ATENTIONβΌ New - CVE-2018-16808
π Read
via "National Vulnerability Database".
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16804
π Read
via "National Vulnerability Database".
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14499
π Read
via "National Vulnerability Database".
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14498
π Read
via "National Vulnerability Database".
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14038
π Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14038
π Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12447
π Read
via "National Vulnerability Database".
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7468
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7467
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7466
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.π Read
via "National Vulnerability Database".
β For sale: Gray-market iPhones that yield secrets to encryption β
π Read
via "Naked Security".
The prototype iPhones are slipping out of Apple's supply chain with disabled security, to the delight of researchers and jailbreakers.π Read
via "Naked Security".
Naked Security
Developer-only iPhones help reveal Appleβs secret security sauce
The prototype iPhones are slipping out of Appleβs supply chain with disabled security, to the delight of researchers and jailbreakers.
β Windows Calculator is going open source β
π Read
via "Naked Security".
Can the combined power of the worldβs developers possibly improve the iconic Windows Calculator app? Microsoft seems to think so.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Zuck says Facebook is becoming more βprivacy focusedβ β
π Read
via "Naked Security".
Facebook's planning a new, highly integrated platform and talking a lot about encrypted messaging.π Read
via "Naked Security".
Naked Security
Zuck says Facebook is becoming more βprivacy focusedβ
Facebookβs planning a new, highly integrated platform and talking a lot about encrypted messaging.
π How to create a transformational cybersecurity strategy: 3 paths π
π Read
via "Security on TechRepublic".
Enterprises must build a security strategy that is aligned with business needs.π Read
via "Security on TechRepublic".
TechRepublic
How to create a transformational cybersecurity strategy: 3 paths
Enterprises must build a security strategy that is aligned with business needs.
β Firefox picks up advertiser-dodging tech from Tor β
π Read
via "Naked Security".
Letterboxing comes straight from the Tor browser, and will help Firefox users avoid advertisers that follow them around the web.π Read
via "Naked Security".
Naked Security
Firefox picks up advertiser-dodging tech from Tor
Letterboxing comes straight from the Tor browser, and will help Firefox users avoid advertisers that follow them around the web.
β RSA Conference 2019 Recap β
π Read
via "Threatpost".
From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.π Read
via "Threatpost".
Threat Post
RSA Conference 2019 Recap
From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.
π Why companies ignore cybersecurity in digital transformations π
π Read
via "Security on TechRepublic".
At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity.π Read
via "Security on TechRepublic".
TechRepublic
Why companies ignore cybersecurity in digital transformations
At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity.
π Why security is the top barrier in enterprise cloud adoption π
π Read
via "Security on TechRepublic".
At RSA 2019, Richard Bird of Ping Identity discussed identity-related security issues and solutions for enterprises.π Read
via "Security on TechRepublic".
TechRepublic
Why security is the top barrier in enterprise cloud adoption
At RSA 2019, Richard Bird of Ping Identity discussed identity-related security issues and solutions for enterprises.
β RSAC 2019: The Dark Side of Machine Learning β
π Read
via "Threatpost".
As smart devices permeate our lives, Google sends up a red flag and shows how the underlying systems can be attacked.π Read
via "Threatpost".
Threat Post
RSAC 2019: The Dark Side of Machine Learning
As smart devices permeate our lives, Google sends up a red flag and shows how the underlying systems can be attacked.
π Blockchain implementation: Top security risks for the enterprise π
π Read
via "Security on TechRepublic".
At RSA 2019, Charles Henderson of IBM X-Force Red explained the cybersecurity challenges involved in bringing blockchain to the enterprise.π Read
via "Security on TechRepublic".
TechRepublic
Blockchain implementation: Top security risks for the enterprise
At RSA 2019, Charles Henderson of IBM X-Force Red explained the cybersecurity challenges involved in bringing blockchain to the enterprise.
β Serious Security: When randomness isnβt β and why it matters β
π Read
via "Naked Security".
The password 'ji32k7au4a83' looks pretty random and feels as though it should be unique - read this article to find out why it's neither!π Read
via "Naked Security".
Naked Security
Serious Security: When randomness isnβt β and why it matters
The password βji32k7au4a83β looks pretty random and feels as though it should be unique β read this article to find out why itβs neither!