Feed aggregator

Undisclosed Debt Sustainability

Harvard Business School Working Knowledge - Mon, 10/14/2019 - 00:00
Presenting a scenario in which non-Paris Club lending and borrowing is fully disclosed, this study illustrates that transparency has potential effects of decreased debt sustainability for investors such as China, and significant welfare gains for recipient countries. Effects are particularly strong if the debt is large.by Laura Alfaro and Fabio Kanczuk9329Laura Alfaro6629Working Paper Summaries

APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu

Security Updates from SECLISTS - Sun, 10/13/2019 - 17:53

Posted by Apple Product Security on Oct 13

APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu

Swift 5.1.1 for Ubuntu is now available and addresses the following:

Foundation
Available for: Ubuntu 14.04, 16.04 and 18.04
Impact: Incorrect management of file descriptors in URLSession could
lead to inadvertent data disclosure
Description: This issue was addresses by updating incorrect
URLSession file descriptors management logic to match Swift 5.0.
CVE-2019-8790: Apple

Installation note:

Swift...

[SECURITY] [DSA 4539-3] openssl regression update

Security Updates from SECLISTS - Sun, 10/13/2019 - 17:49

Posted by Salvatore Bonaccorso on Oct 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4539-3 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
Debian Bug : 941987

The update for openssl...

[SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

Security Updates from SECLISTS - Thu, 10/10/2019 - 07:56

Posted by matthias . deeg on Oct 10

Advisory ID: SYSS-2019-033
Product: Designer Bluetooth Desktop
Manufacturer: Microsoft
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS...

[SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

Security Updates from SECLISTS - Thu, 10/10/2019 - 07:53

Posted by matthias . deeg on Oct 10

Advisory ID: SYSS-2019-034
Product: Surface Keyboard
Manufacturer: Microsoft
Affected Version(s): WS2-00005
Tested Version(s): WS2-00005
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS...

[SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

Security Updates from SECLISTS - Thu, 10/10/2019 - 07:49

Posted by matthias . deeg on Oct 10

Advisory ID: SYSS-2019-035
Product: Surface Mouse
Manufacturer: Microsoft
Affected Version(s): WS3-00002
Tested Version(s): WS3-00002
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)...

Birds of a Feather ... Enforce Social Norms? Interactions Among Culture, Norms, and Strategy

Harvard Business School Working Knowledge - Thu, 10/10/2019 - 00:00
Does culture eat strategy for breakfast? By analyzing the role of a company's social norms—how they develop and why people reinforce them, despite their personal beliefs—this paper offers new insights about the power of culture.by Hongyi Li and Eric J. Van den Steen9327Eric J. Van den Steen301858Working Paper Summaries

Vote Choice Formation and the Minimal Effects of TV Debates

Harvard Business School Working Knowledge - Thu, 10/10/2019 - 00:00
TV debates offer ample fodder for political pundits, but do they sway voters? Using voter data from 61 elections in nine countries, the team behind this paper sheds light on the most important factors behind election outcomes.by Caroline Le Pennec and Vincent Pons9328Vincent Pons736825Working Paper Summaries

PBS Professional MoM Authentication Bypass (CVE-2019-15719)

Security Updates from SECLISTS - Wed, 10/09/2019 - 04:38

Posted by john on Oct 09

===========================================================
PBS Professional MoM Authentication Bypass (CVE-2019-15719)
===========================================================

* Software: PBS Professional
* Affected Versions: All versions up to and including 19.2.3
* Vendor: Altair Engineering, Inc
* CVE Reference: CVE-2019-15719
* Severity: CVSS 9.0 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H]
* Author: John Fitzpatrick
* Date: 2019-10-08...

For Better Ideas, Bring the Right People to the Brainstorm

Harvard Business School Working Knowledge - Wed, 10/09/2019 - 00:00
Better ideas emerge when extroverts and people open to new experiences put their heads together, according to research by Rembrand M. Koning. But what about introverts?by Michael Blanding9326Rembrand M. Koning876389Research & Ideas

[SECURITY] [DSA 4539-2] openssh regression update

Security Updates from SECLISTS - Tue, 10/08/2019 - 08:44

Posted by Salvatore Bonaccorso on Oct 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4539-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
Debian Bug : 941663

A change introduced in...

APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1

Security Updates from SECLISTS - Tue, 10/08/2019 - 08:41

Posted by Apple Product Security on Oct 08

APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1

iTunes for Windows 12.10.1 is now available and addresses the
following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

WebKit
Available for:...

APPLE-SA-2019-10-07-3 iCloud for Windows 10.7

Security Updates from SECLISTS - Tue, 10/08/2019 - 08:36

Posted by Apple Product Security on Oct 08

APPLE-SA-2019-10-07-3 iCloud for Windows 10.7

iCloud for Windows 10.7 is now available and addresses the following:

UIFoundation
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative...

APPLE-SA-2019-10-07-1 macOS Catalina 10.15

Security Updates from SECLISTS - Tue, 10/08/2019 - 08:33

Posted by Apple Product Security on Oct 08

APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 is now available and addresses the following:

AMD
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory...

APPLE-SA-2019-10-07-4 iCloud for Windows 7.14

Security Updates from SECLISTS - Tue, 10/08/2019 - 08:30

Posted by Apple Product Security on Oct 08

APPLE-SA-2019-10-07-4 iCloud for Windows 7.14

iCloud for Windows 7.14 is now available and addresses the following:

UIFoundation
Available for: Windows 7 and later
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's
Zero Day Initiative

WebKit
Available for: Windows...

[SECURITY] [DSA 4541-1] libapreq2 security update

Security Updates from SECLISTS - Mon, 10/07/2019 - 06:11

Posted by Salvatore Bonaccorso on Oct 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-4541-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libapreq2
CVE ID : CVE-2019-12412
Debian Bug :...

[SECURITY] [DSA 4542-1] jackson-databind security update

Security Updates from SECLISTS - Mon, 10/07/2019 - 06:07

Posted by Sebastien Delafond on Oct 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-4542-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
October 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackson-databind
CVE ID : CVE-2019-12384...

CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE

Security Updates from SECLISTS - Mon, 10/07/2019 - 06:03

Posted by Imre Rad on Oct 07

IcedTeaWeb is an open source implementation of JSR-56 that is better
known as Java Web Start.
It is currently maintained by RedHat and is included into the Windows
packages of OpenJDK by default.

"Three security issues were found in ITW, and have been discussed and
are going to be fixed.
Those are CVE-2019-10185 CVE-2019-10181 CVE-2019-10182"

The vulnerabilities described below could be exploited by man in the
middle attackers or...

How Companies Can Make Up with (Very) Unhappy Customers

Harvard Business School Working Knowledge - Mon, 10/07/2019 - 00:00
It happens to the best of companies. One fine day a public relations nightmare explodes and shatters your hard-won trust with customers. What should you do next?by Sean Silverthorne9294Sharpening Your Skills

CA20190930-01: Security Notice for CA Network Flow Analysis

Security Updates from SECLISTS - Fri, 10/04/2019 - 04:40

Posted by Kevin Kotas on Oct 04

CA20190930-01: Security Notice for CA Network Flow Analysis

Issued: September 30th, 2019

CA Technologies, a Broadcom Company, is alerting customers to a
potential risk with CA Network Flow Analysis. A vulnerability exists
that can allow a remote attacker to execute arbitrary commands. CA
published a solution to address the vulnerabilities and recommends
that all affected customers implement this solution.

The vulnerability, CVE-2019-13658,...

Pages