News Clipping


Serious code-execution vulnerability in WinRAR [source: 360totalsecurity]

A security vulnerability was discovered recently in WinRAR, affecting over 500 millions of users worldwide. Due to the flaw residing in UNACEV2.dll code base that WinRAR uses to extract files from archives packed with the ACE format, hackers can not only bypass the access control to gain high system privileges,...

Read more


Windows 10 Update – Performance Fix for Spectre Bug[bleepingcomputer]

Microsoft has released the Windows 10 KB4482887 cumulative update for build 1809 that includes numerous fixes including Retpoline Spectre mitigation, a fix for an annoying Action Center bug, and numerous other bug fixes. This update is available to all Windows 10 October 2018 Update (build 1809) users and can be installed through Windows Update....

Read more


40% of malicious URLs were found on good domains [source: helpnetsecurity]

While tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals, according to the 2019 Webroot Threat Report. 40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level...

Read more


The AI Talent Gap: Locating Global Data Science Centers [source: gigaom]

Good AI talent is hard to find. The talent pool for anyone with deep expertise in modern artificial intelligence techniques is terribly thin. More and more companies are committing to data and artificial intelligence as their differentiator. The early adopters will quickly find difficulties in determining which data science expertise meets their...

Read more


Password Managers Can Be Vulnerable to Malware Attacks [source: pcmag]

Password managers are a useful way to keeping your internet accounts safe. But the software that runs them isn’t always perfect. According to new research, four popular password managers for Windows 10 can actually leak your login credentials to the PC’s memory. That’s bad news in the event your computer has been secretly...

Read more


CISCO addresses DoS bugs in CISCO ESA products [securityaffairs]

Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453  has been rated as “critical,” it is a memory corruption...

Read more


OWASP Secure Coding Practices Checklist [informationsecuritycontrol]

Input Validation 1. Conduct all data validation on a trusted system (e.g., The server) 2. Identify all data sources and classify them into trusted and untrusted. Validate all data from untrusted sources (e.g., Databases, file streams, etc.) 3. There should be a centralized input validation routine for the application 4. Specify proper character sets, such as UTF-8,...

Read more


Page 5 of 52« First...34567...102030...Last »