Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first

The Hacker News
Open in Source
#web#ios#android#mac#windows#apple#google#microsoft#git#auth#chrome#The Hacker News
Cybersecurity Threats to Health Services: Why We Should Be Concerned

By Owais Sultan Hospitals and medical facilities are lucrative targets for hackers. It’s not enough anymore to keep software updated and… This is a post from HackRead.com Read the original post: Cybersecurity Threats to Health Services: Why We Should Be Concerned

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

CVE-2022-41209

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

CVE-2022-20429: Android Automotive OS Update Bulletin—October 2022  |  Android Open Source Project

In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473

CVE-2021-0696: Android Security Bulletin—October 2022  |  Android Open Source Project

In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.

CVE-2022-38388: Security Bulletin: IBM Navigator Mobile Android app is vulnerable due to improper access control (CVE-2022-38388)

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.

A week in security (October 3 – 9)

Categories: News Tags: romance scammer Tags: android vulnerabilities Tags: SQL servers Tags: Data Access Agreement Tags: bogus job offers Tags: Kim Kardashian Tags: TikTok Tags: smishing Tags: ransomware review Tags: BitBucket The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 3 – 9) appeared first on Malwarebytes Labs.

Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

By Waqas According to researchers, Google Chrome, Mozilla Firefox, and Microsoft Edge browser contained the most vulnerabilities in 2022. This is a post from HackRead.com Read the original post: Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study