Mastodawn

kriware

5d ago

CVE-2026-0047: Stealing Screenshots from Every Running App

Missing Android permission check lets any app dump UI bitmaps from running apps.

https://www.mobilehackinglab.com/blog/cve-2026-0047-activitymanager-eop-steal-images

#Android #EoP

0-Click RCE in Samsung's OpenAPV on Android 16

How a missing bounds check in Samsung's APV video codec leads to heap corruption on Android 16 — proved with OOB read/write PoCs, MP4 exploit on Android emulator, and 4 fuzzing approaches including AFL++.

SOC Goulash Mar 11

Hello cyber pros! It's been a week of critical reminders about cloud security, diligent patching, and the evolving nature of warfare. Let's dive into the latest:

Salesforce Cloud Misconfigurations Under Attack ⚠️
- Threat actors are actively exploiting "overly permissive" guest user configurations in Salesforce Experience Cloud to steal sensitive data.
- This isn't a Salesforce platform vulnerability, but rather a customer misconfiguration. Attackers are using modified Aura Inspector tools to scan and extract data from public-facing sites.
- Actionable advice: audit guest user profiles, set company-wide defaults to "private", disable public APIs, restrict visibility, disable self-registration if not needed, and regularly review event monitoring logs.

👁️ Dark Reading | https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs

Microsoft's March Patch Tuesday 🛡️
- Microsoft released patches for 83 CVEs this month, with six identified as "more likely to exploit" and eight critical severity.
- A notable critical RCE (CVE-2027-21536, CVSS 9.8) in the Microsoft Devices Pricing Program was already patched and mitigated, uniquely identified by an AI agent.
- Two publicly known (zero-day) flaws, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server EoP), are considered low threat despite public disclosure.
- Key EoP vulnerabilities include three in the Windows kernel (CVE-2026-24289, CVE-2026-26132, CVE-2026-24287) and others in SMB Server (CVE-2026-24294) and Microsoft Graphics Component (CVE-2026-23668), all with higher exploit likelihood.
- Two RCEs in Microsoft Office (CVE-2026-26113, CVE-2026-26110, CVSS 8.4) can be exploited via the Preview Pane without opening malicious files. Mitigate by disabling Preview Pane and restricting untrusted Office files.

👁️ Dark Reading | https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update

Cloud Resilience in Modern Warfare ☁️
- Recent Middle East conflicts saw physical attacks, including drone strikes, on AWS facilities in the UAE and Bahrain, causing significant structural damage and service disruptions.
- This highlights a critical shift: hyper-scale cloud data centres are now "Tier 1 strategic targets" in modern warfare, as militaries and governments increasingly rely on cloud infrastructure.
- Traditional cloud resilience strategies, designed for natural disasters, are insufficient against kinetic attacks that can permanently destroy hardware or sever physical connectivity.
- Organisations must rethink disaster recovery and data governance, especially for real-time, low-latency workloads. The concept of "Allied Data Sovereignty" may emerge, advocating for data backups in allied nations to ensure survival during crises.

👁️ Dark Reading | https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

#CyberSecurity #ThreatIntelligence #CloudSecurity #Salesforce #Misconfiguration #PatchTuesday #Microsoft #Vulnerabilities #RCE #EoP #CyberWarfare #CloudResilience #InfoSec

'Overly Permissive' Salesforce Cloud Configs in the Crosshairs

Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.

Dark Reading

Richard Penner Mar 9

In other news, #Trump has bullied various #LawFirms into promising millions of dollars of free services and at least four firms said no, and won in Federal District Court.

> Trump’s only Big Law victories so far have come outside the courtroom. Nine top law firms ... reached agreements with Trump to provide at least $940 million worth of pro bono services collectively to avoid executive orders.

https://news.bloomberglaw.com/business-and-practice/justice-replaces-attorney-on-big-law-executive-order-appeals

Last Tuesday, a day after saying in Appellate Court that they planned to abandon their appeal, Trump's DOJ reversed course.

https://www.courtlistener.com/docket/70694462/perkins-coie-llp-v-doj/

> The administration told a court on Monday that it was abandoning its defense of executive orders targeting the firms. But on Tuesday, the Justice Department abruptly changed its position.

> The move amounted to a dizzying turnabout in one of President Trump’s most audacious — and, many legal experts said, unconstitutional — attempts at subduing potentially powerful adversaries. It created new uncertainty in a legal profession already roiled by the orders, after some of the country’s biggest law firms thought they had put to rest a key part of the president’s retribution campaign less than 24 hours before.

https://www.nytimes.com/2026/03/03/us/politics/trump-law-firm-orders-reversal.html?unlocked_article_code=1.RlA.kMWR.SDFaaq-20pk1&smid=url-share

So on Friday, the DOJ is back in court with 97 pages in their opening brief in the appeal.

#PerkinsCoie LLP v. #DOJ (25-5241, Court of Appeals, DC Circuit, 2026-03-06 Brief for Appellants, 97 pages)
(consolidating Jenner & Block LLP v. DOJ, Wilmer Cutler Pickering Hale & Dorr LLP v. #ExecutiveOfficeOfThePresident, and #SusmanGodfrey LLP v. #EOP )

#JennerBlock #WilmerCutlerPickeringHaleDorr #WilmerCutler

Justice Replaces Attorney on Big Law Executive Order Appeals

The Justice Department has tapped a new attorney to defend President Donald Trump’s punitive executive orders against major firms in two federal appeals court cases.