Security
Headlines
HeadlinesLatestCVEs

Tag

#android

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as

The Hacker News
Open in Source
#vulnerability#android#mac#google#amd#docker#The Hacker News
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. "The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,"

Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information

Computer Crash Reports Are an Untapped Hacker Gold Mine

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App

The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android 13 security restrictions.

Chameleon Android Banking Trojan Targets Users Through Fake CRM App

Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management (CRM) app. "Chameleon was seen masquerading as a CRM app, targeting a Canadian restaurant chain operating internationally," Dutch security outfit ThreatFabric said in a technical

BlankBot Trojan Targets Turkish Android Users

While still under development, the malware contains Turkish-language filenames, can record the screen and keystrokes, and inject custom overlays to steal passwords and sensitive data.

Android vulnerability used in targeted attacks patched by Google

Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.