Android App Infects Millions of Devices With a Single Update

Subscribe to Newsletters

Webinar Archives

White Papers

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

DevOps Guide to Terraform Security

Reducing Data Breach Risk From Your Remote Workforce

Annual Cybercrime Report – Cybersecurity Ventures

2020 End of Year Phishing Report

More White Papers

Video

All Videos

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-26910
PUBLISHED: 2021-02-08

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

CVE-2021-21240
PUBLISHED: 2021-02-08

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 clie…

CVE-2021-21288
PUBLISHED: 2021-02-08

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal…

CVE-2021-21290
PUBLISHED: 2021-02-08

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty’s mul…

CVE-2021-21305
PUBLISHED: 2021-02-08

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:re…

The post Android App Infects Millions of Devices With a Single Update appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/android-app-infects-millions-of-devices-with-a-single-update/?utm_source=rss&utm_medium=rss&utm_campaign=android-app-infects-millions-of-devices-with-a-single-update