$0.99 Kindle Books Security Vulnerabilities

5 Reasons Why Programmers Should Think like Hackers

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...

Retail Org Cyberattacks Set to Soar 20% in 2019 Holiday Season

As cybercriminals grow more sophisticated and holiday shoppers continue to flock online, researchers warn internet-based retailers could face a 20 percent uptick in cyberattacks this holiday season compared to last year. In the report titled “Holiday Season Cyber Heists”, released Thursday morning....

December 10, 2019—KB4530714 (OS Build 16299.1565)

December 10, 2019—KB4530714 (OS Build 16299.1565) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA...

Security feature bypass

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA...

‘Data as property’ promises fix for privacy problems, but could deepen inequality

In mid-November, Democratic presidential hopeful Andrew Yang unveiled a four-prong policy approach to solving some of today’s thornier tech issues, such as widespread misinformation, technology dependence, and data privacy. Americans, Yang proposed, should receive certain, guaranteed protections...

From Thousands of Security Alerts to a Handful of Insights

Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features that....

ClamAV CVE-2019-15961 Denial of Service Vulnerability

Description ClamAV is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to ClamAV 0.102.1 and 0.101.5 are vulnerable. Technologies Affected Cisco ClamAV 0.100 Cisco ClamAV 0.101 Cisco ClamAV 0.101.4 Cisco...

SUSE SLES12 Security Update : libcaca (SUSE-SU-2019:2745-2)

This update for libcaca fixes the following issues : Security issues fixed : CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) CVE-2018-20546: Fixed a READ.....

Plugging the Data Leak in Manufacturing

More often than not, when then the internet of things (IoT) is brought up these days, it conjures images of Alexa, Siri and Cortana. These personal assistants can help users turn on a smart light bulb, flick on the oven and get you the day’s news, all in one fell swoop. However, IoT has evolved...

November 12, 2019—KB4525241 (OS Build 16299.1508)

November 12, 2019—KB4525241 (OS Build 16299.1508) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

October 8, 2019—KB4520008 (OS Build 17134.1069)

October 8, 2019—KB4520008 (OS Build 17134.1069) The Windows 10 April 2018 Update will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running the Windows 10 April 2018 Update starting July 16, 2019 to help ensure that these devices remain in a...

October 8, 2019—KB4519338 (OS Build 17763.805)

October 8, 2019—KB4519338 (OS Build 17763.805) Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when...

October 8, 2019—KB4520004 (OS Build 16299.1451)

October 8, 2019—KB4520004 (OS Build 16299.1451) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

October 8, 2019—KB4517389 (OS Build 18362.418)

October 8, 2019—KB4517389 (OS Build 18362.418) Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Note This release also contains updates for Microsoft HoloLens (OS Build 18362.1034) released October 8, 2019. Microsoft will release an update.....

October 8, 2019—KB4520010 (OS Build 15063.2108)

October 8, 2019—KB4520010 (OS Build 15063.2108) IMPORTANTWindows 10 Enterprise and Windows 10 Education editions reached end of service on October 8, 2019. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10_._ Reminder March 12 and....

DDoS attacks in Q3 2019

News overview This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently...

Amazon Kindle, Embedded Devices Open to Code-Execution

Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose....

Emotet Resurgence Continues With New Tactics, Techniques and Procedures

The notorious banking trojan Emotet, that mysteriously disappeared over the summer, returned last month dropping a new collection of malware including information stealers, email harvesters, self-propagation mechanisms and ransomware. But since the malware returned from its hiatus, there was no...

CVE-2005-2354

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...

CVE-2005-2354

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...

CVE-2005-2354

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...

CVE-2019-12625

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected...

CVE-2019-1789

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate...

isns-utils bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...

isns-utils bug fix and enhancement update

An update is available for isns-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....

5.24 bug fix and enhancement update

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glob, perl-Pod-Simple,...

perl:5.24 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...

Apple iOS < 13.2 Multiple Vulnerabilities

The version of Apple iOS running on the mobile device is prior to 13.2. It is, therefore, affected by multiple vulnerabilities. - A memory leak vulnerablity exists in the iOS Accounts, a remote attacker can exploit this using specially crafted input. (CVE-2019-8787) An authentication...

5 Reasons to Attend Qualys Security Conference 2019

Qualys is a leader in cybersecurity and one of the more recognizable and respected names in the industry. It should be. The company has been around for 20 years, and it continues to innovate and push the envelope. Later this month, Qualys will take over Bellagio Hotel in Las Vegas for the Qualys...

U.S. Universities Get Failing Grades for DMARC Adoption

The U.S. higher education system is lagging when it comes to implementing email security – even though the segment remains a top target for phishing and spam campaigns. According to an analysis from Red Sift shared with Threatpost, only 3 percent of the top 200 schools in the 2020 WSJ/THE College.....

About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006

About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 This document describes the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. About Apple security updates For our customers' protection,...

About the security content of iOS 13.2 and iPadOS 13.2

About the security content of iOS 13.2 and iPadOS 13.2 This document describes the security content of iOS 13.2 and iPadOS 13.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Threat Source newsletter (Oct. 24, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gustuff is proving...

SUSE SLED12 / SLES12 Security Update : libcaca (SUSE-SU-2019:2745-1)

This update for libcaca fixes the following issues : Security issues fixed : CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) CVE-2018-20546: Fixed a READ.....

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...

Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent

As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats. This podcast is brought to you by Code42. Threatpost talks to Tim Brown, vice president of security at...

clamav - regression update

Bulletin has no...

I Have a New Book: We Have Root

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.) There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry...

High severity vulnerability that affects indico

Local file disclosure through LaTeX injection Impact An external audit of the Indico codebase has discovered a vulnerability in Indico's LaTeX sanitization code, which could have malicious users to run unsafe LaTeX commands on the server. Such commands allowed for example to read local files (e.g.....

clamav - security update

Bulletin has no...

CVE-2019-17371

gif2png 2.5.13 has a memory leak in the writefile...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory...

October 3, 2019—KB4524151 (OS Build 15063.2079)

October 3, 2019—KB4524151 (OS Build 15063.2079) IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent...

October 3, 2019—KB4524147 (OS Build 18362.388)

October 3, 2019—KB4524147 (OS Build 18362.388) IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent...

Edward Snowden's Memoirs

Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short....

About the security content of macOS Catalina 10.15

About the security content of macOS Catalina 10.15 This document describes the security content of macOS Catalina 10.15. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

libxml2:libxml2_xml_reader_for_file_fuzzer: Heap-use-after-free in xmlTextReaderFreeNodeList

Project: https://gitlab.gnome.org/GNOME/libxml2.git Detailed Report: https://oss-fuzz.com/testcase?key=5654854260752384 Project: libxml2 Fuzzing Engine: afl Fuzz Target: libxml2_xml_reader_for_file_fuzzer Job Type: afl_asan_libxml2 Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash...

Interview With the Guy Who Tried to Frame Me for Heroin Possession

In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession. But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses. That individual recently gave his first...

Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards

Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the...