#android

Categories: News Tags: Google Chrome Tags: Chrome 110 Tags: Windows 7 Tags: Windows 10 Tags: Windows 11 Tags: Windows 8.1 Tags: Windows Subsystem for Android Tags: WSA Chrome will not be there for you when Microsoft ends its Extended Security Updates program for legacy Windows versions early next year. (Read more...) The post Chrome users, you have 3 months to say goodbye to Windows 7 and 8.1 appeared first on Malwarebytes Labs.

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.

Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.

Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

Nok Nok, an inventor of FIDO authentication standards, announces full support for passkeys in its S3 Authentication Suite that allows organizations to replace passwords.

Categories: News Tags: week in security Tags: awis Tags: typosquatting Tags: cyberstalking Tags: Snapchat Tags: student loan relief scam Tags: Gas Tags: LAPSUS$ Tags: Microsoft Tags: Ducktail Tags: Venus Tags: ransomware Tags: BYOD Tags: SMB security tips Tags: Log4Text Tags: DeadBolt Tags: spot a scam Tags: FaceStealer Tags: fake tractor fraud Tags: ThermoSecure The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 17 - 23) appeared first on Malwarebytes Labs.

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.