#ios

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...

Any time we welcome this software and hardware into our homes and on our devices, it’s worth considering what sacrifices we might be making elsewhere.

By Waqas TrollStore does not work on anything above iOS 15.5, and beta 4, not on iOS 15.5, not on version 15.6, and not on iOS 16). This is a post from HackRead.com Read the original post: New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices

A lesson in how to achieve maximum value for your discoveries

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (September 26 – October 2) appeared first on Malwarebytes Labs.

By Owais Sultan Patience is no longer a virtue when talking about website or app performance. Users get frustrated after waiting for… This is a post from HackRead.com Read the original post: MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.