Pumping the Brakes on Artificial Intelligence

While the push-pull between defenders and attackers using artificial intelligence continues, there’s another security dimension to machine intelligence that should be of concern. Just as the rise of IoT devices has created an inadvertent new threat surface ripe for introducing vulnerabilities, so...

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that...

FreeBSD : bitcoin -- Denial of Service and Possible Mining Inflation (40a844bf-c430-11e8-96dc-000743165db0)

Bitcoin Core reports : CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as wel...

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

Twitter Flaw Exposed Direct Messages To External Developers

Twitter on Friday said that a recently-patched bug in its platform enabled software developers to read users’ private direct messages or protected tweets. The bug ran from May 2017 until it was discovered on September 10 – after which Twitter patched the glitch to prevent data from being...

CVE-2018-11086

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin...

Design/Logic Flaw

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access...

CVE-2018-12163

Intel IoT Developers Kit 4.0 installer contains a DLL-injection vulnerability that could allow an authenticated local user to escalate privileges by modifying files during install. Affected: Intel IoT Developers Kit 4.0 and earlier. Root cause: DLL injection in the installer process enabling priv...

Intel® IoT Developers Kit Permissions Advisory

Summary: A potential security vulnerability in Intel® IoT Developers Kit may allow escalation of privilege. Intel is releasing IoT Developers Kit updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12163 Description: A DLL injection vulnerability in the Intel...

Open .Git Directories Leave 390K Websites Vulnerable

A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that can expose a range of sensitive information. Researcher Vladimír Smitka at Lynt Services performed the scan, starting first in his native Czech...

[SECURITY] Fedora 28 Update: python34-3.4.9-2.fc28

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python34-3.4.9-2.fc27

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 28 Update: python35-3.5.6-1.fc28

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python35-3.5.6-1.fc27

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

Security Bulletin: IBM Dojo Toolkit XSS vulnerability affecting Rational Business Developer v8.0

Summary IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rational Business Developer includes the affected files in 8.0.x releases, but does not use them. This security bulletin intends to provide information on this vulnerability and...

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

Researchers have found up to 145 Android apps on the Google Play store infected by malicious Microsoft Windows executable files capable of planting key-loggers on Windows systems. Researchers at Palo Alto Networks’ Unit 42 said Monday that they suspect that the Android app developers involved wer...

[SECURITY] Fedora 27 Update: python-cryptography-2.3-1.fc27

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

[SECURITY] Fedora 28 Update: python-cryptography-2.3-1.fc28

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

EU Cybersecurity Act IoT FAIL

The EU recently announced that its plans for a Cybersecurity Act had been backed by industry committee MEPs. This was a significant opportunity for consumer IoT security to be regulated and resolve the current mess. Sadly, they’ve stopped short and made the code voluntary for all but certain...