Tag Archive for: patches

Samsung Galaxy Tab Active 5 Enterprise Edition to Get Eight Years of Android OS Updates, Security Patches


Launched in January this year alongside the Galaxy XCover 7, the Samsung Galaxy Tab Active 5G is IP68 certified and has military-grade durability (MIL-STD-810H). A few months after launch, a Samsung manager introduced the Enterprise version. The Galaxy Tab Active 5 5G gets eight years of Android and security updates. The standard version of the rugged tablet received four major operating system updates and five years of security patches.

The enterprise version of the Samsung Galaxy Tab Active 5 will receive the Android operating system and security updates for eight years, a Samsung manager in the Netherlands announced on LinkedIn (via SomeMobile ). This means that the tablet will receive updates and new features to Android 22 until 2032. Meanwhile, the standard version of the rugged tablet gets four major OS updates and five years of security patches.

The Galaxy Tab Active 5 will be the first tablet from the South Korean brand that is sure to receive software updates for a longer period of time. Samsung has promised seven years of Android updates and security patches for the latest Galaxy S24 series. Google also offers seven years of software support for the Pixel 8 and Pixel 8 Pro.

The Samsung Galaxy Tab Active 5 Enterprise Edition comes in green and runs Android 14. It features an 8-inch WUXGA TFT display with a refresh rate of up to 120Hz, Gorilla Glass protection and an octa-core 5nm processor. . SoC.

The Galaxy Tab Active 5 has a 13-megapixel rear camera and a 5-megapixel front-facing camera. It has a 5050 mAh battery. The tablet also comes with MIL-STD-810H certification and IP68 protection, which protects the device from vibration, accidental shocks, drops, rain and dust. It has S Pen integration and supports face unlock.

Source…

Microsoft patches two zero-days for Valentine’s Day


Microsoft has patched two actively exploited zero-day vulnerabilities in its February Patch Tuesday – a pair of security feature bypasses affecting Internet Shortcut Files and Windows SmartScreen respectively – out of a total of just over 70 vulnerabilities disclosed in the second drop of 2024.

Among some of the more pressing issues this month are critical vulnerabilities in Microsoft Dynamics, Exchange Server, Office, and Windows Hyper-V and Pragmatic General Multicast, although none of these flaws are being used in the wild quite yet.

Water Hydra

The first of the two zero-days is tracked as CVE-2024-21412 and was found by Trend Micro researchers. It appears to be being used to target foreign exchange traders specifically by a group tracked as Water Hydra.

According to Trend Micro, the cyber criminal gang is leveraging CVE-2024-21412 as part of a wider attack chain in order to bypass SmartScreen and deliver a remote access trojan (RAT) called DarkMe, likely as a precursor to future attacks, possibly involving ransomware.

“CVE-2024-21412 represents a critical vulnerability characterised by sophisticated exploitation of the Microsoft Defender SmartScreen through a zero-day flaw,” explained Saeed Abbasi, product manager for vulnerability research at the Qualys Threat Research Unit.

“This vulnerability is exploited via a specially crafted file delivered through phishing tactics, which cleverly manipulates internet shortcuts and WebDAV components to bypass the displayed security checks.

“The exploitation requires user interaction, attackers must convince the targeted user to open a malicious file, highlighting the importance of user awareness alongside technical defences. The impact of this vulnerability is profound, compromising security and undermining trust in protective mechanisms like SmartScreen,” said Abbasi.

The second zero-day, tracked as CVE-2024-21351, is remarkably similar to the first in that ultimately, it impacts the SmartScreen service. In this case, however, it enables an attacker to get around the checks that it conducts for the so-called Mark-of-the-Web (MotW) that indicates whether a file can be trusted or not, and execute their own code.

“This…

Source…

Cisco patches IOS XE zero-days used to hack over 50,000 devices


Cisco has released a patch to fix two high-severity flaws that were being abused in the wild to take over vulnerable endpoints. 

The first fixed version is 17.9.4a, and IT admins are urged to apply it immediately and secure their premises. The patch can be found in the company’s Software Download Center.

Source…

Security Breach: Patches, PLCs and Making it Harder for Hackers


Pa

When it comes to assessing the threat landscape for OT cybersecurity environments, the challenge has become less about identifying possible sources of attack, and more about prioritizing them. Protection from external sources gets a lot of attention, and rightfully so. However, another source of these threats, which can be just as detrimental, lies within the walls of your facility.

Joining us today to discuss some of these internal vulnerabilities, and a tremendous report that details them, is Carlos Buenano, the chief technology officer of OT at Armis.

We’re also excited to announce that Palo Alto Networks is sponsoring this episode. For more information on zero trust security for all OT environments and simplified operations, go to www.paloaltonetworks.com/network-security.

To catch up on past episodes, you can go to Manufacturing.netIEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

Source…