ATENTIONβΌ New - CVE-2020-0131
π Read
via "National Vulnerability Database".
In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0129
π Read
via "National Vulnerability Database".
In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123292010π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0128
π Read
via "National Vulnerability Database".
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0127
π Read
via "National Vulnerability Database".
In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0126
π Read
via "National Vulnerability Database".
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0124
π Read
via "National Vulnerability Database".
In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592π Read
via "National Vulnerability Database".
β Podcast: Would You Use A Contact-Tracing Coronavirus App? β
π Read
via "Threatpost".
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?π Read
via "Threatpost".
Threat Post
Podcast: Would You Use A Contact-Tracing Coronavirus App?
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?
β Crooks hijack βBlack Lives Matterβ to spread zombie malware β
π Read
via "Naked Security".
The email says it will let you have your say anonymously about Black Lives Matter.π Read
via "Naked Security".
Naked Security
Crooks hijack βBlack Lives Matterβ to spread zombie malware
The email says it will let you have your say anonymously about Black Lives Matter.
π Haveged 1.9.10 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Siemens Teams Up in OT Endpoint Security π΄
π Read
via "Dark Reading: ".
Machine language-based endpoint security collaboration with SparkCognition is the latest move by Siemens in security.π Read
via "Dark Reading: ".
Dark Reading
Siemens Teams Up in OT Endpoint Security
Machine language-based endpoint security collaboration with SparkCognition is the latest move by Siemens in security.
π΄ The Hitchhiker's Guide to Web App Pen Testing π΄
π Read
via "Dark Reading: ".
Time on your hands and looking to learn about web apps? Here's a list to get you started.π Read
via "Dark Reading: ".
Dark Reading
The Hitchhiker's Guide to Web App Pen Testing
Time on your hands and looking to learn about web apps? Here's a list to get you started.
π FBI warns about cybercriminals exploiting mobile banking apps π
π Read
via "Security on TechRepublic".
With increased use, phony apps and banking trojans will try to steal account credentials, according to the FBI.π Read
via "Security on TechRepublic".
TechRepublic
FBI warns about cybercriminals exploiting mobile banking apps
With increased use, phony apps and banking trojans will try to steal account credentials, according to the FBI.
π Siemens and SparkCognition unveil AI-driven cybersecurity solution for ICS endpoints π
π Read
via "Security on TechRepublic".
DeepArmor Industrial, fortified by Siemens, increases operational visibility, improves malware detection, and provides protection across a company's fleet of industrial control systems and end points.π Read
via "Security on TechRepublic".
TechRepublic
Siemens and SparkCognition unveil AI-driven cybersecurity solution for ICS endpoints
DeepArmor Industrial, fortified by Siemens, increases operational visibility, improves malware detection, and provides protection across a company's fleet of industrial control systems and end points.
β Kubernetes Falls to Cryptomining via Machine-Learning Framework β
π Read
via "Threatpost".
Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign.π Read
via "Threatpost".
Threat Post
Kubernetes Falls to Cryptomining via Machine-Learning Framework
Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign.
π Ad Industry Still Wary of CCPA π
π Read
via "Subscriber Blog RSS Feed ".
A handful of advertising trade groups are voicing their dissatisfaction with the CCPA's final proposed regulations, which were sent for review last week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Ad Industry Still Wary of CCPA
A handful of advertising trade groups are voicing their dissatisfaction with the CCPA's final proposed regulations, which were sent for review last week.
π Two-factor authentication: A cheat sheet π
π Read
via "Security on TechRepublic".
A password alone will not protect sensitive information from hackers--two-factor authentication is also necessary. Here's what security pros and users need to know about two-factor authentication.π Read
via "Security on TechRepublic".
TechRepublic
Two-factor authentication: A cheat sheet
A password alone will not protect sensitive information from hackers--two-factor authentication is also necessary. Here's what security pros and users need to know about two-factor authentication.
π΄ Protocol Vulnerability Threatens Mobile Networks π΄
π Read
via "Dark Reading: ".
A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.π Read
via "Dark Reading: ".
Dark Reading
Protocol Vulnerability Threatens Mobile Networks
A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.
π Cybersecurity pros are working harder than ever during the pandemic π
π Read
via "Security on TechRepublic".
The COVID-19 pandemic has affected many tech career fields. Learn how it has impacted cybersecurity professionals, and how to help.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity pros are working harder than ever during the pandemic
The COVID-19 pandemic has affected many tech career fields. Learn how it has impacted cybersecurity professionals, and how to help.
β Microsoft Outlook Users Targeted By Gamaredonβs New VBA Macro β
π Read
via "Threatpost".
The Gamaredon APT has started using a new VBA macro to target Microsoft Outlook victims' contact lists.π Read
via "Threatpost".
Threat Post
Microsoft Outlook Users Targeted By Gamaredonβs New VBA Macro
The Gamaredon APT has started using a new VBA macro to target Microsoft Outlook victims' contact lists.
β Black Lives Matter Emails Deliver TrickBot Malware β
π Read
via "Threatpost".
Malspam emails are claiming to deliver a survey on BLM -- but in reality they deliver the infamous banking trojan.π Read
via "Threatpost".
Threat Post
Black Lives Matter Emails Deliver TrickBot Malware
Malspam emails are claiming to deliver a survey on BLM β but in reality they deliver the infamous banking trojan.
π΄ FBI Says Sudden Increase in Mobile Banking Is Heightening Risks For Users π΄
π Read
via "Dark Reading: ".
Mobile malware and fake apps purporting to be legitimate banking software are big risks, law enforcement agency says.π Read
via "Dark Reading: ".
Dark Reading
FBI Says Sudden Increase in Mobile Banking Is Heightening Risks For Users
Mobile malware and fake apps purporting to be legitimate banking software are big risks, law enforcement agency says.