π΄ Attack Surface Area Larger Than Most Businesses Believe π΄
π Read
via "Dark Reading: ".
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.π Read
via "Dark Reading: ".
Dark Reading
Attack Surface Area Larger Than Most Businesses Believe
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.
π Apple's Face ID: Cheat sheet π
π Read
via "Security on TechRepublic".
If you're using an Apple mobile device manufactured since 2017, it has likely ditched Touch ID in favor of Face ID. Here's what you need to know about the latest Apple biometric security product.π Read
via "Security on TechRepublic".
TechRepublic
Appleβs Face ID Cheat Sheet: What It Is and How to Use It
Apple's Face ID is a secure and convenient facial recognition feature that utilizes TrueDepth cameras for fast, reliable and secure access.
π΄ 'Highly Active' APT Group Targeting Microsoft Office, Outlook π΄
π Read
via "Dark Reading: ".
The Gamaredon group has ramped up activity in recent months and makes no effort to stay under the radar, researchers report.π Read
via "Dark Reading: ".
Darkreading
'Highly Active' APT Group Targeting Microsoft Office, Outlook
The Gamaredon group has ramped up activity in recent months and makes no effort to stay under the radar, researchers report.
π Why coronavirus contact tracing apps face privacy and security challenges π
π Read
via "Security on TechRepublic".
The apps have to balance the goal of greater accuracy vs. respecting the privacy of their users, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Why coronavirus contact tracing apps face privacy and security challenges
The apps have to balance the goal of greater accuracy vs. respecting the privacy of their users, according to Check Point Research.
ATENTIONβΌ New - CVE-2020-0136
π Read
via "National Vulnerability Database".
In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-120078455π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0135
π Read
via "National Vulnerability Database".
In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0134
π Read
via "National Vulnerability Database".
In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0133
π Read
via "National Vulnerability Database".
In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0132
π Read
via "National Vulnerability Database".
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0131
π Read
via "National Vulnerability Database".
In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0129
π Read
via "National Vulnerability Database".
In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123292010π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0128
π Read
via "National Vulnerability Database".
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0127
π Read
via "National Vulnerability Database".
In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0126
π Read
via "National Vulnerability Database".
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0124
π Read
via "National Vulnerability Database".
In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592π Read
via "National Vulnerability Database".
β Podcast: Would You Use A Contact-Tracing Coronavirus App? β
π Read
via "Threatpost".
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?π Read
via "Threatpost".
Threat Post
Podcast: Would You Use A Contact-Tracing Coronavirus App?
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?
β Crooks hijack βBlack Lives Matterβ to spread zombie malware β
π Read
via "Naked Security".
The email says it will let you have your say anonymously about Black Lives Matter.π Read
via "Naked Security".
Naked Security
Crooks hijack βBlack Lives Matterβ to spread zombie malware
The email says it will let you have your say anonymously about Black Lives Matter.
π Haveged 1.9.10 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Siemens Teams Up in OT Endpoint Security π΄
π Read
via "Dark Reading: ".
Machine language-based endpoint security collaboration with SparkCognition is the latest move by Siemens in security.π Read
via "Dark Reading: ".
Dark Reading
Siemens Teams Up in OT Endpoint Security
Machine language-based endpoint security collaboration with SparkCognition is the latest move by Siemens in security.
π΄ The Hitchhiker's Guide to Web App Pen Testing π΄
π Read
via "Dark Reading: ".
Time on your hands and looking to learn about web apps? Here's a list to get you started.π Read
via "Dark Reading: ".
Dark Reading
The Hitchhiker's Guide to Web App Pen Testing
Time on your hands and looking to learn about web apps? Here's a list to get you started.
π FBI warns about cybercriminals exploiting mobile banking apps π
π Read
via "Security on TechRepublic".
With increased use, phony apps and banking trojans will try to steal account credentials, according to the FBI.π Read
via "Security on TechRepublic".
TechRepublic
FBI warns about cybercriminals exploiting mobile banking apps
With increased use, phony apps and banking trojans will try to steal account credentials, according to the FBI.