โ Thousands of Android apps contain undocumented backdoors, study finds โ
๐ Read
via "Naked Security".
A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldnโt expect to exist.๐ Read
via "Naked Security".
Naked Security
Thousands of Android apps contain undocumented backdoors, study finds
A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldnโt expect to exist.
๐ด 9 Security Podcasts Worth Tuning In To ๐ด
๐ Read
via "Dark Reading: ".
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.๐ Read
via "Dark Reading: ".
Dark Reading
9 Security Podcasts Worth Tuning In To
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
โ Two schoolkids sue Google for collecting biometrics โ
๐ Read
via "Naked Security".
The suit is about biometrics and children's privacy in Google's education apps, which are suddenly, wildly popular now due to COVID-19.๐ Read
via "Naked Security".
Naked Security
Two schoolkids sue Google for collecting biometrics
The suit is about biometrics and childrenโs privacy in Googleโs education apps, which are suddenly, wildly popular now due to COVID-19.
โ Twitter warns users โ Firefox might hold on to private messages โ
๐ Read
via "Naked Security".
Whose fault was it - Twitter or Firefox? (It's fixed now, to be clear.)๐ Read
via "Naked Security".
Naked Security
Twitter warns users โ Firefox might retain private messages
Whose fault was it โ Twitter or Firefox? (Itโs fixed now, to be clear.)
๐ BlackBerry: Chinese cybercriminals target high-value Linux servers with weak defenses ๐
๐ Read
via "Security on TechRepublic".
Five APT groups have been using remote access trojans to take advantage of a network component that doesn't get much attention from security teams.๐ Read
via "Security on TechRepublic".
TechRepublic
BlackBerry: Chinese cybercriminals target high-value Linux servers with weak defenses
Five APT groups have been using remote access trojans to take advantage of a network component that doesn't get much attention from security teams.
๐ Cybercriminals increasingly using SSL certificates to spread malware ๐
๐ Read
via "Security on TechRepublic".
Enterprises that don't perform adequate SSL inspections are now at a much higher risk to be breached or attacked, according to a Menlo Security report.๐ Read
via "Security on TechRepublic".
TechRepublic
Cybercriminals increasingly using SSL certificates to spread malware
Enterprises that don't perform adequate SSL inspections are now at a much higher risk to be breached or attacked, according to a Menlo Security report.
๐ Zoom's security flaws: Has it done enough to fix them? ๐
๐ Read
via "Security on TechRepublic".
As millions have flooded Zoom because of COVID-19, the site became a prime target for hackers. Here is how the company responded, and whether security experts think it's adequate.๐ Read
via "Security on TechRepublic".
TechRepublic
Zoom's security flaws: Has it done enough to fix them?
As millions have flooded Zoom because of COVID-19, the site became a prime target for hackers. Here is how the company responded, and whether security experts think it's adequate.
โ Official Government COVID-19 Mobile Apps Hide a Raft of Threats โ
๐ Read
via "Threatpost".
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.๐ Read
via "Threatpost".
Threat Post
Official Government COVID-19 Apps Hide a Raft of Threats
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.
๐ด Using Application Telemetry to Reveal Insider & Evasive Threats ๐ด
๐ Read
via "Dark Reading: ".
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.๐ Read
via "Dark Reading: ".
Dark Reading
Using Application Telemetry to Reveal Insider & Evasive Threats
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
ATENTIONโผ New - CVE-2016-11053
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11052
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11051
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11050
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11049
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11048
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11047
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11046
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11045
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11044
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016).๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2016-11043
๐ Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).๐ Read
via "National Vulnerability Database".