#android

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

You can also set up alerts for whenever your home address, phone number, or email address appears in Search.

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for null-ciphered cellular connections. "The Android Security Model assumes that all networks are hostile to keep users safe from

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Categories: Personal Tags: letmespy Tags: stalkerware Tags: spy Tags: snoop Tags: install Tags: data Tags: breach Tags: hacked We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion incident. (Read more...) The post Server breach could be fatal blow for LetMeSpy appeared first on Malwarebytes Labs.

Categories: Personal Tags: FCC Tags: FTC Tags: robocall Tags: cold caller Tags: calling Tags: phone Tags: do not call Tags: block Tags: fine We take a look at a record fine issued by the FCC in relation to a prolific robocalling operation. (Read more...) The post FCC comes down hard on robocallers with record $300m fine appeared first on Malwarebytes Labs.

By Waqas LetMeSpy Faces Demise After Devastating Data Breach: Spyware Service Shuts Down Amidst Massive User Data Compromise. This is a post from HackRead.com Read the original post: LetMeSpy Android Spyware Service Shuts Down After Data Breach

By Habiba Rashid A new investigation by cybersecurity researcher Jeremiah Fowler from VPNmentor reveals an elaborate cryptocurrency scam that employs over 300 fake websites to steal funds from unsuspecting victims and lure new investors. This is a post from HackRead.com Read the original post: Researcher Exposes Cryptocurrency Scam Network of 300 Domains