β Innovative Spy Trojan Targets European Diplomatic Targets β
π Read
via "Threatpost".
Descended from the COMPFun RAT, the malware can propagate to removable drives.π Read
via "Threatpost".
Threat Post
Innovative Spy Trojan Targets European Diplomatic Targets
Descended from the COMPFun RAT, the malware can propagate to removable drives.
π΄ Identite Comes Out of Stealth π΄
π Read
via "Dark Reading: ".
Startup emerges with three-factor, no-password authentication.π Read
via "Dark Reading: ".
Dark Reading
Identite Comes Out of Stealth
Startup emerges with three-factor, no-password authentication.
π΄ Project Aims to Unmask Disinformation Bots π΄
π Read
via "Dark Reading: ".
BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?π Read
via "Dark Reading: ".
Dark Reading
Project Aims to Unmask Disinformation Bots
BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?
π Phishing campaign exploits Symantec URL Protection to cover its tracks π
π Read
via "Security on TechRepublic".
The email also claims to have been scanned by Symantec email security, according to security provider Armorblox.π Read
via "Security on TechRepublic".
TechRepublic
Phishing campaign exploits Symantec URL Protection to cover its tracks
The email also claims to have been scanned by Symantec email security, according to security provider Armorblox.
π΄ Microsoft Patch for Reverse RDP Flaw Leaves Room for Other Attacks π΄
π Read
via "Dark Reading: ".
Fix released in February is Microsoft's second pass at fully addressing issue that Check Point first disclosed at Black Hat USA last summer.π Read
via "Dark Reading: ".
Darkreading
Microsoft Patch for Reverse RDP Flaw Leaves Room for Other Attacks
Fix released in February is Microsoft's second pass at fully addressing issue that Check Point first disclosed at Black Hat USA last summer.
π΄ As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up π΄
π Read
via "Dark Reading: ".
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.π Read
via "Dark Reading: ".
Dark Reading
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
ATENTIONβΌ New - CVE-2020-0097
π Read
via "National Vulnerability Database".
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0096
π Read
via "National Vulnerability Database".
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0094
π Read
via "National Vulnerability Database".
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0093
π Read
via "National Vulnerability Database".
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0092
π Read
via "National Vulnerability Database".
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0091
π Read
via "National Vulnerability Database".
In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0090
π Read
via "National Vulnerability Database".
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0065
π Read
via "National Vulnerability Database".
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0064
π Read
via "National Vulnerability Database".
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0024
π Read
via "National Vulnerability Database".
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265π Read
via "National Vulnerability Database".
β Microsoft joins encrypted DNS club with Windows 10 option β
π Read
via "Naked Security".
Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Top 10 most exploited vulnerabilities list released by FBI, DHS CISA β
π Read
via "Naked Security".
The agencies say it's vital to prioritize patching. Otherwise, we're making it easy for attackers who don't have to work at finding 0 days.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β How scammers abuse Google Searchβs open redirect feature β
π Read
via "Naked Security".
Google Search uses open redirects by design, which is handy if you're a scammer trying to hide an iffy-looking URL.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Paying Ransomware Crooks Doubles Clean-up Costs, Report β
π Read
via "Threatpost".
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.π Read
via "Threatpost".
Threat Post
Paying Ransomware Crooks Doubles Clean-up Costs, Report
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.
β S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast β
π Read
via "Naked Security".
In this episode Mark discusses government encryption, Duck tells us why turning your computer off is a cool idea and Greg regales us with his reply all woes. Host Anna Brading is joined by Sophos experts Mark Stockley, Paul Ducklin, Greg Iddon and Producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below [β¦]π Read
via "Naked Security".
Naked Security
S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast
Reply all woes, DHS says no to DoH and why turning your computer off is good for security.