How a Facebook Bug Took Down Spotify, TikTok, and Other Major iOS Apps

Thank a tiny change to a software development kit for widespread crashes Wednesday, including the Spotify and TikTok apps...

java security update

CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Building for Billions: Addressing Security Concerns for Platforms at Scale

Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...

How to Use VSSTrace to Collect VSS Diagnostic Logging

Challenge This article explains how to collect additional VSS diagnostic data with the VSSTrace tool, a Microsoft Windows Software Development Kit SDK component. Cause Veeam products use Microsoft Volume Shadow Copy Service VSS for various tasks. Sometimes it is necessary to go through the...

ALBA-2020:1928 nodejs:12 bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes: Rebuild the nodejs:12 module for AlmaLinux 8.2 BZ1811502...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply mo...

Autodesk FBX-SDK Denial of Service Vulnerability

Autodesk FBX-SDK is a C++ software development platform and API toolkit from Autodesk USA, which is mainly used to convert existing content to FBX format. A code issue vulnerability exists in Autodesk FBX-SDK 2019.0 and prior versions. An attacker could exploit the vulnerability to cause a denial...

Secure the software development lifecycle with machine learning

Every day, software developers stare down a long list of features and bugs that need to be addressed. Security professionals try to help by using automated tools to prioritize security bugs, but too often, engineers waste time on false positives or miss a critical security vulnerability that has...

CVE-2020-2783

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

Denial Of Service (DoS)

IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit is vulnerable to Denial of Service DoS. The attack exists because it does not prevent remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

ALSA-2020:1317 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

CVE-2020-8016

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows...

CVE-2020-8016

CVE-2020-8016 is a local-privilege issue described as a race condition in the packaging of texlive-filesystem affecting SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SLED/SLES 12-SP4/12-SP5, and openSUSE Leap 15.1. The underlying problem: a race condition in linking during packagi...

Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 For more details about the security issues, including the impact, a CVSS score,...

PT-2020-10924 · Parrot · Parrot Anafi

Name of the Vulnerable Software and Affected Versions: Parrot ANAFI affected versions not specified Description: The web server running on Parrot ANAFI can be crashed due to the SDK command Common CurrentDateTime being sent to the control service with a larger than expected date length...

Consumerization: a better way to answer cybersecurity challenges

A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...

Unauthorized Access Vulnerability in Kodak Video Surveillance Devices

hereinafter referred to as KODAK is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and a wealth of video application solutions to help all kinds of government and enterprise customers to solve the visual communication and management...

Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...