Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
Monthly Archives: December 2015
CVE-2015-7222 (firefox, firefox_esr)
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
CVE-2015-7223
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
N3XT — Advanced CHIP that Could Make Your Computer 1000 Times Faster
Researchers have come up with an all new way to revolutionize the standard computer chip that comes inbuilt in all our electronics.
Researchers from Carnegie Mellon, Stanford, and the University of California, Berkeley among others, have invented a new material that could replace the ‘silicon’ in conventional chips – built in all electronic devices – making the device’s processing speed
Man arrested in connection with VTech data breach
Authorities in the UK have announced that a 21-year-old man has been arrested in connection with the major data breach at VTech in November.
The post Man arrested in connection with VTech data breach appeared first on We Live Security.
British Intelligence Open-Sources its Large-Scale Graph Database Software
UK’s Secretive Spy Agency Government Communications Headquarters (GCHQ) has open-sourced one of its tools on code-sharing website GitHub for free…
A graph database called ‘Gaffer.’
Gaffer, written in Java, is a kind of database that makes it “easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms and sketches.”
<!– adsense –>
FreeBSD-SA-15:27.bind
Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals
Billions of dollars are spent in securing business operations, and yet attackers still find ways to breach a network.
With the ever increasing growth in security attacks across all threat vectors, you should consider these New Year’s resolutions to help solve your security challenges in 2016:Take stock of what you have
Segment your Network
Setup controls with ACLs
Secure protocols, network ports,
CESA-2015:2653 Moderate CentOS 7 grub2 SecurityUpdate
CentOS Errata and Security Advisory 2015:2653 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2623.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8603042073286061d4ec3757b5e940aa5e5bbfca1f7f114d8cbaf9e3d27db4e7 grub2-2.02-0.33.el7.centos.1.x86_64.rpm e2985a01c8c879c855eee9cb61e57ac509ceebc56f6911ee981465e4709e8430 grub2-efi-2.02-0.33.el7.centos.1.x86_64.rpm f0c0fe813776cc3b948f87fbbe82370f7944babf2ce22d4328379a46f5b2eb7c grub2-efi-modules-2.02-0.33.el7.centos.1.x86_64.rpm 2448ae6c196944fa938a34112fa77d37726ba92db51c362fe1b21c905c43f265 grub2-tools-2.02-0.33.el7.centos.1.x86_64.rpm Source: e729b0d48dd2f3ca80b2fccf2defa3bd39b3e541b525bc89d56cbef9c6d0396e grub2-2.02-0.33.el7.centos.1.src.rpm
The Connected Car: Your Smartphone’s Biggest Accessory and Security Threat
Over the last few years, technology’s merger with the auto industry has materialized in the form of advanced digital dashboards and mobile OS integration. While adoption has been slow, car manufacturers have been attempting to fill dashboards with Silicon Valley-grade technology, including Apple’s CarPlay and Google’s Android Auto.
Defying the status quo, Tesla has continuously outperformed traditional automakers since its inception. The fully electric sedan comes standard with a gigantic screen on the car’s console, resembling the cockpit of commercial airliners. Additionally, and perhaps most similar to the mobile OS’s consumers have grown accustomed to, the Tesla performs over-the-air software updates. Most recently, Tesla rolled out (and rescinded parts of) its ‘Autopilot’ feature in Model S sedans. The feature allows drivers to sit back and watch as the car drives itself using various sensor and GPS technologies.
Tesla isn’t the only company integrating this technology, among others, into their cars. Even before they released the ‘Autopilot’ feature, Google unleashed a squadron of driverless cars that can be seen testing their abilities (and getting pulled over for going too slow) around Silicon Valley. Apple has owned technology headlines for months as rumors of car development continue to surface for the first time since Walter Isaacson’s biography on late CEO Steve Jobs hit the shelves back in 2011. But it’s not only Silicon Valley giants like Tesla, Apple and Google that are developing technology and cars for the driverless era as automakers like Volvo and Ford have also thrown their names into the ring.
Other IoT features continue to make their way into consumers’ driveways. Many cars in the new Chevrolet lineup offer 4G connectivity on the road. Third-party dashboard accessory makers like Pioneer, Kenwood, and Alpine are developing add-ons for older cars wishing they had access to Apple’s Carplay and Google’s Android Auto. And several automotive giants are capitalizing on new device categories like smartwatches to provide a more simple and technological experience for their car-owners.
With the addition of connectivity in cars, drivers and passengers alike need to think about their physical safety and digital safety. As we’ve seen in the news recently, namely in a July Wired article, certain cars can be hacked and completely controlled remotely. Scary, yes, but that covers just the surface of security threats. Like every other IoT device, the data a connected car will produce is vulnerable to cybercrime. Picture driving down Main St. and passing your favorite pizza shop on your way to work in the morning, the same route you take every day. It’s Thursday, which means Pizza Night for the family. As you drive by, a coupon for two free extra toppings and a 2-litre soda bottle with any large pizza order appears on your dashboard or windshield, valid only tonight. Seemingly magically, based on past patterns, your IoT car knew to offer you a coupon for this pizza parlor on the night you’d need it.
A connected car has the potential to be your smartphone’s biggest and greatest accessory, but it also inherently comes with major security vulnerabilities, like the rest of the IoT, that need to be addressed. Currently, traditional car companies are researching and developing their own self-driving/connected cars. Technology companies like Apple and Google, along with other rumored giants, are following suit. But a recent poll out of WEF and Boston Consulting Group, showed that 69 percent of consumers (6,000 polled from 10 different countries) want automakers and tech giants to work together to create the next big thing in automobiles. As awareness of the IoT, its vulnerabilities and connected cars grows, I see this number rising. What’s important is that the integration of security also grows, so we can help usher in the future we all want, as safe as it can be.
