β Naked Security Live β How to avoid βbig brandβ email scams β
π Read
via "Naked Security".
Here's the latest Naked Security video - watch now (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β How to avoid βbig brandβ email scams
Hereβs the latest Naked Security video β watch now (and please share with your friends)!
βΌ CVE-2020-28203 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).π Read
via "National Vulnerability Database".
π American Fuzzy Lop plus plus 3.0c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.0c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ The lines between corporate and tech strategy continue to blur π¦Ώ
π Read
via "Tech Republic".
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.π Read
via "Tech Republic".
TechRepublic
The lines between corporate and tech strategy continue to blur
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.
β Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure β
π Read
via "Threat Post".
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.π Read
via "Threat Post".
Threat Post
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.
β Agent Tesla Keylogger Gets Data Theft and Targeting Update β
π Read
via "Threat Post".
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.π Read
via "Threat Post".
Threat Post
Agent Tesla Keylogger Gets Data Theft and Targeting Update
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
β 45 Million Medical Images Left Exposed Online β
π Read
via "Threat Post".
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.π Read
via "Threat Post".
Threat Post
45 Million Medical Images Left Exposed Online
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
βΌ CVE-2020-0280 βΌ
π Read
via "National Vulnerability Database".
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424π Read
via "National Vulnerability Database".
βΌ CVE-2020-8936 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8944 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8aπ Read
via "National Vulnerability Database".
βΌ CVE-2020-0497 βΌ
π Read
via "National Vulnerability Database".
In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661π Read
via "National Vulnerability Database".
βΌ CVE-2020-27021 βΌ
π Read
via "National Vulnerability Database".
In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245π Read
via "National Vulnerability Database".
βΌ CVE-2020-27028 βΌ
π Read
via "National Vulnerability Database".
In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141618611π Read
via "National Vulnerability Database".
βΌ CVE-2020-0500 βΌ
π Read
via "National Vulnerability Database".
In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913391π Read
via "National Vulnerability Database".
βΌ CVE-2020-8937 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02π Read
via "National Vulnerability Database".
βΌ CVE-2020-27035 βΌ
π Read
via "National Vulnerability Database".
In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213π Read
via "National Vulnerability Database".
βΌ CVE-2020-8940 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131eπ Read
via "National Vulnerability Database".
βΌ CVE-2020-0484 βΌ
π Read
via "National Vulnerability Database".
In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155769496π Read
via "National Vulnerability Database".
βΌ CVE-2020-27026 βΌ
π Read
via "National Vulnerability Database".
During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-79776455π Read
via "National Vulnerability Database".
βΌ CVE-2020-27029 βΌ
π Read
via "National Vulnerability Database".
In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875π Read
via "National Vulnerability Database".
βΌ CVE-2020-27024 βΌ
π Read
via "National Vulnerability Database".
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732π Read
via "National Vulnerability Database".