Sharing Threat Intelligence: Time for an Overhaul

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source: https://threatpost.com

May 20, 2019
Read More >>

Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP

A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.  Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module. The issue, a NIST advisory reveals, is a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The…

May 20, 2019
Read More >>

Slack Flaw Allows Hackers to Steal, Manipulate Downloads

A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user’s downloaded files. David Wells, a researcher at Tenable, discovered that version 3.3.7 of the Slack desktop app is affected by a download hijacking vulnerability that can be exploited by getting the targeted user to click on a specially crafted link pasted into a Slack channel. The…

May 17, 2019
Read More >>

Tenable Updates Free Vulnerability Assessment Solution

Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.  The tool is targeted to students, professors, and enthusiasts starting their careers in cyber-security, to help them learn about vulnerability assessments.  The company also touts the Nessus solutions as having a fast vulnerability detection, with new plugins being released within an average of 24 hours from the time of vulnerability…

May 17, 2019
Read More >>

Researchers Hack Aircraft Landing System with $600 Radios

Airplane radio navigation systems are vulnerable to manipulation using software defined radio, researchers have shown. Researchers have proven that a $600 software defined radio can be used to hack into airliners’ radio-navigation system, demonstrating a potentially dangerous flaw in the instrument-based systems that land planes ranging from private Cessna jets to large commercial airliners. A team at Northeastern University used a commercially available software defined radio (SDR) to spoof radio…

May 17, 2019
Read More >>

Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned. Microsoft’s Patch Tuesday updates for May 2019 resolve nearly 80 vulnerabilities, including a flaw that can be exploited by malware to go from one device to another similar to how WannaCry spread back in 2017. This security hole, tracked as CVE-2019-0708, impacts RDS (formerly…

May 17, 2019
Read More >>

News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source: https://threatpost.com

May 17, 2019
Read More >>