π How to better defend your cloud-based environments against cyberattack π
π Read
via "Security on TechRepublic".
A rapid, disorganized shift to the cloud can open the door to data theft, ransomware, malware, and other cyberattacks, says IBM X-Force.π Read
via "Security on TechRepublic".
TechRepublic
How to better defend your cloud-based environments against cyberattack
A rapid, disorganized shift to the cloud can open the door to data theft, ransomware, malware, and other cyberattacks, says IBM X-Force.
β Snake Ransomware Delivers Double-Strike on Honda, Energy Co. β
π Read
via "Threatpost".
The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.π Read
via "Threatpost".
Threat Post
Snake Ransomware Delivers Double-Strike on Honda, Energy Co.
The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.
β Helping Remote Workers Overcome Remote Attacks β
π Read
via "Threatpost".
Because remote workers' devices are all connected to a home network, they donβt even need to be attacked directly. Instead, attackers have multiple avenues of attack that can be exploited.π Read
via "Threatpost".
Threat Post
Helping Remote Workers Overcome Remote Attacks
Because remote workersβ devices are all connected to a home network, they donβt even need to be attacked directly. Instead, attackers have multiple avenues of attack that can be exploited.
ATENTIONβΌ New - CVE-2020-0121
π Read
via "National Vulnerability Database".
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0119
π Read
via "National Vulnerability Database".
In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0118
π Read
via "National Vulnerability Database".
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0117
π Read
via "National Vulnerability Database".
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0116
π Read
via "National Vulnerability Database".
In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0115
π Read
via "National Vulnerability Database".
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0114
π Read
via "National Vulnerability Database".
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0113
π Read
via "National Vulnerability Database".
In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-5735
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-5732
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-5731
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
π΄ Employees Stream Entertainment on Enterprise Systems During Pandemic π΄
π Read
via "Dark Reading: ".
Employees aren't limiting use of their work computers to business purposes while working from home.π Read
via "Dark Reading: ".
Dark Reading
Employees Stream Entertainment on Enterprise Systems During Pandemic
Employees aren't limiting use of their work computers to business purposes while working from home.
π΄ Rate of Ransomware Attacks in Healthcare Slows in H1 2020 π΄
π Read
via "Dark Reading: ".
But lull is unlikely to continue for long, some security experts say.π Read
via "Dark Reading: ".
Dark Reading
Rate of Ransomware Attacks in Healthcare Slows in H1 2020
But lull is unlikely to continue for long, some security experts say.
π΄ Misconfigured Databases Targeted Hours After Deployment π΄
π Read
via "Dark Reading: ".
Researchers left a poorly configured database open on the Internet to learn who would connect to it and what they would steal.π Read
via "Dark Reading: ".
Dark Reading
Misconfigured Databases Targeted Hours After Deployment
Researchers left a poorly configured database open on the Internet to learn who would connect to it and what they would steal.
π΄ When Your Biggest Security and Privacy Threats Come From the Ones You Love π΄
π Read
via "Dark Reading: ".
Research examines the risks and design challenges of accounting for privacy threats in intimate relationships.π Read
via "Dark Reading: ".
Dark Reading
When Your Biggest Security and Privacy Threats Come From the Ones You Love
Research examines the risks and design challenges of accounting for privacy threats in intimate relationships.
β Microsoft squishes 129 bugs with Patch Tuesday updates β
π Read
via "Naked Security".
Patch Tuesday was this week and software giant Microsoft released patches to fix 129 CVEs, 11 of which are rated critical.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Bitcoin scammers take YouTube channels for a SpaceX ride β
π Read
via "Naked Security".
Multiple hijacked YouTube accounts impersonated Elon Musk's Space X channel in a Bitcoin scheme that ripped off a total of more than $163,000.π Read
via "Naked Security".
Naked Security
Bitcoin scammers take YouTube channels for a SpaceX ride
Multiple hijacked YouTube accounts impersonated Elon Muskβs Space X channel in a Bitcoin scheme that ripped off nearly $150,000.
π Report: Working from home is the new normal, but cybersecurity isn't keeping up π
π Read
via "Security on TechRepublic".
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.π Read
via "Security on TechRepublic".
TechRepublic
Report: Working from home is the new normal, but cybersecurity isn't keeping up
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.