Linux Bug Opens Most VPNs to Hijacking
In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.
Vulnerabilities
OpenBSD Hit with Authentication, LPE Bugs
The authentication bypass (CVE-2019-19521) is remotely exploitable.
Critical Android Flaw Leads to ‘Permanent DoS’
The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.
It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.
Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover.
A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.
TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.
Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension.
Some of the bugs allow remote code-execution.
