Having been notified back in March, Google has yet to patch a 0-day vulnerability that allows for privilege escalation attacks. TrendMicro researchers in collaboration with the Zero Day Initiative went public on September 4th, 2019. In order to exploit this vulnerability, attackers must first obtain the ability to execute high-privileged code and would need local access to the … [Read more...]
Android APK Reverse Engineering: What’s in an APK
Before building off the previous post, I wanted to take a moment and clarify the objective of this series. The purpose of this series is to break down the APK reverse engineering process into smaller chunks in order to really appreciate each step. As we progress through the series, I want readers to be able to build off of the previous post and see how all the pieces tie … [Read more...]
Face Recognition For Purchasing is Still a Novelty
Now you can pay for your drink using just your face in China, but only for some. Chinese face recognition vending machine. No cash, card, or phone needed. pic.twitter.com/tDN0pMitA4 — Matthew Brennan (@mbrennanchina) August 21, 2019 A video recently posted to Twitter shows a woman who has walked up to a vending machine press a button on a screen before standing in front of … [Read more...]
Additional WPA3 Dragonblood Vulnerabilities
The same security researchers that disclosed the initial five WPA3 vulnerabilities (referred to as Dragonblood) earlier this year in April, have recently disclosed two additional WPA3 vulnerabilities. Just like the initial five Dragonblood vulnerabilities, these two new ones allow attackers to either downgrade or bypass WPA3 encryption protected networks via brute force … [Read more...]
The first 18 months of Data Breach regulation in Australia: my thoughts
Since its inception in February 2018, the Notifiable Data Breaches scheme (NDB scheme) in Australia has delivered some very interesting results, which we can all learn from. The NDB is a legal requirement imposed by the OAIC (Office of the Australian Information Commissioner) on organizations of all sizes to notify individuals of eligible data breaches. In her 12 … [Read more...]
