π΄ Multivector Attacks Demand Security Controls at the Messaging Level π΄
π Read
via "Dark Reading".
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.π Read
via "Dark Reading".
Dark Reading
Multivector Attacks Demand Security Controls at the Messaging Level
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
β Intel Squashes High-Severity Graphics Driver Flaws β
π Read
via "Threat Post".
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.π Read
via "Threat Post".
Threat Post
Intel Squashes High-Severity Graphics Driver Flaws
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.
π¦Ώ Love is in the airβand cybercriminals are taking advantage π¦Ώ
π Read
via "Tech Republic".
Malicious Valentine's Day-themed phishing campaigns are up 29% from last year, according to Check Point Research.π Read
via "Tech Republic".
TechRepublic
Love is in the airβand cybercriminals are taking advantage
Malicious Valentine's Day-themed phishing campaigns are up 29% from last year, according to Check Point Research.
βΌ CVE-2020-24837 βΌ
π Read
via "National Vulnerability Database".
An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24838 βΌ
π Read
via "National Vulnerability Database".
An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27135 βΌ
π Read
via "National Vulnerability Database".
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29171 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.π Read
via "National Vulnerability Database".
π΄ Zero Trust in the Real World π΄
π Read
via "Dark Reading".
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.π Read
via "Dark Reading".
Dark Reading
Zero Trust in the Real World
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
π¦Ώ Mozilla privacy report on dating apps singles out Grindr for serious security lapses π¦Ώ
π Read
via "Tech Republic".
21 of the 24 dating apps examined were tagged with the "*Privacy Not Included" warning label.π Read
via "Tech Republic".
TechRepublic
Mozilla privacy report on dating apps singles out Grindr for serious security lapses
21 of the 24 dating apps examined were tagged with the "*Privacy Not Included" warning label.
π¦Ώ NordVPN puts the price tag of stolen streaming subscriptions at $38 million π¦Ώ
π Read
via "Tech Republic".
Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.π Read
via "Tech Republic".
TechRepublic
NordVPN puts the price tag of stolen streaming subscriptions at $38 million
Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.
β Hybrid, Older Users Most-Targeted by Gmail Attackers β
π Read
via "Threat Post".
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn't a big factor.π Read
via "Threat Post".
Threat Post
Hybrid, Older Users Most-Targeted by Gmail Attackers
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn't a big factor.
βΌ CVE-2021-0338 βΌ
π Read
via "National Vulnerability Database".
In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178π Read
via "National Vulnerability Database".
βΌ CVE-2020-26299 βΌ
π Read
via "National Vulnerability Database".
ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3).π Read
via "National Vulnerability Database".
βΌ CVE-2021-0326 βΌ
π Read
via "National Vulnerability Database".
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525π Read
via "National Vulnerability Database".
βΌ CVE-2021-0335 βΌ
π Read
via "National Vulnerability Database".
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309π Read
via "National Vulnerability Database".
βΌ CVE-2021-0314 βΌ
π Read
via "National Vulnerability Database".
In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-171221302π Read
via "National Vulnerability Database".
βΌ CVE-2021-0341 βΌ
π Read
via "National Vulnerability Database".
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069π Read
via "National Vulnerability Database".
βΌ CVE-2021-0330 βΌ
π Read
via "National Vulnerability Database".
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441π Read
via "National Vulnerability Database".
βΌ CVE-2021-0337 βΌ
π Read
via "National Vulnerability Database".
In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195π Read
via "National Vulnerability Database".
βΌ CVE-2021-0331 βΌ
π Read
via "National Vulnerability Database".
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783π Read
via "National Vulnerability Database".
βΌ CVE-2021-0333 βΌ
π Read
via "National Vulnerability Database".
In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491π Read
via "National Vulnerability Database".