FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Yesterday β€” October 20th 2018Your RSS feeds
Before yesterdayYour RSS feeds

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

By Lindsey O'Donnell
The bugs let hackers crash IoT devices, leak their information, and completely take them over.

Trivial Post-Intrusion Attack Exploits Windows RID

By Lindsey O'Donnell
Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.

Critical Flaw Found in Streaming Library Used by VLC and Other Media Players

By noreply@blogger.com (Mohit Kumar)
Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media libraryβ€”which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to

8 Popular Courses to Learn Ethical Hacking – 2018 Bundle

By noreply@blogger.com (Exclusive Deals)
Update (Oct 2018) β€” Over 30,000 students from all around the world have joined this training programΒ so far. Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020,

Scams and flaws: Why we get duped

By TomΓ‘Ε‘ FoltΓ½n

What are the emotional triggers and errors in judgment that make you fall for an online scam?

The post Scams and flaws: Why we get duped appeared first on WeLiveSecurity

DJI website's 'Get the app on Google Play' directs users elsewhere

Opinion: At best it's an oversight, at worst it's placing user security and privacy at serious risk.
  • October 19th 2018 at 09:06

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

Never-closed browsers and persistent session tickets make tracking a doddle

Analysis Transport Layer Security underpins much of the modern internet. It is the foundation of secure connections to HTTPS websites, for one thing. However, it can harbor a sting in its tail for those concerned about staying anonymous online.…

  • October 19th 2018 at 07:04

CA20181017-01: Security Notice for CA Identity Governance

Posted by Kotas, Kevin J on Oct 18

CA20181017-01: Security Notice for CA Identity Governance

Issued: October 17, 2018
Last Updated: October 17, 2018

CA Technologies Support is alerting customers to a low risk issue
with CA Identity Governance. In a certain product configuration, an
attacker can gain sensitive information. CA published solutions to
address the vulnerability.

The vulnerability, CVE-2018-14597, occurs due to how CA Identity
Governance responds to login requests....
  • October 19th 2018 at 05:13

Zero-day in popular jQuery plugin actively exploited for at least three years

A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages!
  • October 19th 2018 at 01:41

Vuln: Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
  • October 19th 2018 at 00:00

Vuln: Apache Struts CVE-2016-1182 Security Bypass Vulnerability

Apache Struts CVE-2016-1182 Security Bypass Vulnerability
  • October 19th 2018 at 00:00

Vuln: cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability

cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability
  • October 19th 2018 at 00:00

Flaws in telepresence robots allow hackers access to pictures, video feeds

Vendor has patched two of five reported bugs. Three patches are in the works.
  • October 18th 2018 at 21:40

Cyber Espionage Campaign Reuses Code from China's APT1

By Jai Vijayan Freelance writer
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.

  • October 18th 2018 at 21:00

How to Get Consumers to Forgive You for a Breach

By Dark Reading Staff
It starts with already-established trust, a new survey shows.

  • October 18th 2018 at 20:30

Week in security with Tony Anscombe

By Shane Curtis

GreyEnergy: ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

  • October 19th 2018 at 08:57

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

By noreply@blogger.com (Swati Khandelwal)
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systemsβ€”called FreeRTOSβ€”and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded

Talk about a curveball: Microsoft director of sports marketing fired, charged with fraud over 'fake' invoices

He tells investigators: 'I was hacked!'

Microsoft's former director of sports marketing has been indicted on five counts of wire fraud, based on allegations that he created fake invoices to defraud the software giant and sold its property as his own.…

  • October 18th 2018 at 20:05

Equifax exec's inside trade shame: Software boss sentenced for mega-hack stock profit

Thrown in the small house rather than the big house

An Equifax executive – who knew the biz had been hacked before it was made public and banked over $75,000 in stock trades using this inside knowledge – has avoided jail.…

  • October 18th 2018 at 19:41

Cisco Security Advisories 17 OCT 2018, (Thu, Oct 18th)

Cisco PSIRT posted a number of advisories yesterday, 17 OCT 2018. For your consideration, seven (7) are rated High, there are eight (8) additional Medium advisories.
  • October 18th 2018 at 19:26

New Security Woes for Popular IoT Protocols

By Kelly Jackson Higgins Executive Editor at Dark Reading
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.

  • October 18th 2018 at 19:00

Audits: The Missing Layer in Cybersecurity

By Brennan P Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.

  • October 18th 2018 at 18:30

Former Equifax Manager Sentenced for Insider Trading

By Dark Reading Staff
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.

  • October 18th 2018 at 18:00

Tracking Tick Through Recent Campaigns Targeting East Asia

By Talos Group
Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight...

7 Ways A Collaboration System Could Wreck Your IT Security

By Curtis Franklin Jr. Senior Editor at Dark Reading
The same traits that make collaboration systems so useful for team communications can help hackers, too.

  • October 18th 2018 at 16:10

Red Hat Security Advisory 2018-2949-01

Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.
  • October 18th 2018 at 15:40

Red Hat Security Advisory 2018-2946-01

Red Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.
  • October 18th 2018 at 15:37

Red Hat Security Advisory 2018-2944-01

Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.
  • October 18th 2018 at 15:36

Red Hat Security Advisory 2018-2945-01

Red Hat Security Advisory 2018-2945-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.16 serves as a replacement for RHOAR Spring Boot 1.5.15, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
  • October 18th 2018 at 15:35

Ghostscript 1Policy Dangerous Access To Operator

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.
  • October 18th 2018 at 15:21

Linux BPF Verifier Failed Truncation

The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.
  • October 18th 2018 at 15:20

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

By Lindsey O'Donnell
Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.

Linux Semi-Arbitrary Task Stack Read On ARM64 / x86

Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.
  • October 18th 2018 at 15:17

Open source web hosting software compromised with DDoS malware

Some VestaCP servers were infected with a new malware strain named Linux/ChachaDDOS.
  • October 18th 2018 at 15:15

Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.
  • October 18th 2018 at 15:14

Apache Access Vulnerability Could Affect Thousands of Applications

By Curtis Franklin Jr. Senior Editor at Dark Reading
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.

  • October 18th 2018 at 15:00

Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability

By Talos Group
These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos. Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer. LIVE555...

Getting Up to Speed with "Always-On SSL"

By Tim Callan Senior Fellow, Comodo CA
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.

  • October 18th 2018 at 14:30

Inside the Dark Web's 'Help Wanted' Ads

By Kelly Sheridan Staff Editor, Dark Reading
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.

  • October 18th 2018 at 14:00

The libssh β€œlogin with no password” bug – what you need to know [VIDEO]

By Paul Ducklin
Here's a video that explains the libssh "no password needed" bug - jargon-free and in plain English. Enjoy...

GitHub security alerts now support Java and .NET projects

GitHub also launches Token Scanning tool and new Security Advisory API.
  • October 18th 2018 at 12:03

Is Google’s Android app unbundling good for security?

By John E Dunn
If you live in the EU, turning on a new Android device after 29 October 2018 could look quite different...

shutterstock_424829365-compressor

You don’t have to sequence your DNA to be identifiable by your DNA

By Lisa Vaas
If you have European ancestry, there's a 60% chance that somebody vaguely related to you can be used to find out who you are.

shutterstock_1049496299-compressor

Twitter publishes data on Iranian and Russian troll farms

By Lisa Vaas
Over 1m tweets show that we're suckers for funny/sarcastic/edgy, not so much for blah-blah-blah β€œnews” spreaders.

shutterstock_761536525-compressor

Competitive Horse Racing - Enterprise Security Weekly #111

By paul@securityweekly.com

This week, John Strand and Paul discuss some companies Paul got a chance to catch up with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more! In the Enterprise News this week, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more on this episode of Enterprise Security Weekly!

Β 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

Β 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Β 

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

Β 

β†’Follow us on Twitter: https://www.twitter.com/securityweekly

β†’Like us on Facebook: https://www.facebook.com/secweekly

  • October 18th 2018 at 09:00

Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands.
  • October 18th 2018 at 04:01

The Mysterious Return of Years-Old APT1 Malware

By Brian Barrett
Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013.
❌