Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-46496: CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.

CVE
Open in Source
#xss#csrf#vulnerability#web#ios#android#apple#ssl
CVE-2022-3229: unified_remote exploit by h00die · Pull Request #16989 · rapid7/metasploit-framework

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

CVE-2023-20619: February 2023

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.

Android Binder VMA Management Security Issues

Android Binder VMA management suffers from multiple security issues.

A week in security (January 30 - February 5)

Categories: News Tags: week in security Tags: blog roundup Tags: Roomba Tags: Facebook Tags: Eileen Gun Tags: Lock and Code Tags: data wiper Tags: LearnPress Tags: Riot Games Tags: League of Legends Tags: malvertising Tags: dark patterns Tags: supply chain attacks Tags: GitHub Tags: ransomware monthly Tags: ransomware Tags: AV-TEST top product Tags: multi-threat ransomware Tags: CISA Tags: BEC Tags: business email compromise The most interesting security related news from the week of January 30 - February 5. (Read more...) The post A week in security (January 30 - February 5) appeared first on Malwarebytes Labs.

Googling for Software Downloads Is Extra Risky Right Now

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (

CVE-2023-23082: ExifParser: Fix several out of bounds accesses while parsing exif information by fritsch · Pull Request #22380 · xbmc/xbmc

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

Cyberthreats facing UK finance sector "a national security threat"

Categories: Business Categories: News Tags: Financials Tags: fraud Tags: cybersecurity Tags: cooperation Tags: NatWest Tags: romance scam Tags: BEC scam Tags: NCP fraud Reports published about the UK financial industry show a growing number of cyberthreats and enormous losses to fraud. (Read more...) The post Cyberthreats facing UK finance sector "a national security threat" appeared first on Malwarebytes Labs.

CVE-2021-37374: Teradek Cross-Site Scripting Vulnerability Advisory

** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.