Oct 20, 2019 Application Security This Week for October 20 Here is a good writeup on the overflow error found in libssh2 https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ Speaking of bugs in old software, here's one in sudo. https://www.openwall.com/lists/oss-security/2019/10/14/1 Using data analysis to further research into malware sources, with PDB paths. Pretty neat! https://www.fireeye.com/blog/threat-research/2019/10/definitive-dossier-of-devilish-debug-details-part-deux.html And in IoT security news, the Catholic church's eRosery (no I'm not kidding) has a number of significant flaws. https://www.msn.com/en-us/news/technology/vatican-s-wearable-rosary-gets-fix-for-app-flaw-allowing-easy-hacks/ar-AAIZICz?ocid=ARWLCHR https://www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/ That's the news, folks!