Security
Headlines
HeadlinesLatestCVEs

Tag

#huawei

Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of

The Hacker News
Open in Source
#web#android#windows#apple#google#cisco#git#intel#backdoor#asus#samsung#huawei#xiaomi#zero_day#chrome#sap#The Hacker News
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

CVE-2023-1195: cifs: fix use-after-free caused by invalid pointer `hostname` · torvalds/linux@153695d

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.

CVE-2023-21118: Android Security Bulletin—May 2023

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004

CVE-2023-2088: Bug #2004555 “[OSSA-2023-003] Unauthorized volume access through...” : Bugs : OpenStack Compute (nova)

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

CVE-2023-2513: ext4: fix use-after-free in ext4_xattr_set_entry · torvalds/linux@67d7d8a

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Transferring WhatsApp Data Between Android and iPhone [2023]

By ghostadmin When you transfer data from an Android to an iOS device, the Move to an iOS app is… This is a post from HackRead.com Read the original post: Transferring WhatsApp Data Between Android and iPhone [2023]

CVE-2023-21100: Android Security Bulletin—April 2023

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249

State-sponsored campaigns target global network infrastructure

This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.

A Tiny Blog Took on Big Surveillance in China—and Won

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.