π΄ More Malware Found Preinstalled on Government Smartphones π΄
π Read
via "Dark Reading: ".
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.π Read
via "Dark Reading: ".
Dark Reading
More Malware Found Preinstalled on Government Smartphones
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
π΄ New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime π΄
π Read
via "Dark Reading: ".
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.π Read
via "Dark Reading: ".
Dark Reading
New Fraud Ring Bargain Bear Brings Sophistication to Online Crime
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
π΄ Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets π΄
π Read
via "Dark Reading: ".
Data is fueling account takeover attacks in a big way, Digital Shadows says.π Read
via "Dark Reading: ".
Dark Reading
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
Data is fueling account takeover attacks in a big way, Digital Shadows says.
π Microsoft Cloud App Security: This software can help you to manage shadow IT and boost productivity π
π Read
via "Security on TechRepublic".
How to use shadow IT discovery in Microsoft Cloud App Security to help remote workers stay secure and save bandwidth.π Read
via "Security on TechRepublic".
π Cloud environments are making the security alert overload problem worse π
π Read
via "Security on TechRepublic".
Companies say that automation helps ease the burden but most have a long way to go to reach full implementation, according to new survey.π Read
via "Security on TechRepublic".
TechRepublic
Cloud environments are making the security alert overload problem worse
Companies say that automation helps ease the burden but most have a long way to go to reach full implementation, according to new survey.
β βUndeletableβ Malware Shows Up in Yet Another Android Device β
π Read
via "Threatpost".
Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.π Read
via "Threatpost".
Threat Post
βUndeletableβ Malware Shows Up in Yet Another Android Device
Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
π΄ Pen Testing ROI: How to Communicate the Value of Security Testing π΄
π Read
via "Dark Reading: ".
There are many reasons to pen test, but the financial reasons tend to get ignored.π Read
via "Dark Reading: ".
Dark Reading
Pen Testing ROI: How to Communicate the Value of Security Testing
There are many reasons to pen test, but the financial reasons tend to get ignored.
β BlueLeaks Server Seized By German Police: Report β
π Read
via "Threatpost".
The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.π Read
via "Threatpost".
Threat Post
BlueLeaks Server Seized By German Police: Report
The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.
π΄ 6 Tips for Getting the Most From Nessus π΄
π Read
via "Dark Reading: ".
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help you get started.π Read
via "Dark Reading: ".
Dark Reading
6 Tips for Getting the Most from Nessus
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help you get started.
π Joker billing fraud malware eluded Google Play security to infect Android devices π
π Read
via "Security on TechRepublic".
A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Joker billing fraud malware eluded Google Play security to infect Android devices
A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.
π GNU Privacy Guard 2.2.21 π
π Go!
via "Security Tool Files β Packet Storm".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
GNU Privacy Guard 2.2.21 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-12408
π Read
via "National Vulnerability Database".
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12407
π Read
via "National Vulnerability Database".
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12406
π Read
via "National Vulnerability Database".
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12405
π Read
via "National Vulnerability Database".
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12404
π Read
via "National Vulnerability Database".
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12402
π Read
via "National Vulnerability Database".
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12399
π Read
via "National Vulnerability Database".
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12398
π Read
via "National Vulnerability Database".
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11992
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10096
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".