π΄ Russian Hacker Pleads Guilty to Bank Fraud π΄
π Read
via "Dark Reading: ".
The hacker ran a botnet that spread 'NeverQuest' malware for three years and collected millions of banking credentials.π Read
via "Dark Reading: ".
Dark Reading
Application Security recent news | Dark Reading
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading
β Threatpost Data: Password Managers Are Worth the Risk, Readers Say β
π Read
via "Threatpost | The first stop for security news".
A Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost Data: Password Managers Are Worth the Risk, Readers Say
The Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.
ATENTIONβΌ New - CVE-2018-11948
π Read
via "National Vulnerability Database".
Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MSM8996AU, QCS605, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11945
π Read
via "National Vulnerability Database".
Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11938
π Read
via "National Vulnerability Database".
Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11935
π Read
via "National Vulnerability Database".
Improper input validation might result in incorrect app id returned to the caller Instead of returning failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11932
π Read
via "National Vulnerability Database".
Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650, MDM9655, MSM8996AU, QCS605, SD 410/12, SD 615/16/SD 415, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11931
π Read
via "National Vulnerability Database".
Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11864
π Read
via "National Vulnerability Database".
Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11845
π Read
via "National Vulnerability Database".
Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11820
π Read
via "National Vulnerability Database".
Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11289
π Read
via "National Vulnerability Database".
Data truncation during higher to lower type conversion which causes less memory allocation than desired can leads to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130π Read
via "National Vulnerability Database".
π΄ New Arm Certification Aims to Secure IoT Devices π΄
π Read
via "Dark Reading: ".
A three-tier certification regimen shows adherence to the Platform Security Architecture.π Read
via "Dark Reading: ".
Dark Reading
New Arm Certification Aims to Secure IoT Devices
A three-tier certification regimen shows adherence to the Platform Security Architecture.
ATENTIONβΌ New - CVE-2009-5155
π Read
via "National Vulnerability Database".
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.π Read
via "National Vulnerability Database".
β Android nudges passwords closer to the cliff edge with FIDO2 support β
π Read
via "Naked Security".
Android's now on board with saying goodbye to passwords: more than a billion devices now support FIDO2.π Read
via "Naked Security".
Naked Security
Android nudges passwords closer to the cliff edge with FIDO2 support
Androidβs now on board with saying goodbye to passwords: more than a billion devices now support FIDO2.
β Facebook apps secretly sending sensitive data back to the mothership β
π Read
via "Naked Security".
New York governor Andrew Cuomo has ordered an investigation into how Facebook is still allowing blabby apps to violate its privacy policies.π Read
via "Naked Security".
Naked Security
Facebook apps secretly sending sensitive data back to the mothership
New York governor Andrew Cuomo has ordered an investigation into how Facebook is still allowing blabby apps to violate its privacy policies.
β The Dark Sides of Modern Cars: Hacking and Data Collection β
π Read
via "Threatpost | The first stop for security news".
How features such as infotainment and driver-assist can give others a leg up on car owners.π Read
via "Threatpost | The first stop for security news".
Threat Post
The Dark Sides of Modern Cars: Hacking and Data Collection
How features such as infotainment and driver-assist can give others a leg up on car owners.
β Mozilla fears encryption law could turn its employees into insider threats β
π Read
via "Naked Security".
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.π Read
via "Naked Security".
Naked Security
Mozilla fears encryption law could turn its employees into insider threats
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.
π΄ Your Employees Want to Learn. How Should You Teach Them? π΄
π Read
via "Dark Reading: ".
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.π Read
via "Dark Reading: ".
Dark Reading
Your Employees Want to Learn. How Should You Teach Them?
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
β ICANN demands DNSSEC to combat DNS hijacking β
π Read
via "Naked Security".
DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it.π Read
via "Naked Security".
Naked Security
ICANN demands DNSSEC combats DNS hijacking
DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it.
π΄ Come to Black Hat Asia and See the Future of Cloud Security π΄
π Read
via "Dark Reading: ".
Whether you're looking to perfect your AWS auditing skills or practice the latest cloud exploitation techniques, next month's Black Hat Asia can help you achieve your goals.π Read
via "Dark Reading: ".
Dark Reading
Come to Black Hat Asia and See the Future of Cloud Security
Whether you're looking to perfect your AWS auditing skills or practice the latest cloud exploitation techniques, next month's Black Hat Asia can help you achieve your goals.