Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Ubuntu Security Notice USN-5500-1

Ubuntu Security Notice 5500-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Lin Ma discovered that the NFC Controller Interface implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Packet Storm
Open in Source
#vulnerability#web#amazon#ubuntu#linux#dos#perl#aws
My Body, My Data Act would lock down reproductive and sexual health data

A new bill proposes the strongest Federal data privacy protections yet for reproductive and sexual health data. The post My Body, My Data Act would lock down reproductive and sexual health data appeared first on Malwarebytes Labs.

Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

By Deeba Ahmed Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature. Google TAG (Threat Analysis… This is a post from HackRead.com Read the original post: Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

Microsoft Going Big on Identity with the Launch of Entra

With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.

Amazon Quietly Patches 'High Severity' Vulnerability in Android Photos App

Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said. "Others,

Threat Source newsletter (June 30, 2022) — AI voice cloning is somehow more scary than deepfake videos

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  We took a week off for summer vacation but are back in the thick of security things now.  My first exposure to deepfake videos was when Jordan Peele worked with BuzzFeed News to produce this video of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and

Amazon Photos vulnerability could have given attackers access to user files and data

The retail giant patched a serious flaw in its Amazon Photos app that left user access token exposed to potential attackers. The post Amazon Photos vulnerability could have given attackers access to user files and data appeared first on Malwarebytes Labs.

Leaky Access Tokens Exposed Amazon Photos of Users

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

Broken Authentication Vuln Threatens Amazon Photos Android App

The now-patched bug allows an attacker to gain full access to a user's Amazon files.