ATENTIONβΌ New - CVE-2020-0097
π Read
via "National Vulnerability Database".
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0096
π Read
via "National Vulnerability Database".
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0094
π Read
via "National Vulnerability Database".
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0093
π Read
via "National Vulnerability Database".
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0092
π Read
via "National Vulnerability Database".
In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0091
π Read
via "National Vulnerability Database".
In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0090
π Read
via "National Vulnerability Database".
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0065
π Read
via "National Vulnerability Database".
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0064
π Read
via "National Vulnerability Database".
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0024
π Read
via "National Vulnerability Database".
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265π Read
via "National Vulnerability Database".
β Microsoft joins encrypted DNS club with Windows 10 option β
π Read
via "Naked Security".
Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Top 10 most exploited vulnerabilities list released by FBI, DHS CISA β
π Read
via "Naked Security".
The agencies say it's vital to prioritize patching. Otherwise, we're making it easy for attackers who don't have to work at finding 0 days.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β How scammers abuse Google Searchβs open redirect feature β
π Read
via "Naked Security".
Google Search uses open redirects by design, which is handy if you're a scammer trying to hide an iffy-looking URL.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Paying Ransomware Crooks Doubles Clean-up Costs, Report β
π Read
via "Threatpost".
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.π Read
via "Threatpost".
Threat Post
Paying Ransomware Crooks Doubles Clean-up Costs, Report
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.
β S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast β
π Read
via "Naked Security".
In this episode Mark discusses government encryption, Duck tells us why turning your computer off is a cool idea and Greg regales us with his reply all woes. Host Anna Brading is joined by Sophos experts Mark Stockley, Paul Ducklin, Greg Iddon and Producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below [β¦]π Read
via "Naked Security".
Naked Security
S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast
Reply all woes, DHS says no to DoH and why turning your computer off is good for security.
π΄ 4 Challenges with Existing VPNs π΄
π Read
via "Dark Reading: ".
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.π Read
via "Dark Reading: ".
Dark Reading
4 Challenges with Existing VPNs
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
π How to restrict the Nextcloud ONLYOFFICE to groups π
π Read
via "Security on TechRepublic".
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to restrict the Nextcloud ONLYOFFICE to groups
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.
π Coronavirus-themed phishing templates used to capture personal information π
π Read
via "Security on TechRepublic".
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.π Read
via "Security on TechRepublic".
TechRepublic
Coronavirus-themed phishing templates used to capture personal information
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.
β Quantum Security Goes Live with Samsung Galaxy β
π Read
via "Threatpost".
Quantum encryption, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.π Read
via "Threatpost".
Threat Post
Quantum Security Goes Live with Samsung Galaxy
Quantum technology, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.
β RATicate Group Hits Industrial Firms With Revolving Payloads β
π Read
via "Threatpost".
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.π Read
via "Threatpost".
Threat Post
RATicate Group Hits Industrial Firms With Revolving Payloads
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.