Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

Wired
Open in Source
#vulnerability#ios#android#mac#windows#apple#google#microsoft#chrome#firefox
Fake Updates Continue To Be A Digital Risk: What To Do?

By Owais Sultan In this digital era, online threats are booming as much as the internet user base. Sometimes, malware infects… This is a post from HackRead.com Read the original post: Fake Updates Continue To Be A Digital Risk: What To Do?

Authorities Take Down SMS-based FluBot Android Spyware

By Deeba Ahmed The takedown resulted from a global law enforcement operation involving eleven countries, headed by Europol’s European Cybercrime Center.… This is a post from HackRead.com Read the original post: Authorities Take Down SMS-based FluBot Android Spyware

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report.

CVE-2022-1982: Security Updates

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

CVE-2022-1716: Keep My Notes 1.80.147 - Improper Access Control | Fluid Attacks

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.

CVE-2022-28799: Report security vulnerabilities | TikTok Help Center

The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.

CVE-2022-28605: hardcoded on LinkPlay app

LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate.

CVE-2022-29659: Responsive Online Blog Website using PHP/MySQL with Source Code

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.