Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-40434: Build website, web app & portals on Airtable without code | Softr

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.

CVE
Open in Source
#web#android#apple#google#amazon#samba#aws#ssl
Facebook Cracks Down on Spyware Vendors from U.S., China, Russia, Israel, and India

Meta Platforms disclosed that it took down no less than 200 covert influence operations since 2017 spanning roughly 70 countries across 42 languages. The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. "The global

A week in security (December 12 - 18)

Categories: News Tags: week in security Tags: AWIS Tags: weekly blog recap Tags: Indiana Tags: TikTok Tags: MSP Tags: electronic sales suppression tools Tags: iPhone Tags: Play ransomware Tags: ransomware Tags: Nebula Tags: Quarantine for Cloud Storage Scanning Tags: SOC Tags: ROI Tags: Uber Tags: Apple Tags: virtual kidnapping Tags: DDoS booter service Tags: law enforcement takedown Tags: InfraGuard Tags: InfraGuard breach The most interesting security related news from the week of December 12 to 18. (Read more...) The post A week in security (December 12 - 18) appeared first on Malwarebytes Labs.

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it is certainly welcomed by users who value the protection of their personal data. To that end,

CVE-2022-20544: Pixel Update Bulletin—December2022  |  Android Open Source Project

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook

Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.

Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps

Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail.

Is Apple about to embrace third-party app stores?

Categories: Apple Categories: News Tags: Apple Tags: DMA Tags: Digital Markets Act Tags: European Commission Tags: EU Tags: iPhone Tags: iPad Tags: Big Tech Tags: App Store More freedom and greater risks could be on the cards for European users. (Read more...) The post Is Apple about to embrace third-party app stores? appeared first on Malwarebytes Labs.

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework to