#android

Categories: News Tags: T-Mobile Tags: ransomware Tags: Microsoft Tags: TikTok Tags: privacy Tags: Data Privacy Day 2023 Tags: Data Privacy Week 2023 Tags: Malwarebytes 2023 State of Mobile Cybersecurity Tags: Riot Games Tags: VASTFLUX Tags: Grand Theft Auto 5 Tags: iPhone Tags: vRealize Tags: video game fish Tags: credit cart theft Tags: DuoLingo Tags: K-12 Tags: Vice Society Tags: Hive ransomware The most interesting security related news from the week of January 23-19. (Read more...) The post A week in security (January 23—29) appeared first on Malwarebytes Labs.

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the err...

By Deeba Ahmed The new variant stood out among other malware because it can infect any attached removable USB device, e.g., floppy, flash, thumb drives, and any system the removable device is plugged into later. This is a post from HackRead.com Read the original post: PlugX Malware Sneaks Onto Windows PCs Through USB Devices

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation.

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508

Your smartphone or wearable could help you out in a truly dangerous situation. Here are some options to consider.

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”