ATENTIONβΌ New - CVE-2019-10561
π Read
via "National Vulnerability Database".
Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10558
π Read
via "National Vulnerability Database".
While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10548
π Read
via "National Vulnerability Database".
While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10532
π Read
via "National Vulnerability Database".
Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
β China and US top user data requests in Apple transparency report β
π Read
via "Naked Security".
Most of the US and China's requests had to do with investigations into fraud, suspected account access and phishing.π Read
via "Naked Security".
Naked Security
China and US top user data requests in Apple transparency report
Most of the US and Chinaβs requests had to do with investigations into fraud, suspected account access and phishing.
π΄ 7 Tips for Infosec Pros Considering A Lateral Career Move π΄
π Read
via "Dark Reading: ".
Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.π Read
via "Dark Reading: ".
Dark Reading
7 Tips for Infosec Pros Considering A Lateral Career Move
Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
β Citrix ships patches as vulnerable servers come under attack β
π Read
via "Naked Security".
Citrix has issued its first set of patches fixing a nasty vulnerability that's been hanging over some of its biggest products.π Read
via "Naked Security".
Naked Security
Citrix ships patches as vulnerable servers come under attack
Citrix has issued its first set of patches fixing a nasty vulnerability thatβs been hanging over some of its biggest products.
β Hacker Leaks More Than 500K Telnet Credentials for IoT Devices β
π Read
via "Threatpost".
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.π Read
via "Threatpost".
Threat Post
Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.
π΄ Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking π΄
π Read
via "Dark Reading: ".
A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it.π Read
via "Dark Reading: ".
Dark Reading
Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking
A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it.
π If you don't like your browser, why won't you change to a different one? π
π Read
via "Security on TechRepublic".
Commentary: Users tend to stick with their preferred browser even when it works poorly for them.π Read
via "Security on TechRepublic".
TechRepublic
If you don't like your browser, why won't you change to a different one?
Commentary: Users tend to stick with their preferred browser even when it works poorly for them.
π How to use a physical security key to sign into supported websites π
π Read
via "Security on TechRepublic".
A security key is a good option to use for two-factor authentication when logging into certain websites.π Read
via "Security on TechRepublic".
TechRepublic
How to use a physical security key to sign into supported websites
A security key is a good option to use for two-factor authentication when logging into certain websites.
π Windows 7 remains an albatross at many large organizations π
π Read
via "Security on TechRepublic".
Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment.π Read
via "Security on TechRepublic".
TechRepublic
Windows 7 remains an albatross at many large organizations
Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment.
π΄ Data Awareness Is Key to Data Security π΄
π Read
via "Dark Reading: ".
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.π Read
via "Dark Reading: ".
Darkreading
Data Awareness Is Key to Data Security
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.
β Microsoft Zero-Day Actively Exploited, Patch Forthcoming β
π Read
via "Threatpost".
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.π Read
via "Threatpost".
Threat Post
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.
β FTCODE Ransomware Now Steals Chrome, Firefox Credentials β
π Read
via "Threatpost".
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.π Read
via "Threatpost".
Threat Post
FTCODE Ransomware Now Steals Chrome, Firefox Credentials
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.
π΄ The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem π΄
π Read
via "Dark Reading: ".
We all make assumptions. They rarely turn out well. A new/old date problem offers a lesson in why that's so.π Read
via "Dark Reading: ".
Dark Reading
The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem
We all make assumptions. They rarely turn out well. A new/old date problem offers a lesson in why that's so.
π iOS-based devices: Zero-touch management essentials π
π Read
via "Security on TechRepublic".
Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.π Read
via "Security on TechRepublic".
TechRepublic
iOS-based devices: Zero-touch management essentials
Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.
β Citrix Accelerates Patch Rollout For Critical RCE Flaw β
π Read
via "Threatpost".
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.π Read
via "Threatpost".
Threat Post
Citrix Accelerates Patch Rollout For Critical RCE Flaw
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its the Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
π΄ Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation π΄
π Read
via "Dark Reading: ".
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.π Read
via "Dark Reading: ".
Dark Reading
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
π΄ Ransomware Upgrades with Credential-Stealing Tricks π΄
π Read
via "Dark Reading: ".
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.π Read
via "Dark Reading: ".
Darkreading
Ransomware Upgrades with Credential-Stealing Tricks
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.