Security News

The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert. At a session at Black Hat Europe 2021 this week, Timur Yunusov, a senior security expert at Positive Technologies, explained flaws in contactless payment apps that could lead to fraud using lost or stolen mobile phones.

Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization's security requirements in Microsoft Intune's management interface after automatic restarts or after installing managed updates. Microsoft Intune is a cloud service that allows admins to manage Windows, macOS, iOS/iPadOS, and Android applications and devices in their enterprise environment.

Samsung is being sued for selling the Samsung Chromebook Plus 2-in-1 even though they allegedly knew for years of a defect that caused displays to break. The class action lawsuit has been filed by Tony McCoy out of the U.S. District Court for the District of New Jersey and claims that Samsung concealed the defect of the Chromebook and denied covering repair costs, even though the flaw affected numerous customers.

A Register reader triggered a kerfuffle for Samsung after asking the electronics biz if he could disable large and intrusive adverts splattered across his new smart TV's programme guide. "If you press the menu button to change between like TV or Netflix or, or whatever, even different sources, there's an advert panel," lamented McKillop to The Reg.

Trend Micro's ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC's Thunderstruck on the contest's third day. Sam Thomas from team Pentest Limited was the one who compromised the Samsung Galaxy S21 running the latest Android 11 security updates on the third day using a unique three-bug chain and earning $50,000.

Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP. So far, Trend Micro's Zero Day Initiative has awarded $777,500 over the first two days of Pwn2Own Austin, with $415,000 awarded during the second day and $362,500 won during the first day. The Synacktiv team maintains a slight lead in the Master of Pwn standings with 15 Master of Pwn points and $150,000 won so far, one point ahead of the DEVCORE team that has 14 points and has earned $140,000.

Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. "By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware - steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances."

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide. "TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase," Samsung said.

A printer driver shipped to millions of computers since 2005 is affected by a vulnerability that can be exploited for privilege escalation, according to endpoint security company SentinelOne. The vulnerability was initially discovered earlier this year in a driver shipped with HP printers, but a closer analysis revealed that the impacted component has also been delivered with Samsung and Xerox devices.

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question.