βΌ CVE-2022-38179 βΌ
π Read
via "National Vulnerability Database".
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38180 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some casesπ Read
via "National Vulnerability Database".
ποΈ GoTestWAF adds API attack testing via OpenAPI support ποΈ
π Read
via "The Daily Swig".
CI/CD support is next for WAF security toolπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GoTestWAF adds API attack testing via OpenAPI support
CI/CD support is next for WAF security tool
β Facebookβs In-app Browser on iOS Tracks βAnything You Do on Any Websiteβ β
π Read
via "Threat Post".
Researcher shows how Instagram and Facebookβs use of an in-app browser within both its iOS apps can track interactions with external websites.π Read
via "Threat Post".
Threat Post
Facebookβs In-app Browser on iOS Tracks βAnything You Do on Any Websiteβ
Researcher shows how Instagram and Facebookβs use of an in-app browser within both its iOS apps can track interactions with external websites.
β S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! (Or read the transcript if you prefer.)π Read
via "Naked Security".
Naked Security
S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
Latest episode β listen now! (Or read the transcript if you prefer.)
π΄ How to Clear Security Obstacles and Achieve Cloud Nirvana π΄
π Read
via "Dark Reading".
Back-end complexity of cloud computing means there's plenty of potential for security problems. Here's how to get a better handle on SaaS application security.π Read
via "Dark Reading".
Dark Reading
How to Clear Security Obstacles and Achieve Cloud Nirvana
Back-end complexity of cloud computing means there's plenty of potential for security problems. Here's how to get a better handle on SaaS application security.
ποΈ BHUSA: Make sure your security bug bounty program doesnβt create a data leak of its own ποΈ
π Read
via "The Daily Swig".
Researchers, organizations, and bug disclosure platforms can all make improvements to help protect user dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
BHUSA: Make sure your security bug bounty program doesnβt create a data leak of its own
Researchers, organizations, and bug disclosure platforms can all make improvements to help protect user data
π Friday Five 8/12 π
π Read
via "".
Twitterβs latest security incident, ransomware gangs, and state-sponsored hackers have taken over the news this past week. Catch up on all the latest with this weekβs Friday Five!
π Read
via "".
ποΈ IT industry guilty of βlack of imaginationβ in failure to anticipate cyber-attack evolution ποΈ
π Read
via "The Daily Swig".
βWe have a habit of reacting to threats after they occur, rather than preparing for them,β journalist Kim Zetter tells Black Hatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
IT industry guilty of βlack of imaginationβ in failure to anticipate cyber-attack evolution
βWe have a habit of reacting to threats after they occur, rather than preparing for them,β journalist Kim Zetter tells Black Hat
π GNUnet P2P Framework 0.17.4 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.17.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan π΄
π Read
via "Dark Reading".
Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability.π Read
via "Dark Reading".
Dark Reading
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan
Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability.
βοΈ Sounding the Alarm on Emergency Alert System Flaws βοΈ
π Read
via "Krebs on Security".
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.π Read
via "Krebs on Security".
Krebs on Security
Sounding the Alarm on Emergency Alert System Flaws
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such asβ¦
βΌ CVE-2022-20314 βΌ
π Read
via "National Vulnerability Database".
In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-191876118π Read
via "National Vulnerability Database".
βΌ CVE-2022-20309 βΌ
π Read
via "National Vulnerability Database".
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094π Read
via "National Vulnerability Database".
βΌ CVE-2022-20262 βΌ
π Read
via "National Vulnerability Database".
In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218338453π Read
via "National Vulnerability Database".
βΌ CVE-2022-20295 βΌ
π Read
via "National Vulnerability Database".
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202160584π Read
via "National Vulnerability Database".
βΌ CVE-2022-20318 βΌ
π Read
via "National Vulnerability Database".
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694069π Read
via "National Vulnerability Database".
βΌ CVE-2022-20320 βΌ
π Read
via "National Vulnerability Database".
In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187956596π Read
via "National Vulnerability Database".
βΌ CVE-2022-20260 βΌ
π Read
via "National Vulnerability Database".
In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698π Read
via "National Vulnerability Database".
βΌ CVE-2022-20271 βΌ
π Read
via "National Vulnerability Database".
In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635π Read
via "National Vulnerability Database".
βΌ CVE-2022-20335 βΌ
π Read
via "National Vulnerability Database".
In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725π Read
via "National Vulnerability Database".