Mobile Security: Why App Stores Don’t Keep Users Safe
3/24/2016In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
Post a Comment
Author
Profile of Avi Bashan
Senior Security Researcher, Check Point News & Commentary Posts: 1Avi Bashan is a technology leader at Check Point and former senior security researcher and CISO at Lacoon Mobile Security. With more than 10 years of experience in the mobile, networking, and security industries, Avi is one of the main figures in the research and engineering aspects of the company. Prior to Lacoon, Avi was a leading security consultant at Comsec, working with Fortune 500 firms on their vulnerability management processes. He spent four and a half years in the Israeli Defense Force. Avi holds a B.Med.Sc from the Hebrew University of Israel in Medical Studies.
Articles by Avi Bashan
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is our most effective security awareness training tool yet!"
Latest Comment: "This is our most effective security awareness training tool yet!"
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This