5 Reasons Why Programmers Should Think like Hackers
Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...
-0.6AI Score
Retail Org Cyberattacks Set to Soar 20% in 2019 Holiday Season
As cybercriminals grow more sophisticated and holiday shoppers continue to flock online, researchers warn internet-based retailers could face a 20 percent uptick in cyberattacks this holiday season compared to last year. In the report titled “Holiday Season Cyber Heists”, released Thursday morning....
-0.7AI Score
December 10, 2019—KB4530714 (OS Build 16299.1565)
December 10, 2019—KB4530714 (OS Build 16299.1565) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...
6.4AI Score
0.087EPSS
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA...
7.4CVSS
7.2AI Score
0.026EPSS
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA...
7.4CVSS
6.9AI Score
0.026EPSS
‘Data as property’ promises fix for privacy problems, but could deepen inequality
In mid-November, Democratic presidential hopeful Andrew Yang unveiled a four-prong policy approach to solving some of today’s thornier tech issues, such as widespread misinformation, technology dependence, and data privacy. Americans, Yang proposed, should receive certain, guaranteed protections...
-0.2AI Score
From Thousands of Security Alerts to a Handful of Insights
Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features that....
-0.2AI Score
ClamAV CVE-2019-15961 Denial of Service Vulnerability
Description ClamAV is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Versions prior to ClamAV 0.102.1 and 0.101.5 are vulnerable. Technologies Affected Cisco ClamAV 0.100 Cisco ClamAV 0.101 Cisco ClamAV 0.101.4 Cisco...
1.5AI Score
0.017EPSS
SUSE SLES12 Security Update : libcaca (SUSE-SU-2019:2745-2)
This update for libcaca fixes the following issues : Security issues fixed : CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) CVE-2018-20546: Fixed a READ.....
8.8CVSS
7.6AI Score
0.003EPSS
Plugging the Data Leak in Manufacturing
More often than not, when then the internet of things (IoT) is brought up these days, it conjures images of Alexa, Siri and Cortana. These personal assistants can help users turn on a smart light bulb, flick on the oven and get you the day’s news, all in one fell swoop. However, IoT has evolved...
0.4AI Score
November 12, 2019—KB4525241 (OS Build 16299.1508)
November 12, 2019—KB4525241 (OS Build 16299.1508) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...
7.5AI Score
0.971EPSS
October 8, 2019—KB4520008 (OS Build 17134.1069)
October 8, 2019—KB4520008 (OS Build 17134.1069) The Windows 10 April 2018 Update will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running the Windows 10 April 2018 Update starting July 16, 2019 to help ensure that these devices remain in a...
7.3AI Score
0.881EPSS
October 8, 2019—KB4519338 (OS Build 17763.805)
October 8, 2019—KB4519338 (OS Build 17763.805) Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when...
7.1AI Score
0.881EPSS
October 8, 2019—KB4520004 (OS Build 16299.1451)
October 8, 2019—KB4520004 (OS Build 16299.1451) Reminder March 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...
7.1AI Score
0.881EPSS
October 8, 2019—KB4517389 (OS Build 18362.418)
October 8, 2019—KB4517389 (OS Build 18362.418) Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Note This release also contains updates for Microsoft HoloLens (OS Build 18362.1034) released October 8, 2019. Microsoft will release an update.....
7AI Score
0.881EPSS
October 8, 2019—KB4520010 (OS Build 15063.2108)
October 8, 2019—KB4520010 (OS Build 15063.2108) IMPORTANTWindows 10 Enterprise and Windows 10 Education editions reached end of service on October 8, 2019. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10_._ Reminder March 12 and....
7.2AI Score
0.881EPSS
News overview This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently...
AI Score
Amazon Kindle, Embedded Devices Open to Code-Execution
Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose....
0.8AI Score
0.024EPSS
Emotet Resurgence Continues With New Tactics, Techniques and Procedures
The notorious banking trojan Emotet, that mysteriously disappeared over the summer, returned last month dropping a new collection of malware including information stealers, email harvesters, self-propagation mechanisms and ransomware. But since the malware returned from its hiatus, there was no...
-0.1AI Score
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...
9.8CVSS
6.9AI Score
0.007EPSS
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...
9.8CVSS
9.5AI Score
0.007EPSS
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security...
9.6AI Score
0.007EPSS
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected...
