βΌ CVE-2020-0465 βΌ
π Read
via "National Vulnerability Database".
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2020-25707 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916π Read
via "National Vulnerability Database".
βΌ CVE-2020-35470 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).π Read
via "National Vulnerability Database".
βΌ CVE-2020-35471 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.π Read
via "National Vulnerability Database".
β Phishing tricks that really work β and how to avoid them β
π Read
via "Naked Security".
Get inside the mindset of your adversaries to increase your chances of spotting a phish.π Read
via "Naked Security".
Naked Security
Phishing tricks that really work β and how to avoid them
Get inside the mindset of your adversaries to increase your chances of spotting a phish.
π΄ The Private Sector Needs a Cybersecurity Transformation π΄
π Read
via "Dark Reading".
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.π Read
via "Dark Reading".
Dark Reading
The Private Sector Needs a Cybersecurity Transformation - Dark Reading
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
π¦Ώ How understanding cognitive science can strengthen cybersecurity's weak links π¦Ώ
π Read
via "Tech Republic".
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.π Read
via "Tech Republic".
TechRepublic
How understanding cognitive science can strengthen cybersecurity's weak links
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.
π1
β Naked Security Live β How to avoid βbig brandβ email scams β
π Read
via "Naked Security".
Here's the latest Naked Security video - watch now (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β How to avoid βbig brandβ email scams
Hereβs the latest Naked Security video β watch now (and please share with your friends)!
βΌ CVE-2020-28203 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).π Read
via "National Vulnerability Database".
π American Fuzzy Lop plus plus 3.0c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.0c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ The lines between corporate and tech strategy continue to blur π¦Ώ
π Read
via "Tech Republic".
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.π Read
via "Tech Republic".
TechRepublic
The lines between corporate and tech strategy continue to blur
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.
β Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure β
π Read
via "Threat Post".
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.π Read
via "Threat Post".
Threat Post
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.
β Agent Tesla Keylogger Gets Data Theft and Targeting Update β
π Read
via "Threat Post".
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.π Read
via "Threat Post".
Threat Post
Agent Tesla Keylogger Gets Data Theft and Targeting Update
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
β 45 Million Medical Images Left Exposed Online β
π Read
via "Threat Post".
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.π Read
via "Threat Post".
Threat Post
45 Million Medical Images Left Exposed Online
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
βΌ CVE-2020-0280 βΌ
π Read
via "National Vulnerability Database".
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424π Read
via "National Vulnerability Database".
βΌ CVE-2020-8936 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8944 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8aπ Read
via "National Vulnerability Database".
βΌ CVE-2020-0497 βΌ
π Read
via "National Vulnerability Database".
In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661π Read
via "National Vulnerability Database".
βΌ CVE-2020-27021 βΌ
π Read
via "National Vulnerability Database".
In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245π Read
via "National Vulnerability Database".
βΌ CVE-2020-27028 βΌ
π Read
via "National Vulnerability Database".
In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611π Read
via "National Vulnerability Database".
βΌ CVE-2020-0500 βΌ
π Read
via "National Vulnerability Database".
In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913391π Read
via "National Vulnerability Database".