Google Squashes Critical Android Media Framework Bug
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall.
Source: Threadpost
TeamTNT Gains Full Remote Takeover of Cloud Instances
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors on targeted Docker and Kubernetes clusters.
Source: Threadpost
Severe Industrial Bugs Allow Takeover of Critical Systems
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS vendors like Rockwell Automation and Siemens.
Source: Threadpost
Spyware Labeled ‘TikTok Pro’ Exploits Fears of US Ban
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials.
Source: Threadpost
Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.
Source: Threadpost
Critical Intel Active Management Technology Flaw Allows Privilege Escalation
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems.
Source: Threadpost
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.
Source: Threadpost
Cryptobugs Found in Numerous Google Play Store Apps
A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.
Source: Threadpost
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map's export function, which earned him $10,000 in bug bounty rewards.
Source: Threadpost
How Zero Trust and SASE Can Redefine Network Defenses for Remote Workforces
The SASE model for remote access and security coupled with Zero Trust can help redefine network and perimeter defenses when a traditional “perimeter” no longer exists.
Source: Threadpost