Security
Headlines
HeadlinesLatestCVEs

Tag

#xiaomi

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA

The Hacker News
Open in Source
#vulnerability#web#ios#android#apple#google#dos#java#intel#perl#amd#samsung#huawei#auth#xiaomi#zero_day#chrome#The Hacker News
Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

Transferring WhatsApp Data Between Android and iPhone [2023]

By ghostadmin When you transfer data from an Android to an iOS device, the Move to an iOS app is… This is a post from HackRead.com Read the original post: Transferring WhatsApp Data Between Android and iPhone [2023]

CVE-2020-14140: 产品安全中心

When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

The Sketchy Plan to Build a Russian Android Phone

Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. But experts are skeptical the company can pull it off.

CVE-2023-26545

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

North Korean Hackers Are Attacking US Hospitals

Plus: Deepfake disinformation spotted in the wild, Android privacy problems in China, Reddit gets phished, and more.

CVE-2022-45770: Versions history | AdGuard

Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation.