Do QR Codes Put Your Mobile Device at Risk?

Philip BaderVulnerabilities

Quick Response codes, or simply QR codes, have been around since 1994. These printed square barcodes contain data that computers can scan and read. They were created by a Japanese subsidiary of Toyota to keep track of automobile parts during the assembly process. After the COVID-19 global pandemic hit in early 2020, QR codes have been nearly ubiquitous in bars … Read More

Securing ICS Networks from USB Threats

Ken HigginsVulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has long warned about threats facing the industrial control systems of critical infrastructure operators in manufacturing, energy, water management, aerospace, and other key public and private sectors. In addition to advising regular backups of all system and configuration data, the agency urges organizations to identify, minimize and secure all network connections to ICS. … Read More

SHAREit App Puts Android Users At Risk

Philip BaderVulnerabilities

A report released this week by IT security company Trend Micro announced the discovery of several critical security vulnerabilities in a mobile app for Android devices called SHAREit. The app, which has been downloaded more than a billion times on Google Play, bills itself as the fastest cross-platform file-sharing app in the world. Trend Micro said the vulnerabilities could allow … Read More

Android App Update Hijacks Millions of Devices

Philip BaderVulnerabilities

Users of a popular Android app with more than 10 million downloads discovered recently that the previously trustworthy app had become a delivery platform for fraudulent ads. Malwarebytes posted recently about their analysis of forum patron complaints relating to the Barcode Scanner app created by LavaBird LTD and until recently available on Google Play. The Barcode Scanner app billed itself … Read More

Google Patches Active Zero-Day Chrome Exploit

Philip BaderVulnerabilities

If you use the Google Chrome web browser, don’t wait for your next automatic update. Do it manually, and do it now. The new release includes a security patch for what Google described as a heap buffer overflow in V8 in a blog post on February 4. This memory corruption vulnerability, dubbed CVE-2021-21148, was discovered by a researcher late last … Read More