Security
Headlines
HeadlinesLatestCVEs

Tag

#android

LetMeSpy Phone-Tracking App Hacked, Revealing User Data

With at least 13,000 compromised devices in the data leak, it is still unknown who the threat actor is or whether or not victims will be personally notified.

DARKReading
Open in Source
#android#auth
CVE-2023-34761: GitHub - actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak: 'Hacking' a 7-Eleven Bluetooth Smart Cup | CVE-2023-34761

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

CVE-2023-21237: Pixel Update Bulletin—June 2023

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is "feasible to compromise the targeted device by injecting a specific EM glitch at the right time

Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized

Categories: News Tags: EncroChat Tags: Sky ECC Tags: AN0M Tags: organized crime Europol has published the results of an infiltration operation on EncroChat, a secure communications system set up by and for criminals. (Read more...) The post Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized appeared first on Malwarebytes Labs.

Anatsa Banking Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland

A new Android malware campaign has been observed pushing the Anatsa banking trojan to target banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023. "The actors behind Anatsa aim to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud (DTO) to initiate fraudulent transactions," ThreatFabric

NHS Psychiatrist Jailed; Dark Web Forum and 7,000 Images Seized

By Deeba Ahmed Closure for victims? This is a post from HackRead.com Read the original post: NHS Psychiatrist Jailed; Dark Web Forum and 7,000 Images Seized

Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer

By Deeba Ahmed Cyble Research and Intelligence Lab's cybersecurity researchers have disclosed how threat actors exploit gamers by delivering malware-loaded installers of popular games. This is a post from HackRead.com Read the original post: Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer

CVE-2022-48332: Cyber Intelligence - Hardware and Software Security Assessments

Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.

CVE-2022-48335: Cyber Intelligence - Hardware and Software Security Assessments

Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.