Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2017-20181: Bugfix Path Traversal Vulnerability - see https://support.google.com/… · hgzojer/vocabletrainer@accf683

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.

CVE
Open in Source
#vulnerability#android#google#java
Shein Shopping App Glitch Copies Android Clipboard Contents

The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.

Alert: Scammers Pose as ChatGPT in New Phishing Scam

By Waqas This phishing scam exploits the popularity of the AI-based ChatGPT chatbot to steal funds and harvest the personal and financial details of users. This is a post from HackRead.com Read the original post: Alert: Scammers Pose as ChatGPT in New Phishing Scam

Ubuntu Security Notice USN-5917-1

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions.

8 cybersecurity tips to keep you safe when travelling

Categories: Awareness Categories: News Tags: travel Tags: safe Tags: devices Tags: VPN Tags: backups Tags: connections Tags: updates Here are some cybersecurity tips to keep you safe while you travel. (Read more...) The post 8 cybersecurity tips to keep you safe when travelling appeared first on Malwarebytes Labs.

A week in security (February 27 - March 5)

Categories: News The most interesting security related news from the week of February 27 to March 5. (Read more...) The post A week in security (February 27 - March 5) appeared first on Malwarebytes Labs.

The LastPass Hack Somehow Gets Worse

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

CVE-2021-36689: app/src/main/java/com/samourai/wallet/PinEntryActivity.java · develop · Wallet / samourai-wallet-android

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.

The Sketchy Plan to Build a Russian Android Phone

Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. But experts are skeptical the company can pull it off.