21.7 C
Johannesburg

Bluetooth Spoofing Bug Affects Billions of IoT Devices

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said. Read more

QR Codes Serve Up a Menu of Security Concerns

QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about. Read more

TikTok Fixes Flaws That Opened Android App to Compromise

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue. Read more

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources...

Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles

New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates. Read more

Spyware Labeled ‘TikTok Pro’ Exploits Fears of U.S. Ban

Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials. Read more

WhatsApp Discloses 6 Bugs via Dedicated Security Site

The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities. Read more

India Blocks High-Profile Chinese Apps on Political, Privacy Concerns

Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization. Read more

Joker Spyware Plagues More Google Play Apps

The six malicious apps have been removed from Google Play, but could still threaten 200,000 installs. Read more

Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign

The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates. Read more

Latest article

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the...

CVE-2020-15213

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory...

CVE-2020-15211

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model...