Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

By Deeba Ahmed According to Dr. Web, the backdoor comes pre-installed in Counterfeit Android devices targeting WhatsApp and WhatsApp Business messengers. This is a post from HackRead.com Read the original post: Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

HackRead
Open in Source
#vulnerability#web#ios#android#backdoor#auth#ibm#sap
Google flags man as sex abuser after he sends photos of child to doctor

Categories: News Tags: CSAM Tags: de-Google Tags: AI Tags: NCMEC Tags: EFF Tags: false positive Tech giants are scanning our private files to find predators guilty of sexually abusing children, but they are creating victims of their own. (Read more...) The post Google flags man as sex abuser after he sends photos of child to doctor appeared first on Malwarebytes Labs.

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

By Deeba Ahmed Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes. This is a post from HackRead.com Read the original post: TikTok’s In-App Browser Can Monitor Your Activity on External Websites

CVE-2022-38171: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVE-2021-36847: Webba Booking: Appointment & Event Booking Calendar Plugin

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was "These

A week in security (August 15 - August 21)

Categories: A week in security Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 15 - August 21) appeared first on Malwarebytes Labs.

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.

Critical Amazon Ring Vulnerability Could Expose Camera Recordings

By Deeba Ahmed The vulnerability was discovered by Atlanta-based app security firm Checkmarx while assessing the Ring doorbell app for Android.… This is a post from HackRead.com Read the original post: Critical Amazon Ring Vulnerability Could Expose Camera Recordings