Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

The Hacker News
Open in Source
#vulnerability#web#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#apache#git#oracle#rce#samba#lenovo#amd#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
Don't plug your phone into a free charging station, warns FBI

Categories: Awareness Categories: News Tags: FBI Tags: juice jacking Tags: public chargers The FBI warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers to infect devices with malware. (Read more...) The post Don't plug your phone into a free charging station, warns FBI appeared first on Malwarebytes Labs.

QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks

By Habiba Rashid Citizens Lab and Microsoft have exposed an Israeli firm, QuaDream, selling spyware to governments around the world. This is a post from HackRead.com Read the original post: QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. "The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages

CVE-2023-27645: Poweramp – Music Player for Android

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.

CVE-2023-27179: Unrestricted File Download Vulnerability

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.

CVE-2023-22429: Food and more" uses a hard-coded API key for an external service

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.

A week in security (April 3 - 9)

Categories: News Tags: TikTok Tags: Super FabriXss Tags: Twitter Tags: macOS malware Tags: ransomware Tags: 2023 State of Malware Tags: Western Digital Tags: Android Tags: endpoint security Tags: ChatGPT Tags: K-12 Tags: IoT Tags: Facebook Tags: targeted advertising Tags: Google Tags: data theft Tags: e-file Tags: tax Tags: Uber breach The most interesting security related news from the week of April 3 - 9. (Read more...) The post A week in security (April 3 - 9) appeared first on Malwarebytes Labs.

Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop

The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands