We are living in an age of social media boom where fake news, driven by social media managers filled with hubris, dominates our timelines. When talking about social networking sites, the one name that pops up first is Facebook – the platform that changed how the world stays connected and a massive purveyor of fake news. Moreover, it is hard to find too many people who are...
Read More
Good AI talent is hard to find. The talent pool for anyone with deep expertise in modern artificial intelligence techniques is terribly thin. More and more companies are committing to data and artificial intelligence as their differentiator. The early adopters will quickly find difficulties in determining which data science expertise meets their needs. And the AI talent? If you are not Google, Facebook, Netflix, Amazon, or Apple,...
Read More
Password managers are a useful way to keeping your internet accounts safe. But the software that runs them isn’t always perfect. According to new research, four popular password managers for Windows 10 can actually leak your login credentials to the PC’s memory. That’s bad news in the event your computer has been secretly taken over by malware; a hacker could potentially snatch up the sensitive data when the password...
Read More
Description: Adobe has released security updates to address a vulnerability in ColdFusion. These updates resolve a critical vulnerability that could lead to arbitrary code execution in the context of the running ColdFusion service. Adobe is aware of a report that CVE-2019-7816 has been exploited in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the...
Read More
Description: Cisco has released security updates to address vulnerabilities in multiple Cisco products. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a...
Read More
Description: OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q Impact: An attacker could exploit this vulnerability to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.openssl.org/news/secadv/20190226.txt
Description: Drupal has released security updates to address a vulnerability in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-003
GlobeImposter 2.0 র্যানসমওয়্যার কি : সাইবার সিকিউরিটি গবেষকগন ২০১৮ সালে প্রথম GlobeImposter র্যানসমওয়্যার এর উপস্থিতি লক্ষ করেন যা GlobeImposter 1.0 নামে পরিচিত। কিন্তু বর্তমানে এর একটি নতুন সংস্করণ GlobeImposter 2.0 র্যানসমওয়্যার প্রকাশিত হয়েছে এবং দ্রুত সারা বিশ্বে ছড়িয়ে পড়েছে। এই সাম্প্রতিক আক্রমণে, সংক্রামিত কম্পিউটার সিস্টেম এর বিভিন্ন ফাইলগুলি এনক্রিপ্ট হচ্ছে, যা পুনরুদ্ধারের জন্য হ্যাকাররা অর্থ দাবি করছে। GlobeImposter 2.0 ফাইল এনক্রিপ্ট করার জন্য RSA +...
Read More
Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453 has been rated as “critical,” it is a memory corruption bug caused by improper input validation in emails signed with Secure/Multipurpose Internet Mail Extensions (S/MIME)....
Read More
Input Validation 1. Conduct all data validation on a trusted system (e.g., The server) 2. Identify all data sources and classify them into trusted and untrusted. Validate all data from untrusted sources (e.g., Databases, file streams, etc.) 3. There should be a centralized input validation routine for the application 4. Specify proper character sets, such as UTF-8, for all sources of input 5. Encode data to a common character set before validating (Canonicalize) 6. All validation...
Read More
