#android

WiFi File Transfer version 1.0.8 suffers from a cross site scripting vulnerability.

Webile version 1.0.1 suffers from a directory traversal vulnerability.

Categories: News Tags: a week in security Tags: week in security Tags: AI Bill of Rights Tags: Final Fantasy XIV Tags: Lock and Code S03E21 Tags: Meta Tags: WhatsApp Tags: ransomware Tags: tax scam Tags: Chinese APT Tags: Android Tags: Chrome Tags: iOS Tags: managed detection response Tags: MDR Tags: disinformation Tags: FBI Tags: CISA The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 10 - 16) appeared first on Malwarebytes Labs.

Categories: News Tags: VPN Tags: iOS Tags: Android Tags: tunnel Tags: captive portal Tags: leak Tags: anonymity “Block connections without VPN” doesn't block all connections without a VPN and “Always on VPN” isn't always on. (Read more...) The post Android and iOS leak some data outside VPNs appeared first on Malwarebytes Labs.

Google wants to make your digital life—in its ecosystem, anyway—passwordless and more secure.

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.

In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

Categories: News Tags: Google Tags: passkeys Tags: Android Tags: Chrome Tags: public key Tags: private key Tags: authenticator Tags: WebAuthn Passwords won't disappear any time soon, but a viable alternative is taking shape (Read more...) The post Android and Chrome start showing passwords the door appeared first on Malwarebytes Labs.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  October is National Cybersecurity Awareness Month. Which, if you’ve been on social media at all the past 13 days or read any cybersecurity news website, you surely know already.  As it does every year, I saw Cybersecurity Awareness Month kick off with a lot of snark and memes of people joking about what it even means to be “aware” of cybersecurity and why we even have this month at all. And I get why it’s easy to poke fun at, it is at its core a marketing-driven campaign, and hardcore security experts and researchers have notoriously pushed back against this being a marketing-driven field.  I’m not saying there should be Cybersecurity Awareness Month mascots brought to life on the floor of Black Hat, but it is probably time to pump the brakes on the skepticism and snark. After all, this week should be about broadening the security community, not trying to exclude others from it. I came to Talos ...