Tag Archive for: releases

Samsung releases December 2022 security update, starting with Galaxy S20

/in


Since Samsung was so focused on rolling out the Android 13 update, it delayed the release of the December 2022 security update by a few days. However, the company has now started rolling out the new security update, starting with the Galaxy S20 series in Europe.

The new software update for the Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra bears firmware version G98xBXXSFGVK7. The update is currently available in Austria, Bulgaria, Croatia, France, Germany, Greece, Hungary, Italy, Luxembourg, Poland, Portugal, Romania, Slovakia, Slovenia, Southeast Europe, Spain, Switzerland, the Baltic region, the Czech Republic, the Netherlands, and the UK.

The December 2022 security patch includes fixes for 67 security vulnerabilities found in Android smartphones. It also includes fixes for 26 vulnerabilities found in Samsung’s Galaxy smartphones and tablets. Five of those vulnerabilities have been marked as critical, while 63 vulnerabilities have been termed as ‘high’ priority. Twelve vulnerabilities from the list are marked as ‘moderate’ in Samsung’s monthly security bulletin.

If you are a Galaxy S20 series user and reside in any of the European countries or regions mentioned above, you can download the new software update by navigating to Settings » Software update and tapping Download and install. You can also choose to download the new firmware file from our firmware database and flash it manually.

Image of Galaxy S20 5G

SamsungGalaxy S20 5G

Image of Galaxy S20+ 5G

SamsungGalaxy S20+ 5G

Image of Galaxy S20 Ultra 5G

SamsungGalaxy S20 Ultra 5G

Source…

PCI Releases New Payment Standards for Mobile Devices

/in


PCI Standards
,
Standards, Regulations & Compliance

PCI MPoC Expected To Work Alongside Standard for Dedicated Payment Terminals

Akshaya Asokan (asokan_akshaya) •
November 18, 2022    

PCI Releases New Payment Standards for Mobile Devices
Image: Shutterstock

Payment card security group PCI Security Standards Council has a new standard aimed at allowing commercial devices to support multiple payment inputs including contactless cards and methods of cardholder verification.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

The standard allows for a single device to process contactless card data and a consumer-entered PIN.

Consumers across the globe increasingly use contactless methods for payment, and Aite-Novarica estimates 37.8% global growth in such payments from 2020 to 2021. Forrester, in an annual study conducted for the National Retail Foundation, concluded that most U.S. merchants already accept Apple Pay and PayPal.

The new standard – its official name is PCI Mobile Payment on COTS, or MPoC – is aimed at payment software vendors and service providers whose solutions range from applications used for accepting users’ account data to software deployed for back-end payment data attestation and monitoring.

”This was done in direct response to the feedback we heard from our community,” said Andrew Jamieson, vice president of solution standards at PCI SSC. “The PCI MPoC standard allows for both contactless card data and PINs to be entered into the same COTS device, for the same transaction, as well as supporting the use of external card readers if those are desired.”

The new standard is quite different than the council’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media…

Source…

Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection

/in


Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.

In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.

Malware growing more evasive, injection attacks a top web app security risk

Malware has evolved to become highly evasive and increasingly sandbox-aware. In May, researchers at cybersecurity vendor Proofpoint analyzed a remote access Trojan (RAT) malware campaign (Nerbian RAT) that used several advanced evasion techniques to target global organizations. These included anti-analysis and anti-reversing capabilities. New sandboxing techniques are needed to help mitigate more sophisticated and evasive malware, Palo Alto stated. The new Advanced WildFire service has therefore been designed to introduce new capabilities such as intelligent run-time memory analysis combined with stealthy observation and automated unpacking to stay hidden from malware and defeat advanced evasions, according to the vendor.

Injection attacks that push malicious code into systems by exploiting unpatched vulnerabilities in software continue to pose significant threats to organizations. They remain one of the top attack threats on the OWASP Top 10 Web Application Security Risks list, whilst BreachLock’s Annual Penetration Testing Intelligence Report 2022 listed SQL injection and cross-site scripting errors (XSS) as the bane of security teams, accounting for more than a third of the critical risks found in web applications.

Palo Alto said its enhanced ATP service…

Source…

Samsung Releases Maintenance Mode, A New Feature To Hide Your Personal Information From Prying Eyes

/in


The new privacy feature will roll out gradually to Galaxy devices starting with the Galaxy S22, allowing users to block access to their data while their devices are being serviced

Samsung Electronics Co., Ltd. today begins the global rollout[1] of Maintenance Mode, a new privacy feature coming to select Samsung Galaxy devices, following a successful pilot program in Korea and initial launch in China. Maintenance Mode can relieve user anxiety that comes with giving a personal device to someone for repairs, by letting users block access to their personal information, such as their photos, messages or contacts.

“Our whole lives are on our phones, from credit card information to family photos. With Maintenance Mode, we are giving extra reassurance that Galaxy users can keep their privacy, even if they hand their phone to someone,” said Seungwon Shin, VP and Head of Security Team at Mobile eXperience Business, Samsung Electronics. “This is just the latest example of our constant efforts to introduce new ways to make people feel safe and in control, so they can explore new mobile experiences with peace of mind, knowing we have their back.”

Maintenance Mode is a way of creating a separate user account when you hand in your device to be repaired so they can operate core functions without being able to access to any of your private information. All the user needs to do is select Maintenance Mode in the ‘Battery and device care’ menu within ‘Settings’, and reboot their smartphone. As soon as it’s rebooted, all their personal information including their photos, documents and messages will be restricted[2].


Galaxy

Once Maintenance Mode is switched on, the person who was entrusted with the device won’t be able to retrieve user-installed apps either. Data or accounts generated when using Maintenance Mode are automatically deleted as soon as the owner exits Maintenance Mode. They will be able to download apps on Galaxy Store, but those will be automatically deleted along with any data or accounts created as soon as the owner exits Maintenance Mode.

Samsung Galaxy devices are protected by Knox,…

Source…