Google Rolls Out Fixes for High-Severity Android System Flaws
The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).
BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity
Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.
Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users.
PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict
Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia.
IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.
Comcast TV Remote Hack Opens Homes to Snooping
Researchers disclosed the ‘WarezTheRemote’ attack, affecting Comcast’s XR11 voice remote control.
Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams.
Male Chastity Device Comes with Massive Security Flaws
Smart sex toy vulnerable to hacks, researchers say — which could expose users’ most sensitive bits (of data) to cybercriminals.
Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.