🕴 Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace 🕴
📖 Read
via "Dark Reading".
Cloud-native platform automates prevention, detection, and response to cyberattacks.📖 Read
via "Dark Reading".
Dark Reading
Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace
Cloud-native platform automates prevention, detection, and response to cyberattacks.
🕴 Kroll Acquires Security Compass Advisory 🕴
📖 Read
via "Dark Reading".
Combined capabilities will help clients address the growing complexity of securing public, private and hybrid cloud, 5G, IoT, and industrial control systems📖 Read
via "Dark Reading".
Dark Reading
Kroll Acquires Security Compass Advisory
Combined capabilities will help clients address the growing complexity of securing public, private and hybrid cloud, 5G, IoT, and industrial control systems
🕴 Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory 🕴
📖 Read
via "Dark Reading".
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.📖 Read
via "Dark Reading".
Dark Reading
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.
🕴 Meta Expands Bug-Bounty Program to Include Data Scraping 🕴
📖 Read
via "Dark Reading".
Scraping bugs and scraped databases are two new areas of research for the company's bug-bounty and data-bounty programs.📖 Read
via "Dark Reading".
Dark Reading
Meta Expands Bug-Bounty Program to Include Data Scraping
Scraping bugs and scraped databases are two new areas of research for the company's bug-bounty and data-bounty programs.
🦿 Initial access brokers: How are IABs related to the rise in ransomware attacks? 🦿
📖 Read
via "Tech Republic".
Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. Learn how to protect your business from IABs.📖 Read
via "Tech Republic".
TechRepublic
Initial access brokers: How are IABs related to the rise in ransomware attacks?
Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. Learn how to protect your business from IABs.
‼ CVE-2021-0970 ‼
📖 Read
via "National Vulnerability Database".
In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0931 ‼
📖 Read
via "National Vulnerability Database".
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1013 ‼
📖 Read
via "National Vulnerability Database".
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39652 ‼
📖 Read
via "National Vulnerability Database".
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39639 ‼
📖 Read
via "National Vulnerability Database".
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1004 ‼
📖 Read
via "National Vulnerability Database".
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39638 ‼
📖 Read
via "National Vulnerability Database".
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0966 ‼
📖 Read
via "National Vulnerability Database".
In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0989 ‼
📖 Read
via "National Vulnerability Database".
In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29847 ‼
📖 Read
via "National Vulnerability Database".
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1006 ‼
📖 Read
via "National Vulnerability Database".
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1045 ‼
📖 Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1029 ‼
📖 Read
via "National Vulnerability Database".
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0964 ‼
📖 Read
via "National Vulnerability Database".
In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0925 ‼
📖 Read
via "National Vulnerability Database".
In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1039 ‼
📖 Read
via "National Vulnerability Database".
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318📖 Read
via "National Vulnerability Database".