Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON. Read More
Related Posts
Insights from LinkedIn’s CISO
Insights from LinkedIn’s CISO
Geoff Belknap, Chief Information Security Officer and Vice President of Engineering at LinkedIn join’s Ann on this week’s episode of Afternoon Cyber Tea. Before his tenure at LinkedIn, Jeff was instrumental in fortifying the defenses at Slack, ensuring that both physical and digital assets remained impervious to malicious intent. With a track record of leadership roles in various technology firms, he’s been at the forefront of shaping industry standards and best practices. Ann and Geoff discuss the intersection of AI and cybersecurity talent, highlighting its potential impact on the industry, the importance of maintaining a healthy work-life balance in high-stress roles like cybersecurity, and how diverse perspectives are essential for building robust security programs. Read More
The CyberWire
Android Security Updates: Over 40 Vulnerabilities Including Critical RCE Patched
Android Security Updates: Over 40 Vulnerabilities Including Critical RCE Patched
Android has released its August Security patches in which more than 40 vulnerabilities have been identified and fixed. Most of the vulnerabilities were related to remote code execution (RCE), Elevation of Privileges (EoP), and Information Disclosure (ID).
The vulnerabilities contribute to 37 High Severity vulnerabilities and 4 Critical Severity vulnerabilities. Most critical one was found to be the remote code execution vulnerabilities without user interaction. As of July patches, 43 vulnerabilities were patched by Android.
Vulnerability and Category
Android has gone through every component and subcomponents to find the nook and corner of every vulnerability and patch them accordingly. These vulnerabilities were related to Android runtime, Framework, Media Framework, System, and components like Kernel and processor-based components.
Android runtime was discovered with only a remote information disclosure vulnerability which did not include any execution privileges or user interaction. The vulnerability was classified as a High severity with a CVE-2023-21265.
The Framework section of Android security patches showed several high-severity vulnerabilities; the most critical one was a remote code execution vulnerability with a CVE-2023-21287. Other high-severity vulnerabilities were related to EoP, ID, and DoS (Denial of Service).
The MediaFramework and System sections had only one critical severity vulnerability with CVE-2023-21282 and CVE-2023-21273, which were found to be Remote code execution.
Kernel level vulnerabilities had one critical severity vulnerability which was found to be an Elevation of Privilege (EoP) category present in the KVM subcomponent. This did not require any user interaction for exploitation. The CVE was given as CVE-2023-21264
Processor-based vulnerabilities section showed one critical in Qualcomm closed-source components and one high severity vulnerability in each Arm subcomponent Mali and MediaTek subcomponent keyinstall . The CVEs were CVE-2022-40510 (Qualcomm), CVE-2023-20780 (MediaTek), and CVE-2022-34830 (Arm).
For detailed information on the vulnerabilities and patches, refer to the security bulletin released by Android.
The post Android Security Updates: Over 40 Vulnerabilities Including Critical RCE Patched appeared first on Cyber Security News.
Cyber Security News
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ.
Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware.
Both vulnerabilities are critical, allowing threat Read More
The Hacker News | #1 Trusted Cybersecurity News Site