Sign up to save your podcasts
Or
Share Buggy android apps, Guzzle cookies crumble , New Windows update not Trend-y, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Buggy android apps, Guzzle cookies crumble , New Windows update not Trend-y, and more.
A daily look at the relevant information security news from overnight.
Episode 234 - 27 May 2022
Buggy Android apps- https://www.bleepingcomputer.com/news/security/microsoft-finds-severe-bugs-in-android-apps-from-large-mobile-providers/
Guzzle cookies crumble -
https://portswigger.net/daily-swig/patch-released-for-cross-domain-cookie-leakage-flaw-in-guzzle
Ransome besets Somerset - https://www.cnn.com/2022/05/26/politics/new-jersey-somerset-county-ransomware-attack/index.html
BlackCat slashes Austria -
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/
Crital OAS flaws- https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/
New Windows update not Trend-y -
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
Hi, I’m Paul Torgersen. It’s Friday May 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Microsoft security researchers have found high severity vulnerabilities in a framework owned by MCE Systems that is used by Android apps. The vulnerabilities expose users to command injection and privilege escalation attacks. The apps have millions of downloads on Google's Play Store and come pre-installed as system applications on devices bought from operators including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. Patches have been issued.
From PortSwigger.net:
Guzzle, the popular HTTP client for PHP applications, has addressed a high severity vulnerability leading to cross-domain cookie leakage. The flaw resides in Guzzle’s cookie middleware, which is fortunately disabled by default, so most library consumers will not be affected. Drupel is one of the applications that use the third-party library and has released updates to address the issue.
From CNN.com:
A ransomware attack has forced officials in Somerset County New Jersey to switch off their computers and set up temporary Gmail accounts so the public can communicate with key agencies like health, emergency and sheriff's departments. The county says the attack has only affected email and IT systems and that phone lines and emergency service systems are all working properly. No word on the threat actor or specific malware involved.
From BleepingComputer.com:
The Austrian state of Carinthia has been hit by the BlackCat ransomware gang, who demanded $5 million to unlock their encrypted computer systems. Evidently thousands of workstations have been locked by the attack. The government says there is no evidence that BlackCat actually managed to exfiltrate any data, and that the plan is to restore the machines from backups.
From ThreatPost.com:
Multiple flaws have been found in Open Automation Software, a popular platform used by industrial control systems. The two critical and five high severity vulnerabilities could allow unauthorized device access, remote code execution, or...
Episode 234 - 27 May 2022
Buggy Android apps- https://www.bleepingcomputer.com/news/security/microsoft-finds-severe-bugs-in-android-apps-from-large-mobile-providers/
Guzzle cookies crumble -
https://portswigger.net/daily-swig/patch-released-for-cross-domain-cookie-leakage-flaw-in-guzzle
Ransome besets Somerset - https://www.cnn.com/2022/05/26/politics/new-jersey-somerset-county-ransomware-attack/index.html
BlackCat slashes Austria -
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/
Crital OAS flaws- https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/
New Windows update not Trend-y -
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
Hi, I’m Paul Torgersen. It’s Friday May 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Microsoft security researchers have found high severity vulnerabilities in a framework owned by MCE Systems that is used by Android apps. The vulnerabilities expose users to command injection and privilege escalation attacks. The apps have millions of downloads on Google's Play Store and come pre-installed as system applications on devices bought from operators including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. Patches have been issued.
From PortSwigger.net:
Guzzle, the popular HTTP client for PHP applications, has addressed a high severity vulnerability leading to cross-domain cookie leakage. The flaw resides in Guzzle’s cookie middleware, which is fortunately disabled by default, so most library consumers will not be affected. Drupel is one of the applications that use the third-party library and has released updates to address the issue.
From CNN.com:
A ransomware attack has forced officials in Somerset County New Jersey to switch off their computers and set up temporary Gmail accounts so the public can communicate with key agencies like health, emergency and sheriff's departments. The county says the attack has only affected email and IT systems and that phone lines and emergency service systems are all working properly. No word on the threat actor or specific malware involved.
From BleepingComputer.com:
The Austrian state of Carinthia has been hit by the BlackCat ransomware gang, who demanded $5 million to unlock their encrypted computer systems. Evidently thousands of workstations have been locked by the attack. The government says there is no evidence that BlackCat actually managed to exfiltrate any data, and that the plan is to restore the machines from backups.
