🔏 What is Data Security? 🔏
📖 Read
via "Digital Guardian".
Learn about data security and the role it plays in many data protection solutions in Data Protection 101, our series on the fundamentals of data security.📖 Read
via "Digital Guardian".
Digital Guardian
What is Data Security?
Learn about data security and the role it plays in many data protection solutions in Data Protection 101, our series on the fundamentals of data security.
❌ Pfizer COVID-19 Vaccine Targeted in EU Cyberattack ❌
📖 Read
via "Threat Post".
Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering. 📖 Read
via "Threat Post".
Threat Post
Pfizer COVID-19 Vaccine Targeted in EU Cyberattack
Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering.
🦿 Beware of "fleeceware" in Android apps 🦿
📖 Read
via "Tech Republic".
Some apps in the Google Play Store are impersonating legitimate apps and stealing users' money.📖 Read
via "Tech Republic".
TechRepublic
Beware of "fleeceware" in Android apps
Some apps in the Google Play Store are impersonating legitimate apps and stealing users' money.
🦿 Watch out for holiday phishing scams 🦿
📖 Read
via "Tech Republic".
Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.📖 Read
via "Tech Republic".
TechRepublic
Watch out for holiday phishing scams
Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.
🕴 FireEye Breach Fallout Yet to Be Felt 🕴
📖 Read
via "Dark Reading".
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.📖 Read
via "Dark Reading".
Dark Reading
FireEye Breach Fallout Yet to Be Felt
Aftermath of the FireEye breach by Russia's foreign service agency raises concerns over what the attackers could do next - and how to defend against it.
❌ Defending the Intelligent Edge from Evolving Attacks ❌
📖 Read
via "Threat Post".
Fortinet's Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs).📖 Read
via "Threat Post".
Threat Post
Defending the Intelligent Edge from Evolving Attacks
Fortinet's Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs).
🦿 Cyberconflict: How it can reach beyond government systems, and how to protect your business 🦿
📖 Read
via "Tech Republic".
Cyberconflict is an unfortunate growing trend impacting businesses and governments. Learn the risks and possible solutions from an industry expert.📖 Read
via "Tech Republic".
TechRepublic
Cyberconflict: How it can reach beyond government systems, and how to protect your business
Cyberconflict is an unfortunate growing trend impacting businesses and governments. Learn the risks and possible solutions from an industry expert.
🕴 'Fingerprint-Jacking' Attack Technique Manipulates Android UI 🕴
📖 Read
via "Dark Reading".
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.📖 Read
via "Dark Reading".
Dark Reading
'Fingerprint-Jacking' Attack Technique Manipulates Android UI
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
🕴 Contact-Tracing Apps Still Expose Users to Security, Privacy Issues 🕴
📖 Read
via "Dark Reading".
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.📖 Read
via "Dark Reading".
Dark Reading
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
🕴 Juvenile Pleads Guilty to 2016 DNS Attack 🕴
📖 Read
via "Dark Reading".
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.📖 Read
via "Dark Reading".
Dark Reading
Juvenile Pleads Guilty to 2016 DNS Attack
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
‼ CVE-2020-26271 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.📖 Read
via "National Vulnerability Database".
🕴 Knowing What the Enemy Knows Is Key to Proper Defense 🕴
📖 Read
via "Dark Reading".
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.📖 Read
via "Dark Reading".
Dark Reading
Knowing What the Enemy Knows Is Key to Proper Defense
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
‼ CVE-2020-26267 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35110 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26266 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8908 ‼
📖 Read
via "National Vulnerability Database".
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29311 ‼
📖 Read
via "National Vulnerability Database".
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16196 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26268 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4829 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19142 ‼
📖 Read
via "National Vulnerability Database".
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.📖 Read
via "National Vulnerability Database".