Multiple Vulnerabilities in WPA3 Protocol

Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#871675 for more information and refer to vendors for appropriate updates, when available. This product is provided…

April 12, 2019
Read More >>

Limit on big ships in Houston raises concerns

A new rule at the Port of Houston will limit calls from container ships larger than 9,000 TEU to once per week. Photo credit: Port of Houston Authority. The Port of Houston says its decision to limit the calls of 9,000-TEU-plus ships to one a week won’t hamper the port’s volumes, but transportation providers and packagers supporting resin exporters, expecting a surge in shipments, aren’t convinced. The rule limits containerized…

April 12, 2019
Read More >>

Here we go again… Sensitive Facebook Data Leaked By Third Party App Through AWS S3

April 12, 2019 Here we go again… Sensitive Facebook Data Leaked By Third Party App Through AWS S3 UpGuard reported last week that sensitive data retrieved from Facebook by third party apps was leaked through AWS S3 – 540 million user records got breached). In the past, we’ve seen similar sensitive data leaks through AWS S3 such as the Verizon breach, the GOP voter data breach and the Uber breach. Leaving aside the ethics of…

April 12, 2019
Read More >>

US-CERT, CISA Warn of Vuln in at Least 4 Major VPNs

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2017-14199PUBLISHED: 2019-04-12 A buffer overflow has been found in the Zephyr Project’s getaddrinfo() implementation in 1.9.0 and 1.10.0. CVE-2018-6239PUBLISHED: 2019-04-12 NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3….

April 12, 2019
Read More >>