Security
Headlines
HeadlinesLatestCVEs

Tag

#android

SoftMaker Office / FreeOffice Local Privilege Escalation

SoftMaker Office and FreeOffice suffer from a local privilege escalation vulnerability via the MSI installer. Vulnerable versions include SoftMaker Office 2024 / NX before revision 1214, FreeOffice 2021 Revision 1068, and FreeOffice 2024 before revision 1215.

Packet Storm
Open in Source
#vulnerability#web#ios#android#mac#windows#google#linux#git#chrome#firefox
Authy phone numbers accessed by cybercriminals, warns Twilio

Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint.

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google.

Twilio's Authy App Breach Exposes Millions of Phone Numbers

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters

Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged

An Australian man was arrested for alleged evil twin attacks. What are they and what can you do about them?

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust

TEMU sued for being “dangerous malware” by Arkansas Attorney General

The Arkansas Attorney General filed a lawsuit against webshop Temu for allegedly being dangerous malware which is after personal data.

Ubuntu Security Notice USN-6819-4

Ubuntu Security Notice 6819-4 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

'Snowblind' Tampering Technique May Drive Android Users Adrift

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.