From ThreatPost.com:
Multiple flaws have been found in Open Automation Software, a popular platform used by industrial control systems. The two critical and five high severity vulnerabilities could allow unauthorized device access, remote code execution, or...
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight.
Episode 234 - 27 May 2022
Buggy Android apps- https://www.bleepingcomputer.com/news/security/microsoft-finds-severe-bugs-in-android-apps-from-large-mobile-providers/
Guzzle cookies crumble -
https://portswigger.net/daily-swig/patch-released-for-cross-domain-cookie-leakage-flaw-in-guzzle
Ransome besets Somerset - https://www.cnn.com/2022/05/26/politics/new-jersey-somerset-county-ransomware-attack/index.html
BlackCat slashes Austria -
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/
Crital OAS flaws- https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/
New Windows update not Trend-y -
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
Hi, I’m Paul Torgersen. It’s Friday May 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Microsoft security researchers have found high severity vulnerabilities in a framework owned by MCE Systems that is used by Android apps. The vulnerabilities expose users to command injection and privilege escalation attacks. The apps have millions of downloads on Google's Play Store and come pre-installed as system applications on devices bought from operators including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. Patches have been issued.
From PortSwigger.net:
Guzzle, the popular HTTP client for PHP applications, has addressed a high severity vulnerability leading to cross-domain cookie leakage. The flaw resides in Guzzle’s cookie middleware, which is fortunately disabled by default, so most library consumers will not be affected. Drupel is one of the applications that use the third-party library and has released updates to address the issue.
From CNN.com:
A ransomware attack has forced officials in Somerset County New Jersey to switch off their computers and set up temporary Gmail accounts so the public can communicate with key agencies like health, emergency and sheriff's departments. The county says the attack has only affected email and IT systems and that phone lines and emergency service systems are all working properly. No word on the threat actor or specific malware involved.
From BleepingComputer.com:
The Austrian state of Carinthia has been hit by the BlackCat ransomware gang, who demanded $5 million to unlock their encrypted computer systems. Evidently thousands of workstations have been locked by the attack. The government says there is no evidence that BlackCat actually managed to exfiltrate any data, and that the plan is to restore the machines from backups.
From ThreatPost.com:
Multiple flaws have been found in Open Automation Software, a popular platform used by industrial control systems. The two critical and five high severity vulnerabilities could allow unauthorized device access, remote code execution, or...
Episode 234 - 27 May 2022
Buggy Android apps- https://www.bleepingcomputer.com/news/security/microsoft-finds-severe-bugs-in-android-apps-from-large-mobile-providers/
Guzzle cookies crumble -
https://portswigger.net/daily-swig/patch-released-for-cross-domain-cookie-leakage-flaw-in-guzzle
Ransome besets Somerset - https://www.cnn.com/2022/05/26/politics/new-jersey-somerset-county-ransomware-attack/index.html
BlackCat slashes Austria -
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/
Crital OAS flaws- https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/
New Windows update not Trend-y -
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
Hi, I’m Paul Torgersen. It’s Friday May 27th, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
Microsoft security researchers have found high severity vulnerabilities in a framework owned by MCE Systems that is used by Android apps. The vulnerabilities expose users to command injection and privilege escalation attacks. The apps have millions of downloads on Google's Play Store and come pre-installed as system applications on devices bought from operators including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. Patches have been issued.
From PortSwigger.net:
Guzzle, the popular HTTP client for PHP applications, has addressed a high severity vulnerability leading to cross-domain cookie leakage. The flaw resides in Guzzle’s cookie middleware, which is fortunately disabled by default, so most library consumers will not be affected. Drupel is one of the applications that use the third-party library and has released updates to address the issue.
From CNN.com:
A ransomware attack has forced officials in Somerset County New Jersey to switch off their computers and set up temporary Gmail accounts so the public can communicate with key agencies like health, emergency and sheriff's departments. The county says the attack has only affected email and IT systems and that phone lines and emergency service systems are all working properly. No word on the threat actor or specific malware involved.
From BleepingComputer.com:
The Austrian state of Carinthia has been hit by the BlackCat ransomware gang, who demanded $5 million to unlock their encrypted computer systems. Evidently thousands of workstations have been locked by the attack. The government says there is no evidence that BlackCat actually managed to exfiltrate any data, and that the plan is to restore the machines from backups.
From ThreatPost.com:
Multiple flaws have been found in Open Automation Software, a popular platform used by industrial control systems. The two critical and five high severity vulnerabilities could allow unauthorized device access, remote code execution, or...