".
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.π Read
via "Dark Reading: ".
Dark Reading
Voatz Delivers Multi-Layered Security to Protect Electronic Voting
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilotsβ¦
π΄ A Paramedic's Guide to Cybersecurity: Video π΄
π Read
via "Dark Reading: ".
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services and the parallels that already exist.π Read
via "Dark Reading: ".
Dark Reading
A Paramedic's Guide to Cybersecurity: Video
In this video segment, the Dark Reading News Desk speaks to several guests about healthcare cybersecurity. We begin with Rich Mogull, infosec pro and paramedic, for a discussion about what lessons cybersecurity can learn from emergency medical services andβ¦
β Black Hat 2020: Open-Source AI to Spur Wave of βSynthetic Mediaβ Attacks β
π Read
via "Threatpost".
The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready.π Read
via "Threatpost".
Threat Post
Black Hat 2020: Open-Source AI to Spur Wave of βSynthetic Mediaβ Attacks
The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready.
π΄ How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
π΄ Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software developmentβ¦
π Engineer Behind Google, Uber Trade Secret Theft Case Sentenced π
π Read
via "Subscriber Blog RSS Feed ".
Anthony Levandowski, the former Google engineer, was sentenced this week, four months after he plead guilty to stealing Google's trade secrets.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Engineer Behind Google, Uber Trade Secret Theft Case Sentenced
Anthony Levandowski, the former Google engineer, was sentenced this week, four months after he plead guilty to stealing Google's trade secrets.