Daam Android malware has access to sensitive data

  India's Computer Emergency Response Team  CERT-In.

Daam can bypass Anti-virus. Daam is distributed via websites and applications downloaded from untrusted sources.

 Once loaded the malware steals sensitive data: reading history, bookmarks, call logs, taking screen shots, accessing past screenshots, intercepting SMS, down loading and uploading files.

 Daam deletes most files after encrypting them with AES.

 Enhanced cautions on clicking on links in email, web sites, or popups. Using only trusted sites. We all know the drill. 

 Awareness, Preparedness, Understanding.

HP Officejet 902x printers Bad firmware

  Your HP Officejet Pro model 902x show error 83c0000B?

HP now indicating a bad firmware update from May 8 may be the problem.

 No current update as to when to expect a fix.

SOME Asus routers experience outages May 22, 2023

 Asus routers may or may have experienced internet access outages recently. The outage is due to a corrupt ASD file from an automatic update. Updates enables or not.

 Impacted routers should return to normal operations.

 If not, save the router settings, then factory reset.

KeePass Vulnerability Master Password retrieved from memory

 Unpatched (so far) KeePass exploit 

   Helps retrieve cleartext master password

 Retrieves from memory

 So even with database locked

 CVE-2023-3278

 Just memory access / memory dump

 process dump, swapfile, hibernation file, ..

 Windows, macOS, Linux, 

 2.53.1 and older are vulnerable 

 Version 2.54 should fix the issue

 BUT 

KeePass master password may still exist in memory

BEWARE of apps that can dump/access memory

CISA issues Samsung device exploration flaw.

  U.S Cybersecurity and Infrastructure Security Agency (CISA) has issues a warning for users of Samsung devices. 

 The issue impacts select Samsung devices running Android versions 11,12, and 13.

 Preliminary information indicates an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization protections (ASLR).

 No indication on when Samsung may address this issue. 

Apple Updates Everything Update

  Many of Apple's platforms has updates released May 18. An unusual occurrence. On a Thursday?

 Apple is terse with details on security related updates.

Safari, macOS, iOS, iPadOS, tvOS, watchOS both current and older versions can apply the updates.

At lease three vulnerabilities are currently being exploited in the wild.

The exploit code can combine the three cited vulnerabilities to take complete system access just by visiting a malicious web site!

SO, Important. PLEASE UPDATE.

Some detail: 

CVE-2023-32373 allows arbitrary code execution as WebKit processes malicious content.

CVE-2023-32409 allows breaking out of web content sandbox, thus full system compromise.

iOS 16.5 iPadOS 16.5 macOS Ventura 13.4 tvOS 16.5 watchOS 9.5 iOS 15.7.6 macOS Monterey 12.6.6 and Safari updates available today May 18

 Apple Updates everything.

Mozilla releases Security Updates for Firefox and Firefox ESR

 Date: 9-May-2023

Mozilla releases security updates for Firefox and Firefox ESR.

Firefox release version 113.0 after the security update.

Apple Rapid Security Response released today May 1, 2023

 Rapid Security Response for devices: macOS, iOS, iPadOS

iOS16.4.1(a) iPadOS 16.4.1(a) macOS 13.3.1(a) tvOS 16.4.1

Very little being released so far

Which might indicate the severity of this fix/patch.