7.5CVSS
6.5AI Score
0.004EPSS
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate...
7.5CVSS
6.7AI Score
0.001EPSS
isns-utils bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
1.6AI Score
isns-utils bug fix and enhancement update
An update is available for isns-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....
2AI Score
5.24 bug fix and enhancement update
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glob, perl-Pod-Simple,...
2AI Score
perl:5.24 bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
1.6AI Score
Apple iOS < 13.2 Multiple Vulnerabilities
The version of Apple iOS running on the mobile device is prior to 13.2. It is, therefore, affected by multiple vulnerabilities. - A memory leak vulnerablity exists in the iOS Accounts, a remote attacker can exploit this using specially crafted input. (CVE-2019-8787) An authentication...
8.8CVSS
0.8AI Score
0.806EPSS
5 Reasons to Attend Qualys Security Conference 2019
Qualys is a leader in cybersecurity and one of the more recognizable and respected names in the industry. It should be. The company has been around for 20 years, and it continues to innovate and push the envelope. Later this month, Qualys will take over Bellagio Hotel in Las Vegas for the Qualys...
-0.2AI Score
U.S. Universities Get Failing Grades for DMARC Adoption
The U.S. higher education system is lagging when it comes to implementing email security – even though the segment remains a top target for phishing and spam campaigns. According to an analysis from Red Sift shared with Threatpost, only 3 percent of the top 200 schools in the 2020 WSJ/THE College.....
-0.2AI Score
About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 This document describes the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. About Apple security updates For our customers' protection,...
9.8CVSS
0.7AI Score
0.019EPSS
About the security content of iOS 13.2 and iPadOS 13.2
About the security content of iOS 13.2 and iPadOS 13.2 This document describes the security content of iOS 13.2 and iPadOS 13.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
8.8CVSS
-0.1AI Score
0.806EPSS
Threat Source newsletter (Oct. 24, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gustuff is proving...
9.2AI Score
0.038EPSS
SUSE SLED12 / SLES12 Security Update : libcaca (SUSE-SU-2019:2745-1)
This update for libcaca fixes the following issues : Security issues fixed : CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) CVE-2018-20546: Fixed a READ.....
8.8CVSS
7.6AI Score
0.003EPSS
A week in security (October 14 – 20)
Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...
AI Score
Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent
As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats. This podcast is brought to you by Code42. Threatpost talks to Tim Brown, vice president of security at...
-0.4AI Score
8.5AI Score
I Have a New Book: We Have Root
I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.) There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry...
2AI Score
High severity vulnerability that affects indico
Local file disclosure through LaTeX injection Impact An external audit of the Indico codebase has discovered a vulnerability in Indico's LaTeX sanitization code, which could have malicious users to run unsafe LaTeX commands on the server. Such commands allowed for example to read local files (e.g.....
0.6AI Score
9.8CVSS
8.5AI Score
0.02EPSS
6.5CVSS
6.8AI Score
0.002EPSS
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory...
9.1CVSS
8.8AI Score
0.018EPSS
October 3, 2019—KB4524151 (OS Build 15063.2079)
October 3, 2019—KB4524151 (OS Build 15063.2079) IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent...
7.7AI Score
0.872EPSS
October 3, 2019—KB4524147 (OS Build 18362.388)
October 3, 2019—KB4524147 (OS Build 18362.388) IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent...
7.6AI Score
0.872EPSS
Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short....
2AI Score
About the security content of macOS Catalina 10.15
About the security content of macOS Catalina 10.15 This document describes the security content of macOS Catalina 10.15. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.8CVSS
0.5AI Score
0.019EPSS
libxml2:libxml2_xml_reader_for_file_fuzzer: Heap-use-after-free in xmlTextReaderFreeNodeList
Project: https://gitlab.gnome.org/GNOME/libxml2.git Detailed Report: https://oss-fuzz.com/testcase?key=5654854260752384 Project: libxml2 Fuzzing Engine: afl Fuzz Target: libxml2_xml_reader_for_file_fuzzer Job Type: afl_asan_libxml2 Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash...
-0.5AI Score
Interview With the Guy Who Tried to Frame Me for Heroin Possession
In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession. But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses. That individual recently gave his first...
6.7AI Score
Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards
Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and iPadOS that affects third-party keyboards users may have installed for the...
0.9AI Score
0.002EPSS