For as long as there’s been an internet, there’s been cybercrime. Real-world criminal activity is mirrored in our digital lives. In both worlds, you find stalking, theft, extortion, destruction of property, and scams and schemes galore. And while we condemn all cybercrime, we have to begrudgingly admit that it’s a functioning — albeit totally illegal …
Progressive web apps just got real. Though progressive web apps, or PWAs, have been around for about three years — an initiative mostly driven by Google — they got real this week when Google released Chrome 70. [ Further reading: Google’s Chromium browser explained ] The new version of Google’s web browser comes with a …
Why Microsoft and Google love progressive web appsRead More »
A vulnerability in PostgreSQL could allow an authenticated, remote attacker to gain unauthorized access to a targeted system. The vulnerability is due to improper authorization checks of statements involving INSERT … ON CONFLICT DO UPDATE by the affected software. An attacker with CREATE TABLE privileges could exploit this vulnerability on a targeted system. A successful …
PostgreSQL INSERT … ON CONFLICT DO UPDATE Improper Authorization VulnerabilityRead More »
A vulnerability in the Splunkd daemon of Splunk could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper processing of HTTP requests by the Splunkd daemon of the affected software. An attacker could exploit this vulnerability by sending an HTTP request …
Splunk Splunkd HTTP Request Processing Denial of Service VulnerabilityRead More »
A vulnerability in the Django App component of Splunk could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious directory traversal characters …
A vulnerability in the Splunkd daemon of Splunk could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper processing of HTTP requests by the Splunkd daemon of the affected software. An attacker could exploit this vulnerability by sending an HTTP request …
Splunk Splunkd HTTP Request Processing Denial of Service VulnerabilityRead More »
A vulnerability in Splunk Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to …
Splunk Web Interface Cross-Site Scripting VulnerabilityRead More »
The regular prescription lenses can change to bifocals and back again at the touch of a button. Source:: BBC News – Technology
Alternative rural UK ISP Gigaclear is still reeling from the embarrassment of having to make a public apology for the “significant” delays to their roll-out of “full fibre” (FTTP) ultrafast broadband in Devon and Somerset (here). The bad news is they’ve now also had to do the same for Northamptonshire. Last week’s announcement noted that …
Gigaclear’s FTTP Broadband Delays Spread to NorthamptonshireRead More »
A vulnerability in Apache Traffic Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a segmentation fault that could occur when the affected software processes an invalid Transport Layer Security (TLS) handshake. An attacker could exploit this vulnerability by sending …
Apache Traffic Server TLS Handshake Processing Denial of Service VulnerabilityRead More »
Today, Amazon Connect is introducing support for using AWS Identity and Access Management (IAM) service-linked roles, a new type of IAM role that allows you to easily delegate permissions to AWS services. Source:: Amazon AWS
A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the …
libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018Read More »
A Which? investigator was hired to write high-rated reviews online in return for free goods. Source:: BBC News – Technology
Tech Events Event Description Starts Ends Location IT Roadmap This one-day event focused on powering the agile enterprise looks at the latest approaches to make IT more responsive, nimble, and robust. 2018-11-15 2018-11-15 Fort Worth, TX AWS re:Invent AWS Re:invent is Amazon’s opportunity to update IT and business leaders on the latest features of its …
Tech calendar 2018-19: Upcoming events of interest to IT prosRead More »
A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a type confusion condition that exists in the drivers/tty/n_tty.c source code file of the affected software. A local attacker on a pseudoterminal could exploit this vulnerability to …
Linux Kernel drivers/tty/n_tty.c Denial of Service VulnerabilityRead More »
A vulnerability in the spring-messaging module in Spring Framework could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software allows a memory-based Simple/Streaming Text Orientated Messaging Protocol (STOMP) broker to expose STOMP over WebSocket endpoints. An attacker could exploit the vulnerability by sending a …
Pivotal Software Spring Framework STOMP Broker Arbitrary Code Execution VulnerabilityRead More »
The Banking in Motion 2018 summit takes place next week in Prague where Avast Head of Mobile Threat Intelligence & Security Nikolaos Chrysaidos will take part in a panel discussion on “Responding to Challenges of Customer Centricity.” You can stream the presentation online or, better yet, drop by in person if you’re nearby. Source:: Avast
You can now use AWS PrivateLink in AWS GovCloud (US) Region. AWS PrivateLink allows you to privately access services hosted on AWS, in a highly available and scalable manner, without using public IPs, and without requiring the traffic to traverse the Internet. AWS PrivateLink is available in US East (N. Virginia), US East (Ohio), US …
Introducing AWS PrivateLink in the AWS GovCloud (US) RegionRead More »
Sir Nick Clegg talks about how he got his new Facebook job and what he will be doing for the social media giant. Source:: BBC News – Technology
Last December, as we looked ahead at the trends that would shape the coming year, Data Center Frontier noted that “2018 is shaping up as a big year for sale-leaseback deals, due to the increased number of properties available and more potential buyers pursuing these types of deals.” That projection has been borne out, with …
Sale-Leaseback Emerges as a Portfolio Building StrategyRead More »
