cURL CVE-2018-1000300 Heap Buffer Overflow Vulnerability

Posted by InfoSec News on Oct 18

By Iain Thomson
The Register
18 Oct 2018

An Equifax executive -- who knew the biz had been hacked before it was
made public and banked over $75,000 in stock trades using this inside
knowledge -- has avoided jail.

Sudhakar Reddy Bonthu, formerly a software product development manager for
Equifax’s Global Consumer Services team, admitted to learning that hackers
have made...

Posted by InfoSec News on Oct 18

By Jessica Davis
Healthcare IT News
October 17, 2018

The Food and Drug Administration and Department of Homeland Security
signed a memorandum of agreement to improve coordination around medical
device security, including a framework.


While the two federal agencies have worked together in the past to improve

Posted by InfoSec News on Oct 18

By Jon Fingas
October 18, 2018

Many companies have developed patches to mitigate Meltdown- and
Spectre-like speculative memory attacks. However, they can come with
compromises: they can leave major gaps and still slow down your system.
MIT researchers may have a better way. They've developed a new method,
Dynamically Allocated Way Guard (yes, DAWG is on...

Posted by InfoSec News on Oct 18

By Ms. Smith
OCT 17, 2018

Bad timing, bad luck or heartless baddies -- maybe all three came into
play when a critical water utility in North Carolina, which was still
recovering from Hurricane Florence, was brought to its knees by a
ransomware attack.

Despite still dealing with the aftermath of Hurricane...

Posted by InfoSec News on Oct 18

By: Sean Michael Kerner
October 18, 2018

Oracle's final Critical Patch Update (CPU) for 2018 is now available,
patching 301 vulnerabilities spread across Oracle's product portfolio.

Of the 301 vulnerabilities, 49 are rated with a CVSS (Common
Vulnerabilities Security Scoring) score of 9.0 or higher, with only a
single issue garnering the...

Posted by InfoSec News on Oct 18

By Gertrude Chavez-Dreyfuss
Cyber Risk
October 18, 2018

NEW YORK (Reuters) - When Peggy and Marco Lachmann-Anke learned in January
that hackers cracked a 40-character password and cleaned out their
cryptocurrency wallet, they did not go to the police or alert the tokens’
issuer, the...

Posted by InfoSec News on Oct 18

By Joseph Marks,
Senior Correspondent
October 18, 2018

Only about 76 percent of civilian government websites are protected by
advanced encryption tools more than eight months after a Homeland Security
Department deadline, according to figures shared by the department.

That's an improvement from just 54...
Internet Storm Center Infocon Status