ATENTIONβΌ New - CVE-2018-11289
π Read
via "National Vulnerability Database".
Data truncation during higher to lower type conversion which causes less memory allocation than desired can leads to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130π Read
via "National Vulnerability Database".
π΄ New Arm Certification Aims to Secure IoT Devices π΄
π Read
via "Dark Reading: ".
A three-tier certification regimen shows adherence to the Platform Security Architecture.π Read
via "Dark Reading: ".
Dark Reading
New Arm Certification Aims to Secure IoT Devices
A three-tier certification regimen shows adherence to the Platform Security Architecture.
ATENTIONβΌ New - CVE-2009-5155
π Read
via "National Vulnerability Database".
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.π Read
via "National Vulnerability Database".
β Android nudges passwords closer to the cliff edge with FIDO2 support β
π Read
via "Naked Security".
Android's now on board with saying goodbye to passwords: more than a billion devices now support FIDO2.π Read
via "Naked Security".
Naked Security
Android nudges passwords closer to the cliff edge with FIDO2 support
Androidβs now on board with saying goodbye to passwords: more than a billion devices now support FIDO2.
β Facebook apps secretly sending sensitive data back to the mothership β
π Read
via "Naked Security".
New York governor Andrew Cuomo has ordered an investigation into how Facebook is still allowing blabby apps to violate its privacy policies.π Read
via "Naked Security".
Naked Security
Facebook apps secretly sending sensitive data back to the mothership
New York governor Andrew Cuomo has ordered an investigation into how Facebook is still allowing blabby apps to violate its privacy policies.
β The Dark Sides of Modern Cars: Hacking and Data Collection β
π Read
via "Threatpost | The first stop for security news".
How features such as infotainment and driver-assist can give others a leg up on car owners.π Read
via "Threatpost | The first stop for security news".
Threat Post
The Dark Sides of Modern Cars: Hacking and Data Collection
How features such as infotainment and driver-assist can give others a leg up on car owners.
β Mozilla fears encryption law could turn its employees into insider threats β
π Read
via "Naked Security".
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.π Read
via "Naked Security".
Naked Security
Mozilla fears encryption law could turn its employees into insider threats
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.
π΄ Your Employees Want to Learn. How Should You Teach Them? π΄
π Read
via "Dark Reading: ".
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.π Read
via "Dark Reading: ".
Dark Reading
Your Employees Want to Learn. How Should You Teach Them?
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
β ICANN demands DNSSEC to combat DNS hijacking β
π Read
via "Naked Security".
DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it.π Read
via "Naked Security".
Naked Security
ICANN demands DNSSEC combats DNS hijacking
DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it.
π΄ Come to Black Hat Asia and See the Future of Cloud Security π΄
π Read
via "Dark Reading: ".
Whether you're looking to perfect your AWS auditing skills or practice the latest cloud exploitation techniques, next month's Black Hat Asia can help you achieve your goals.π Read
via "Dark Reading: ".
Dark Reading
Come to Black Hat Asia and See the Future of Cloud Security
Whether you're looking to perfect your AWS auditing skills or practice the latest cloud exploitation techniques, next month's Black Hat Asia can help you achieve your goals.
β Critical WinRAR Flaw Found Actively Being Exploited β
π Read
via "Threatpost | The first stop for security news".
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.π Read
via "Threatpost | The first stop for security news".
Threat Post
Critical WinRAR Flaw Found Actively Being Exploited
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.
π΄ A 'Cloudy' Future for OSSEC π΄
π Read
via "Dark Reading: ".
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.π Read
via "Dark Reading: ".
Dark Reading
A 'Cloudy' Future for OSSEC
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
π΄ TurboTax Hit with Cyberattack, Tax Returns Compromised π΄
π Read
via "Dark Reading: ".
Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.π Read
via "Dark Reading: ".
Darkreading
TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised
Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.
β High-Severity SHAREit App Flaws Open Files for the Taking β
π Read
via "Threatpost | The first stop for security news".
SHAREit has fixed two flaws in its app that allowed bad actors to authenticate their devices and steal files from a victim's device.π Read
via "Threatpost | The first stop for security news".
Threat Post
High-Severity SHAREit App Flaws Open Files for the Taking
SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim's device.
π΄ Attackers Continue to Focus on Users, Well-Worn Techniques π΄
π Read
via "Dark Reading: ".
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.π Read
via "Dark Reading: ".
Darkreading
Attackers Continue to Focus on Users, Well-Worn Techniques
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.
π΄ How Enterprises Are Developing Secure Applications π΄
π Read
via "Dark Reading: ".
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.π Read
via "Dark Reading: ".
π΄ Kenna Security and Sonatype Partner for Open Source Vulnerability Intelligence π΄
π Read
via "Dark Reading: ".
The pairing brings Sonatype data on open source components to the Kenna Security platform.π Read
via "Dark Reading: ".
Dark Reading
Kenna Security and Sonatype Partner for Open Source Vulnerability Intelligence
The pairing brings Sonatype data on open source components to the Kenna Security platform.
β βCloudborneβ IaaS Attack Allows Persistent Backdoors in the Cloud β
π Read
via "Threatpost | The first stop for security news".
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.π Read
via "Threatpost | The first stop for security news".
Threat Post
βCloudborneβ IaaS Attack Allows Persistent Backdoors in the Cloud
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.
π΄ 'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack π΄
π Read
via "Dark Reading: ".
Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.π Read
via "Dark Reading: ".
Darkreading
'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack
Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.
π How to cloud-enable Enpass Password Manager π
π Read
via "Security on TechRepublic".
Learn how to combine Enpass and Dropbox into a perfect, cloud-ready password manager.π Read
via "Security on TechRepublic".
TechRepublic
How to cloud-enable Enpass Password Manager
Learn how to combine Enpass and Dropbox into a perfect, cloud-ready password manager.
π Why AI and ML are not cybersecurity solutions--yet π
π Read
via "Security on TechRepublic".
AI and ML are often touted as silver bullets, but real-world applications for the technology seem thin on the ground.π Read
via "Security on TechRepublic".
TechRepublic
Why AI and ML are not cybersecurity solutions--yet
AI and ML are often touted as silver bullets, but real-world applications for the technology seem thin on the ground.