Security Vulnerabilities in the RCS Texting Protocol

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...

Election Machine Insecurity Story

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across mor...

Flawed Implementation of RCS Standard putting data of millions at risk

By Waqas The Rich Communication Services RCS messaging standard is used by almost every phone carrier around the globe... This is a post from HackRead.com Read the original post: Flawed Implementation of RCS Standard putting data of millions at risk...

CVE-2011-4121

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs

Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this i...

JetBrains Rider Code Issue Vulnerability

JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A code issue vulnerability exists in JetBrains Rider versions prior to 2019.1.2. The vulnerability stems from an improperly designed or implemented code development process for a...

New York's Revenge Porn Law Is a Flawed Step Forward

All but four states in the US now have a revenge porn law on the books. But advocates say precious few get it right...

Improper Access Control

Java SE are vulnerable to improper access control. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Deployment component to gain elevated privileges. Successful attacks require human interaction from a person other than the attacker resulti...

Denial Of Service (DoS)

Java SE is vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Deployment component causing partial denial of service conditions...

A week in security (April 15 – 21)

Last week, Malwarebytes Labs revealed multiple giveaway online scam campaigns banking on the popularity and generosity of Ellen DeGeneres, weighed in on the hack that compromised legacy Microsoft email service accounts like Hotmail and MSN, explained what “like-farming” means and how to spot it o...

CAs Reissue Over One Million Weak Certificates

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half th...

keycloak: brute force protection not working for the entire login workflow

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures...

An Elon Musk Imposter, Foreign Malware Samples, and More Security News This Week

Compromised crypto, flawed SSDs, and more of the week's top security news...

CVE-2018-5871

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...

CVE-2018-11290

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, SnapdragonHighMed2016, MAC...

Code injection

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, SnapdragonHighMed2016, MAC...

CVE-2018-5871

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2348-1) (Foreshadow)

This update for the Linux Kernel 3.12.74-606488 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2367-1) (Foreshadow)

This update for the Linux Kernel 3.12.74-606466 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

CVE-2017-13092

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...