ATENTIONβΌ New - CVE-2019-10596
π Read
via "National Vulnerability Database".
u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10562
π Read
via "National Vulnerability Database".
u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10527
π Read
via "National Vulnerability Database".
u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6574AU, QCA8081, QCM2150, QCN7605, QCN7606, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13903
π Read
via "National Vulnerability Database".
u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150π Read
via "National Vulnerability Database".
π΄ 8 Frequently Asked Questions on Organizations' Data Protection Programs π΄
π Read
via "Dark Reading: ".
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.π Read
via "Dark Reading: ".
Dark Reading
8 Frequently Asked Questions on Organizations' Data Protection Programs
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
β Bug in Google Maps Opened Door to Cross-Site Scripting Attacks β
π Read
via "Threatpost".
A researcher discovered a cross-site scripting flaw in Google Map's export function, which earned him $10,000 in bug bounty rewards.π Read
via "Threatpost".
Threat Post
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map's export function, which earned him $10,000 in bug bounty rewards.
β Cryptobugs Found in Numerous Google Play Store Apps β
π Read
via "Threatpost".
A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.π Read
via "Threatpost".
Threat Post
Cryptobugs Found in Numerous Google Play Store Apps
A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.
π΄ Post-COVID-19 Cybersecurity Spending Update π΄
π Read
via "Dark Reading: ".
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.π Read
via "Dark Reading: ".
Dark Reading
Post-COVID-19 Security Spending Update
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.
π How SMBs are overcoming key challenges in cybersecurity π
π Read
via "Security on TechRepublic".
Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.π Read
via "Security on TechRepublic".
TechRepublic
How SMBs are overcoming key challenges in cybersecurity
Small and midsized businesses cited budget constraints as their biggest security obstacle, according to Untangle.
β Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers β
π Read
via "Threatpost".
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.π Read
via "Threatpost".
Threat Post
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.
π΄ VPNs: The Cyber Elephant in the Room π΄
π Read
via "Dark Reading: ".
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.π Read
via "Dark Reading: ".
Dark Reading
VPNs: The Cyber Elephant in the Room
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
π΄ Google Cloud Expands Confidential Computing Lineup π΄
π Read
via "Dark Reading: ".
Google plans to build out its Confidential Computing portfolio with the launch of Confidential GKE Nodes for Kubernetes workloads.π Read
via "Dark Reading: ".
Dark Reading
Google Cloud Expands Confidential Computing Lineup
Google plans to build out its Confidential Computing portfolio with the launch of Confidential GKE Nodes for Kubernetes workloads.
π΄ WordPress Plug-in Has Critical Zero-Day π΄
π Read
via "Dark Reading: ".
The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.π Read
via "Dark Reading: ".
Darkreading
WordPress Plug-in Has Critical Zero-Day
The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.
π Following Data Theft, NJ Hacker Sentenced π
π Read
via "Subscriber Blog RSS Feed ".
The hacker admitted last year that he broke into two companies β one his former employer β and stole more than 15,000 files.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Following Data Theft, NJ Hacker Sentenced
The hacker admitted last year that he broke into two companies β one his former employer β and stole more than 15,000 files.
β Critical Intel Active Management Technology Flaw Allows Privilege Escalation β
π Read
via "Threatpost".
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems.π Read
via "Threatpost".
Threat Post
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems.
β Microsoftβs Patch Tuesday Packed with Critical RCE Bugs β
π Read
via "Threatpost".
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.π Read
via "Threatpost".
Threat Post
Microsoftβs Patch Tuesday Packed with Critical RCE Bugs
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.
π΄ Microsoft Fixes 129 Vulnerabilities for September's Patch Tuesday π΄
π Read
via "Dark Reading: ".
This month's Patch Tuesday brought fixes for 23 critical vulnerabilities, including a notable flaw in Microsoft Exchange.π Read
via "Dark Reading: ".
Darkreading
Microsoft Fixes 129 Vulnerabilities for September's Patch Tuesday
This month's Patch Tuesday brought fixes for 23 critical vulnerabilities, including a notable flaw in Microsoft Exchange.
π΄ Next-Gen Firewalls 101: Not Just a Buzzword π΄
π Read
via "Dark Reading: ".
In a rare twist, "next-gen" isn't just marketing-speak when it comes to next-gen firewalls, which function differently than traditional gear and may enable you to replace a variety of devices.π Read
via "Dark Reading: ".
Dark Reading
Next-Gen Firewalls 101: Not Just a Buzzword
In a rare twist, 'next-gen' isn't just marketing-speak when it comes to next-gen firewalls, which function differently than traditional gear and may enable you to replace a variety of devices.
ATENTIONβΌ New - CVE-2020-11124
π Read
via "National Vulnerability Database".
u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
β Spyware Labeled βTikTok Proβ Exploits Fears of US Ban β
π Read
via "Threatpost".
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials.π Read
via "Threatpost".
Threat Post
Spyware Labeled βTikTok Proβ Exploits Fears of U.S. Ban
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials.
β Fake web alerts β how to spot and stop them β
π Read
via "Naked Security".
How do you spot and deal with fake system alerts on both computers and mobile devices?π Read
via "Naked Security".
Naked Security
Fake web alerts β how to spot and stop them
How do you spot and deal with fake system alerts on both computers and mobile devices?