β Google Play Boots 85 Malicious Adware Apps β
π Read
via "Threatpost | The first stop for security news".
Once downloaded, the fake apps hide themselves on the victimβs device and continue to show a full-screen ad every 15 minutes.π Read
via "Threatpost | The first stop for security news".
Threat Post
Google Play Boots 85 Malicious Adware Apps
Once downloaded, the fake apps hide themselves on the victimβs device and continue to show a full-screen ad every 15 minutes.
β ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse β
π Read
via "Threatpost | The first stop for security news".
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users.π Read
via "Threatpost | The first stop for security news".
Threat Post
ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users.
ATENTIONβΌ New - CVE-2017-15428
π Read
via "National Vulnerability Database".
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15405
π Read
via "National Vulnerability Database".
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15404
π Read
via "National Vulnerability Database".
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15403
π Read
via "National Vulnerability Database".
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15402
π Read
via "National Vulnerability Database".
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15401
π Read
via "National Vulnerability Database".
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9651
π Read
via "National Vulnerability Database".
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10403
π Read
via "National Vulnerability Database".
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.π Read
via "National Vulnerability Database".
π How Winston can protect consumers and smart offices from identity thieves π
π Read
via "Security on TechRepublic".
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.π Read
via "Security on TechRepublic".
TechRepublic
How Winston can protect consumers and smart offices from identity thieves
Winston is an online privacy device that sits between a modem and router to protect the user's online browsing and identity.
π΄ Kaspersky Lab Helped US Nab NSA Data Thief: Report π΄
π Read
via "Dark Reading: ".
But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.π Read
via "Dark Reading: ".
Darkreading
Kaspersky Lab Helped US Nab NSA Data Thief: Report
But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.
β Cisco Fixes Critical Vulnerability Enabling Remote DoS Attacks β
π Read
via "Threatpost | The first stop for security news".
A remote attacker could exploit the vulnerability simply by sending an email.π Read
via "Threatpost | The first stop for security news".
Threat Post
Critical Flaw in Ciscoβs Email Security Appliance Enables βPermanent DoSβ
A remote attacker could exploit the vulnerability simply by sending an email.
π΄ Container Deployments Bring Security Woes at DevOps Speed π΄
π Read
via "Dark Reading: ".
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.π Read
via "Dark Reading: ".
Dark Reading
Container Deployments Bring Security Woes at DevOps Speed
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
π΄ Web Vulnerabilities Up, IoT Flaws Down π΄
π Read
via "Dark Reading: ".
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.π Read
via "Dark Reading: ".
Dark Reading
Web Vulnerabilities Up, IoT Flaws Down
The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.
ATENTIONβΌ New - CVE-2018-0282
π Read
via "National Vulnerability Database".
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-0181
π Read
via "National Vulnerability Database".
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10736
π Read
via "National Vulnerability Database".
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.π Read
via "National Vulnerability Database".
β Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case β
π Read
via "Naked Security".
The court's action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.π Read
via "Naked Security".
Naked Security
Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case
The courtβs action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.
β Update now! Microsoft and Adobeβs January 2019 Patch Tuesday is here β
π Read
via "Naked Security".
After a busy sequence of updates in October, November, and December, the new yearβs first Patch Tuesday promises a lighter workload.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 6 Best Practices for Managing an Online Educational Infrastructure π΄
π Read
via "Dark Reading: ".
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.π Read
via "Dark Reading: ".
Darkreading
6 Best Practices for Managing an Online Educational Infrastructure
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.