π΄ Password Reuse, Misconfiguration Blamed for Repository Compromises π΄
π Read
via "Dark Reading: ".
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.π Read
via "Dark Reading: ".
Darkreading
Password Reuse, Misconfiguration Blamed for Repository Compromises
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
β WP Live Chat WordPress Plugin Re-Patches File Upload Flaw β
π Read
via "Threatpost".
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.π Read
via "Threatpost".
Threat Post
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.
π΄ Attackers Add a New Spin to Old Scams π΄
π Read
via "Dark Reading: ".
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.π Read
via "Dark Reading: ".
Darkreading
Attackers Add a New Spin to Old Scams
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
ATENTIONβΌ New - CVE-2017-18279
π Read
via "National Vulnerability Database".
Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18278
π Read
via "National Vulnerability Database".
An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18276
π Read
via "National Vulnerability Database".
Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18275
π Read
via "National Vulnerability Database".
A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18274
π Read
via "National Vulnerability Database".
While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18173
π Read
via "National Vulnerability Database".
In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18157
π Read
via "National Vulnerability Database".
A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18156
π Read
via "National Vulnerability Database".
While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18131
π Read
via "National Vulnerability Database".
In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15841
π Read
via "National Vulnerability Database".
When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.π Read
via "National Vulnerability Database".
β Weekly review β the hot 25 stories of last week β
π Read
via "Naked Security".
From malware-stuffed piracy apps to the Docker breach, get yourself up to date with everything we wrote last week - it's roundup time.π Read
via "Naked Security".
Naked Security
Weekly review β the hot 25 stories of last week
From malware-stuffed piracy apps to the Docker breach, get yourself up to date with everything we wrote last week β itβs roundup time.
β Blockchain project settles cross-border payment β
π Read
via "Naked Security".
Singaporeβs central bank sent a payment to Canada using blockchain technology last week, in a clear signal that the technology has value.π Read
via "Naked Security".
Naked Security
Blockchain project settles cross-border payment
Singaporeβs central bank sent a payment to Canada using blockchain technology last week, in a clear signal that the technology has value.
β Dark web marketplace Wall Street Market busted by international police β
π Read
via "Naked Security".
It went down in flames, with a rogue admin blackmailing vendors and buyers and leaking login credentials and the IP address.π Read
via "Naked Security".
Naked Security
Dark web marketplace Wall Street Market busted by international police
It went down in flames, with a rogue admin blackmailing vendors and buyers and leaking login credentials and the IP address.
β Firefox add-ons with obfuscated code will be banned by Mozilla β
π Read
via "Naked Security".
The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what it's really up to.π Read
via "Naked Security".
Naked Security
Firefox add-ons with obfuscated code will be banned by Mozilla
The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what itβs really up to.
π΄ Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server π΄
π Read
via "Dark Reading: ".
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.π Read
via "Dark Reading: ".
Darkreading
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
π΄ Better Behavior, Better Biometrics? π΄
π Read
via "Dark Reading: ".
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.π Read
via "Dark Reading: ".
Darkreading
Better Behavior, Better Biometrics?
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
β MegaCortex ransomware distracts victims with Matrix film references β
π Read
via "Naked Security".
One moment, the defendersβ network looked secure but the next, as if out of nowhere, the ransom note pops up.π Read
via "Naked Security".
Naked Security
MegaCortex ransomware distracts victims with Matrix film references
One moment, the defendersβ network looked secure but the next, as if out of nowhere, the ransom note pops up.
β Ukrainian Charged With Launching 100 Million Malicious Ads β
π Read
via "Threatpost".
Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.π Read
via "Threatpost".
Threat Post
Ukrainian Charged With Launching 100 Million Malicious Ads
Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.