#android

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

Categories: News Tags: fake Chrome update Tags: AirBnb scam Tags: fake IRS tax email Tags: Ransomware in Germany report Tags: Living Off The Land Tags: LOTL attack Tags: ALPHV ransomware Tags: ransomware Tags: spring cleaning your browser Tags: lost injured dog Facebook hoax Tags: Facebook hoax Tags: swatting-as-aservice Tags: LockBit ransomware Tags: Instagram scam Tags: Domino Backdoor Tags: Malwarebytes Admin Tags: Fancy Bear Tags: tech support scam Tags: QBot Tags: Chrome zero-day Tags: Facebook Tags: Cambridge Analytica settlement claim The most interesting security related news from the week of April 17 - 23. (Read more...) The post A week in security (April 17 - 23) appeared first on Malwarebytes Labs.

The transition from traditional logins to cryptographic passkeys is getting messy. But don’t worry—there’s a plan.

Overcoming the limitations of consumer MFA with a new flavor of passwordless.

Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.

Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control.

The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.