Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests ...

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...

Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software

Summary Node.js November 2020 Security Releases Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS...

Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process

Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities developed by third parties – that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon...

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive...

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

CVE-2021-23975

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects...

Fedora: Security Advisory for python36 (FEDORA-2021-3352c1c802)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has...

New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x8664 and the iPhone maker's M1 processors. However, the ultimate goal of th...

CVE-2021-3412

A flaw was found in the 3scale developer portal, where it lacked brute force protections. This flaw allows an attacker to use this gap to bypass login controls and access privileged information, or possibly conduct further attacks. The highest threat from this vulnerability is to confidentiality,...

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit SDK could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research ATR team today, which found the aforementioned...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for AIX and Linux - July 2020.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in July 2020 CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2019-17639 or deferred...

Malicious Barcode Scanner App

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. Its been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious...

openSUSE Security Update : opera (openSUSE-2021-296)

This update for opera fixes the following issues : - Update to version 74.0.3911.107 - CHR-8311 Update chromium on desktop-stable-88-3911 to 88.0.4324.150 - DNA-90329 Implement clientcapabilities negotiation for Flow / Sync - DNA-90560 Search Tabs Open Tabs On Top - DNA-90620 Add opauto tests for...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i - July 2020.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by Rational Developer for i. These issues were disclosed as part of the IBM Java SDK updates in July 2020 CVE-2020-14579, CVE-2020-14578, CVE-2020-14577 or deferred from the IBM Java SDK update...

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...

Debian DSA-4846-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation. - CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome. - CVE-2021-21118 Tyler Nighswander discover...