Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-24885: Improve PIN lockout handling by tobiasKaminsky · Pull Request #9816 · nextcloud/android

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.

CVE
Open in Source
#android#git
North Koreans Are Jailbreaking Phones to Access Forbidden Media

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,

CVE-2021-36895: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.

Ransomware Attacks: Everything You Need to Know

By Waqas Learn everything there is to know about ransomware attacks. We cover the definition, statistics, and ransomware protection. Even… This is a post from HackRead.com Read the original post: Ransomware Attacks: Everything You Need to Know

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

CVE-2021-3898: Motorola Android App Vulnerabilities - Lenovo Support DE

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

CVE-2022-26672: ASUS WebStorage - Use of Hard-coded Credentials

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by