Tag Archive for: October

Patch Tuesday, October 2021 Edition – Krebs on Security

/in


Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.

Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of-concept exploit that was derived from reverse engineering Apple’s patch.

Abrams said the list of impacted Apple devices is quite extensive, affecting older and newer models. If you own an iPad or iPhone — or any other Apple device — please make sure it’s up to date with the latest security patches.

Three of the weaknesses Microsoft addressed today tackle vulnerabilities rated “critical,” meaning that malware or miscreants could exploit them to gain complete, remote control over vulnerable systems — with little or no help from targets.

One of the critical bugs concerns Microsoft Word, and two others are remote code execution flaws in Windows Hyper-V, the virtualization component built into Windows. CVE-2021-38672 affects Windows 11 and Windows Server 2022; CVE-2021-40461 impacts both Windows 11 and Windows 10 systems, as well as Server versions.

But as usual, some of the more concerning security weaknesses addressed this month earned Microsoft’s slightly less dire “important” designation, which applies to a vulnerability “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”

The flaw that’s under active assault — CVE-2021-40449 — is an important “elevation of privilege” vulnerability, meaning it can be leveraged in combination with…

Source…

October is National Cyber Security Month, experts say change your passwords and more

/in


SAVANNAH, Ga. (WSAV) – October is National Cyber Security Awareness Month and if you think you could never be a target, you are probably wrong. The hackers are out in droves.

“This has now become an industry, it’s no longer just a bunch of people sitting in a basement somewhere and hacking in from some third-world country,” said Ed Peters, a cyber security expert, and chief innovation officer at Panzura.

“This now a full supply chain based industry with access brokers who will see lists of accounts they found access to and got passwords for that others can buy on the dark web,” he said.

While many of us have heard of the recent hacks of large institutions, including hospitals, where ransom demands are made, Peters says crooks still go after average people.

“Actually, they find that individuals are probably less sophisticated in this and therefore easier to attack,” said Peters. “These attacks are going on at all levels right now, and 75 percent of the scams occur through email, and they tell you that there’s something wrong with one of your accounts or there’s a business transaction issue and get you to click on an attachment.”

If you click on that strange attachment, it can help a hacker infiltrate your computer and capture passwords to things like your bank account.

Peters estimates “less than 10 percent” of consumers are prepared for cyber threats.

He says we use technology for convenience and sometimes don’t want the inconvenience of doing things like changing passwords or figuring out to use a password manager system (which he recommends) or making sure we don’t use the same passwords for a number of accounts.

“Install hard passwords, rather than just using something you can easily remember, and don’t use the same passwords for multiple accounts,” Peters said. “The hackers call that ‘credential stuffing’ and once they find one password, they’ll try that on a number of your account and see which one works.”

If hackers do get a password that you use for several accounts, they may get your money, too. Peters reminds all of us…

Source…

Galaxy S21 already getting October 2021 security update as One UI 4.0 beta work continues

/in


Last updated: September 28th, 2021 at 07:30 UTC+02:00

Samsung has done it again! It has released a new security update to its smartphones even before the start of the month. The Galaxy S21, Galaxy S21+, and the Galaxy S21 Ultra have become the first smartphones to get the October 2021 security update.

The new update is currently rolling out in Germany and the Philippines, but more markets could soon get access to this new software. The latest software update for the Galaxy S21 series comes with firmware version G991BXXU3AUIE, and it includes the October 2021 security patch. However, Samsung hasn’t detailed which vulnerabilities it has fixed with the new update.

If you are a Galaxy S21 series smartphone user in Germany or the Philippines, you might have already received a notification of the new update. If you haven’t received it yet, you can check for it manually by navigating to Settings » Software update and tapping on Download and install. You can also download the new firmware file from our firmware database and flash it manually.

The Galaxy S21 series was launched earlier this year with Android 11-based One UI 3.1 on board. A few weeks ago, the smartphones received the One UI 3.1.1 update with slight UI changes and performance improvements. These smartphones could soon get the Android 12-based One UI 4.0 update which is currently being tested.

Join SamMobile’s Telegram group and subscribe to our YouTube channel to get instant news updates and in-depth reviews of Samsung devices. You can also subscribe to get updates from us on Google News.

Image of Galaxy S21

SamsungGalaxy S21

Image of Galaxy S21+

SamsungGalaxy S21+

Image of Galaxy S21 Ultra

SamsungGalaxy S21 Ultra

Source…

Android October security update tracker for major OEMs & carriers…

/in


Android updates are all over the place. It’s been years since Android devices were first released but OEMs and Google are yet to figure out how to streamline the update process.

Google has tried a few things such as introducing the Android One program and also Android GSIs (Generic System Images) in an effort to make Android updates seamless and quick.

Of course, neither of these have made much of a dent in how OEMs release updates for their devices. Matter of fact, Xiaomi managed to screw up updates for its Android One line of devices big time.

OnePlus-8-5G

OnePlus 8

We’re not only talking about major Android updates here. More often than not, device vendors fail to push security updates on time for certain models. Therefore, it’s hard to know when your device is going to receive a security update.

That said, in order to make things easier for you, we’re going to track the rollout of the October security patch for devices for all major OEMs as well as mobile carriers.

The tracker below will be updated as and when an OEM or carrier begins rolling out the October security update for any device. So make sure to keep an eye on this post regularly to know when the update rolls out for your phone or tablet.

    NOTE: Clicking/tapping on a concerned section in the OEM- and Carrier-specific index below will take you to the section/table of your interest.
INDEX for OEMs and Carriers
OEM October security update tracker

    NOTE: If the table below is empty it means none of the devices have received the October patch yet. The entries will be done as and when the updates go live.
Device Date Details Description/changelog
Google Pixel 2 Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 2 XL Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 3 Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 3 XL Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 3a Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Device Date Details Description/changelog
Google Pixel 3a XL Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 4 Oct. 05 – Build/version no: RP1A.201005.004 (Source)
Google Pixel 4 XL Oct. 05

Source…