Sadly, IT can no longer trust geolocation for much of anything

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 16 Sep 2022 03:00:00 -0700

Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and Google Play both offer apps that unashamedly declare they can spoof locations — and neither mobile OS vendor does anything to stop it.

Why? It seems both Apple and Google created the holes these developers are using.

In a nutshell, Apple and Google — to test their apps across various geographies — needed to be able to trick the system into thinking that their developers are wherever they wanted to say that they are. What’s good for the mobile goose, as they say.

To read this article in full, please click here

Read more

Update now! Microsoft patches two zero-days

Categories: News

Tags: CVE-2022-37969

Tags: CVE-2022-23960

Tags: CVE-2022-35805

Tags: CVE-2022-34700

Tags: CVE-2022-34718

Tags: CVE-2022-34721

Tags: CVE-2022-34722

Tags: Microsoft

Tags: Adobe

Tags: Android

Tags: Apple

Tags: Cisco

Tags: Google

Tags: Samsung

Tags: SAP

Tags: VMWare

The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks

(Read more…)

The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.

Read more

Vulnerability in TikTok Android app could lead to one-click account hijacking

Credit to Author: Katie McCafferty| Date: Wed, 31 Aug 2022 16:00:00 +0000

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.

The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog.

Read more

Update now! Microsoft fixes two zero-days in August’s Patch Tuesday

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: patch Tuesday

Tags: MSDT

Tags: NFS

Tags: PPP

Tags: Exchange

Tags: CVE-2022-34713

Tags: CVE-2022-35743

Tags: DogWalk

Tags: CVE-2022-30134

Tags: CVE-2022-24477

Tags: CVE-2022-24516

Tags: CVE-2022-30133

Tags: CVE-2022-34715

Tags: Adobe

Tags: Cisco

Tags: Google

Tags: Android

Tags: SAP

Tags: VMWare

Patch Tuesday for August 2022 has come around. We take a look at the most important vulnerabilities that Microsoft’s fixed and a brief look at what other vendors did.

(Read more…)

The post Update now! Microsoft fixes two zero-days in August’s Patch Tuesday appeared first on Malwarebytes Labs.

Read more