
Video: General Data Protection Regulation (GDRP) – The law that lets Europeans take back their data from big tech companies
/
0 Comments
Tech companies' reign over users' personal data has run largely unchecked in the age of the internet. Europe is seeking to end that with a new law

Mitigating Buffer Overflow Attacks in Linux/Unix
A buffer overflow is the most common and the most serious threat to Linux/Unix operating systems. Buffer overflows occur when code running in unprotected memory in a buffer overwrites memory in an adjacent location.

Mac OS X Security Keychain
The keychain is a secure database store for passwords and certificates and is created for each user account on Mac OS X.  The system software itself uses keychains for secure storage.

SSD Encryption from Crucial and Samsung is not secure Exposes Data
The researchers examined multiple SSDs, including Crucial and Samsung, some of which they found could be unlocked with any password if the password validation routine in RAM was modified through a standard JTAG debugging interface.

Information Commissioner Calls for Regulation of Social Media Following Cambridge Analytica scandal
Information commissioner calls for regulation of social media following Cambridge Analytica scandal

Ruby2.3 Security Update – CVE-2018-16395 CVE-2018-16396
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:

UK’s Information Commissioner’s Office (ICO) Slap Fines on Facebook and Equifax
Facebook was fined £500,000 by the UK's Information Commissioner’s Office (ICO) for its role in the Cambridge Analytica data scandal.

Cisco WebEx Meetings Server XML External Entity (CVE-2018-18895)
Cisco Webex Meetings Server includes a version of Castor XML that is affected by XXE. Because of that Cisco WebEx Meetings Server prior to versions 2.8MR3 and 3.0MR2 patch 1 are affected from XXE vulnerability.

U-Boot verified boot bypass vulnerabilities (CVE-2018-18439, CVE-2018-18440)
Multiple techniques have been identified that allow to execute arbitrary code, within a running U-Boot instance, by means of externally provided unauthenticated data.

New PortSmash Side-Channel Vulnerability (CVE-2018-5407)
A new vulnerability being called PortSmash, (CVE-2018-5407) has been discovered impacting all CPUs that use a Simultaneous Multithreading (SMT) architecture.  SMT is a technology that allows multiple computing threads to be executed simultaneously on a CPU core.



