#android

Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts,

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.

Categories: Android Categories: Exploits and vulnerabilities Categories: News Google has issued its December round of patches, which includes a fix for a critical vulnerability that allows RCE over Bluetooth (Read more...) The post Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth appeared first on Malwarebytes Labs.

Categories: News Tags: FBI Tags: scams Tags: xmas Tags: christmas Tags: festive season Tags: social media Tags: cryptocurrency Tags: bitcoin Tags: app Tags: android Tags: fake job Tags: offer Tags: whatsapp Tags: telegram Tags: interview Tags: resume Tags: gift cards Tags: survey We take a look at a list of popular scams compiled by the FBI to avoid this festive season, and offer our own insights. (Read more...) The post Ho, ho, no! Scams to avoid this festive season appeared first on Malwarebytes Labs.

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.

Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "

In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.

Categories: News Tags: eufy Tags: doorbell Tags: security system Tags: cctv Tags: camera Tags: thumbnail Tags: storage Tags: data Tags: cloud Tags: local Tags: locally We take a look at what happens when your doorbell camera data pays a visit to the cloud, despite that not being something which is supposed to happen. (Read more...) The post Eufy "no cloud" security cameras streaming data to the cloud appeared first on Malwarebytes Labs.