Security Leftovers

• Design Weaknesses Expose Industrial Systems to Damaging Attacks [iophk: Windows TCO]

  On the 10,000 industrial endpoints it has analyzed, PAS discovered a total of more than 380,000 known vulnerabilities, a majority impacting software made by Microsoft. However, the company found not only typical vulnerabilities that can be patched with a software or firmware update, but also weaknesses introduced by the existence of legitimate features and functionality that can be abused for malicious purposes.

• GMP don't know exactly what crimes were committed in the second half of 2019 - because of its computer system

  The force’s new computer system, which prompted a flood of frustrated whistleblowers to come forward over the summer, is preventing GMP from providing the government with up-to-date crime figures

• 250 million Microsoft customer service records briefly exposed online: report

  Consumer research group Comparitech found that records of conversations between Microsoft support employees and customers around the world spanning 14 years, from 2005 through the end of 2019, were left exposed on five separate servers between Dec. 28 and 29.

  This information was accessible during that time to anyone with a web browser, and included customer email addresses, locations, IP addresses, case numbers and confidential internal notes on cases.

• Looking for silver linings in the CVE-2020-0601 crypto vulnerability

  The scene stealer in January’s Patch Tuesday updates from Microsoft was CVE-2020-0601, a very serious vulnerability in the crypt32.dll library used by more recent versions of Windows. The flaw, which also goes by the names Chain of Fools and Curveball, allows an attacker to fool Windows into believing that malicious software and websites have been digitally vouched for by one of the root certificate authorities that Windows trusts (including Microsoft itself). An attacker could exploit the flaw to disguise malware as legitimate – Microsoft-approved – software, to conduct silent Man-in-the-Middle attacks or to create more realistic phishing websites.

• Critical MDhex Vulnerabilities Shake the Healthcare Sector

  Critical vulnerabilities have been discovered in popular medical devices from GE Healthcare that could allow attackers to alter the way they function or render them unusable. A set of six security flaws, they have been collectively named MDhex. Five of them received the highest severity rating on the Common Vulnerability Scoring System, 10 out of 10.

• Investigating a Backdoor.SH.SHELLBOT.AA Infection

  Surprisingly, it's not obfuscated beyond the initial packing. I've made it available here, albeit with anything that could identify the botmaster redacted.3 I believe the language here is Portuguese. The code disguises itself by setting argv to "rsync" and forking into the background. It then connects to an IRC C&C server and waits for commands.

Android Leftovers

• Samsung Good Lock 2020 with Android 10 support is coming February 3

• Motorola begins Android 10 rollout for the Moto G7 Plus

• LG Android 10 Desktop Mode might be heralding a huge change

• Here’s where you can buy the Motorola One Hyper and get Android 10 on a budget

• How to use Focus Mode on Android 10

• How to share your location on WhatsApp using an iPhone or Android device

• WhatsApp will stop working on these iPhones and Android smartphones next week

• The Twitter app is crashing for Android users: Here’s how to fix it

• Here's what Android running on the dual-screen Surface Duo might look like

• Google I/O 2020 Dates Announced: Get Ready to See Android 11, New Pixel Phone, and Developments on May 12

• 10 best audiobook apps for Android

• 5 best photo resizer apps for Android

• This Android Emulation Controller Turns Your Phone Into PS2, 3DS, Wii

• The best Android phones available at AT&T Prepaid

• Curb Your Smartphone Addiction With Google's New Android Apps

• Samsung is working on an AirDrop alternative, but is it what Android users want?

• Quick Share Is Samsung's Galaxy S20 AirDrop Alternative

• Play Books for Android drops navigation drawer for Material Theme switcher

• Android app privacy policies contain contradictions about data collection

• Hisense A5 5.84″ e-Paper Android Smartphone Promises Up to 10-Day Battery Life

• US Government-Funded Android Phones Come With Pre-Installed Malware

Open-spec SBC serves up 4k camera-oriented Allwinner V536 SoC

The open-spec “Lindenis V536” SBC runs Linux on the Cortex-A7-based Allwinner V536, a 4k camera-oriented SoC with integrated ISP and VPU. The 130 x 85mm SBC design is built in an SoM plus baseboard configuration. Lindenis Tech Ltd., a Shenzhen, China startup staffed by former Allwinner employees, has released the Lindenis V536, an open spec, single board computer based on Allwinner’s V536 4k mobile camera SoC. In August 2018, we covered a previous camera-oriented SBC from Lindenis, the Lindenis V5 based on the Allwinner’s V5 SoC. It’s only natural that the company would now follow up with this new open-spec 130 x 85mm SBC based on Allwinner’s new V536 SoC. The V536 SoC is a high-performance, low-power mobile camera SoC developed for the new generation of intelligent driving recorders. The Lindenis V536 board supports Linux-4.9 and its homegrown Lindenis Video OS.

7 Best Free Web-Based Git Clients

Git is an open source distributed version control system which was originally designed by Linus Torvalds, the creator of Linux, in 2005 for Linux kernel development. This control system is widely used by the open source community, handling small to extremely large projects with an emphasis on speed and efficiency, but maintaining flexibility, scalability, and guaranteeing data integrity. Git is one of a number of open source revision control systems available for Linux. Other popular tools in this field include Subversion, Bazaar, Mercurial, Monotone, CVS, and SVN. However, Git is frequently regarded by many developers to be the finest version control tool available.