ATENTION‼ New - CVE-2020-0121
📖 Read
via "National Vulnerability Database".
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0119
📖 Read
via "National Vulnerability Database".
In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0118
📖 Read
via "National Vulnerability Database".
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0117
📖 Read
via "National Vulnerability Database".
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0116
📖 Read
via "National Vulnerability Database".
In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0115
📖 Read
via "National Vulnerability Database".
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0114
📖 Read
via "National Vulnerability Database".
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0113
📖 Read
via "National Vulnerability Database".
In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-5735
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-5732
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-5731
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Employees Stream Entertainment on Enterprise Systems During Pandemic 🕴
📖 Read
via "Dark Reading: ".
Employees aren't limiting use of their work computers to business purposes while working from home.📖 Read
via "Dark Reading: ".
Dark Reading
Employees Stream Entertainment on Enterprise Systems During Pandemic
Employees aren't limiting use of their work computers to business purposes while working from home.
🕴 Rate of Ransomware Attacks in Healthcare Slows in H1 2020 🕴
📖 Read
via "Dark Reading: ".
But lull is unlikely to continue for long, some security experts say.📖 Read
via "Dark Reading: ".
Dark Reading
Rate of Ransomware Attacks in Healthcare Slows in H1 2020
But lull is unlikely to continue for long, some security experts say.
🕴 Misconfigured Databases Targeted Hours After Deployment 🕴
📖 Read
via "Dark Reading: ".
Researchers left a poorly configured database open on the Internet to learn who would connect to it and what they would steal.📖 Read
via "Dark Reading: ".
Dark Reading
Misconfigured Databases Targeted Hours After Deployment
Researchers left a poorly configured database open on the Internet to learn who would connect to it and what they would steal.
🕴 When Your Biggest Security and Privacy Threats Come From the Ones You Love 🕴
📖 Read
via "Dark Reading: ".
Research examines the risks and design challenges of accounting for privacy threats in intimate relationships.📖 Read
via "Dark Reading: ".
Dark Reading
When Your Biggest Security and Privacy Threats Come From the Ones You Love
Research examines the risks and design challenges of accounting for privacy threats in intimate relationships.
⚠ Microsoft squishes 129 bugs with Patch Tuesday updates ⚠
📖 Read
via "Naked Security".
Patch Tuesday was this week and software giant Microsoft released patches to fix 129 CVEs, 11 of which are rated critical.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Bitcoin scammers take YouTube channels for a SpaceX ride ⚠
📖 Read
via "Naked Security".
Multiple hijacked YouTube accounts impersonated Elon Musk's Space X channel in a Bitcoin scheme that ripped off a total of more than $163,000.📖 Read
via "Naked Security".
Naked Security
Bitcoin scammers take YouTube channels for a SpaceX ride
Multiple hijacked YouTube accounts impersonated Elon Musk’s Space X channel in a Bitcoin scheme that ripped off nearly $150,000.
🔐 Report: Working from home is the new normal, but cybersecurity isn't keeping up 🔐
📖 Read
via "Security on TechRepublic".
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.📖 Read
via "Security on TechRepublic".
TechRepublic
Report: Working from home is the new normal, but cybersecurity isn't keeping up
COVID-19 has completely changed the work world, but many organizations have seemingly failed to realize that security risks are changing as well, a new report finds.
🔐 How Google is combatting coronavirus-related cyberthreats 🔐
📖 Read
via "Security on TechRepublic".
The search giant is relying on artificial intelligence as threats that exploit COVID-19 increase in the UK, India, and Brazil.📖 Read
via "Security on TechRepublic".
TechRepublic
How Google is combatting coronavirus-related cyberthreats
The search giant is relying on artificial intelligence as threats that exploit COVID-19 increase in the UK, India, and Brazil.
🕴 What COVID-19 Teaches Us About Social Engineering 🕴
📖 Read
via "Dark Reading: ".
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.📖 Read
via "Dark Reading: ".
Dark Reading
What COVID-19 Teaches Us About Social Engineering
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us
🕴 Attack Surface Area Larger Than Most Businesses Believe 🕴
📖 Read
via "Dark Reading: ".
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.📖 Read
via "Dark Reading: ".
Dark Reading
Attack Surface Area Larger Than Most Businesses Believe
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.