CVE-2018-11086

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin...

Design/Logic Flaw

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access...

CVE-2018-12163

Intel IoT Developers Kit 4.0 installer contains a DLL-injection vulnerability that could allow an authenticated local user to escalate privileges by modifying files during install. Affected: Intel IoT Developers Kit 4.0 and earlier. Root cause: DLL injection in the installer process enabling priv...

Intel® IoT Developers Kit Permissions Advisory

Summary: A potential security vulnerability in Intel® IoT Developers Kit may allow escalation of privilege. Intel is releasing IoT Developers Kit updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12163 Description: A DLL injection vulnerability in the Intel...

Open .Git Directories Leave 390K Websites Vulnerable

A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that can expose a range of sensitive information. Researcher Vladimír Smitka at Lynt Services performed the scan, starting first in his native Czech...

[SECURITY] Fedora 28 Update: python34-3.4.9-2.fc28

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python34-3.4.9-2.fc27

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 28 Update: python35-3.5.6-1.fc28

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python35-3.5.6-1.fc27

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

Security Bulletin: IBM Dojo Toolkit XSS vulnerability affecting Rational Business Developer v8.0

Summary IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rational Business Developer includes the affected files in 8.0.x releases, but does not use them. This security bulletin intends to provide information on this vulnerability and...

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

Researchers have found up to 145 Android apps on the Google Play store infected by malicious Microsoft Windows executable files capable of planting key-loggers on Windows systems. Researchers at Palo Alto Networks’ Unit 42 said Monday that they suspect that the Android app developers involved wer...

[SECURITY] Fedora 27 Update: python-cryptography-2.3-1.fc27

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

[SECURITY] Fedora 28 Update: python-cryptography-2.3-1.fc28

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

EU Cybersecurity Act IoT FAIL

The EU recently announced that its plans for a Cybersecurity Act had been backed by industry committee MEPs. This was a significant opportunity for consumer IoT security to be regulated and resolve the current mess. Sadly, they’ve stopped short and made the code voluntary for all but certain...

EU Fines Google Record $5 Billion in Android Antitrust Case

Google has been hit by a record-breaking $5 billion antitrust fine by the European Union regulators for abusing the dominance of its Android mobile operating system and thwarting competitors. That's the largest ever antitrust penalty. Though Android is an open-source and free operating system,...

Google admits third-party app developers read your Gmail emails

By Waqas Google says third-party developers can read your Gmail because you This is a post from HackRead.com Read the original post: Google admits third-party app developers read your Gmail emails...

Password-Guessing Was Used to Hack Gentoo Linux Github Account

Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content in compromis...

Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!

Reminder—If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails. When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal...

Facebook Admits Sharing Users' Data With 61 Tech Companies

Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users' data after publicly saying it had restricted outside companies to access such data back in 2015. It's an unusual clear view of how the largest social networking site manages your...

Bug Bounty Programs Turn Attention to Data Abuse

More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say. On the heels of Facebook’s Cambridge-Analytica scandal in March, the social media giant launched a “Data Abuse...