ATENTIONβΌ New - CVE-2018-21053 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21052 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21051 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21050 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21049 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21048 (android)
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).π Read
via "National Vulnerability Database".
π IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022 π
π Read
via "Security on TechRepublic".
The Internet Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.π Read
via "Security on TechRepublic".
TechRepublic
IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022
The Information Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.
π΄ Cybercrime May Be the World's Third-Largest Economy by 2021 π΄
π Read
via "Dark Reading: ".
The underground economy is undergoing an industrialization wave and booming like never before.π Read
via "Dark Reading: ".
Dark Reading
Cybercrime May Be the World's Third-Largest Economy by 2021
The underground economy is undergoing an industrialization wave and booming like never before.
π΄ Pandemic Could Make Schools Bigger Targets of Ransomware Attacks π΄
π Read
via "Dark Reading: ".
Most have had to implement distance learning, making them much more vulnerable, Armor says.π Read
via "Dark Reading: ".
Dark Reading
Pandemic Could Make Schools Bigger Targets of Ransomware Attacks
Most have had to implement distance learning, making them much more vulnerable, Armor says.
β Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain β
π Read
via "Threatpost".
The Grandoreiro banking malware uses remote overlay and a fake Chrome browser plugin to steal from banking customers.π Read
via "Threatpost".
Threat Post
Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain
Researchers warn that the Grandoreiro banking malware has broadened in its targeting from Brazil to Spain.
π SEC Settles With Two Traders Involved in 2016 Hack π
π Read
via "Subscriber Blog RSS Feed ".
Two of the illicit traders indicted in a 2016 hack of the SEC have agreed to settle and in turn, give back six figure sums of money they made with information stolen from a SEC system.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
SEC Settles With Two Traders Involved in 2016 Hack
Two of the illicit traders indicted in a 2016 hack of the SEC have agreed to settle and in turn, give back six figure sums of money they made with information stolen from a SEC system.
β Monday review β the hot 15 stories of the week β
π Read
via "Naked Security".
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 15 stories of the week
Get yourself up to date with everything weβve written in the last seven days β itβs weekly roundup time.
β Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update β
π Read
via "Threatpost".
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.π Read
via "Threatpost".
Threat Post
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Company will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
π The end of passwords: Industry experts explore the possibilities and challenges π
π Read
via "Security on TechRepublic".
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.π Read
via "Security on TechRepublic".
TechRepublic
The end of passwords: Industry experts explore the possibilities and challenges
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.
π΄ Dutch Police Shut Down 15 DDoS-for-Hire Services π΄
π Read
via "Dark Reading: ".
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.π Read
via "Dark Reading: ".
Dark Reading
Dutch Police Shut Down 15 DDoS-for-Hire Services
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.
π΄ Dell Releases Security Tool to Defend PCs from BIOS Attacks π΄
π Read
via "Dark Reading: ".
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.π Read
via "Dark Reading: ".
Dark Reading
Dell Releases Security Tool to Defend PCs from BIOS Attacks
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.
π΄ Network Data Shows Spikes, Vulnerability of Work-at-Home Shift π΄
π Read
via "Dark Reading: ".
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.π Read
via "Dark Reading: ".
Dark Reading
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
ATENTIONβΌ New - CVE-2020-11668 (linux_kernel)
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11647 (wireshark)
π Read
via "National Vulnerability Database".
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11557 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11556 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.π Read
via "National Vulnerability Database".