#android

By Deeba Ahmed The Australian police arrested an Australian hacker for creating and selling the extensively abused Imminent Monitor RAT (remote… This is a post from HackRead.com Read the original post: Aussie Hacker Arrested, Charged for Developing and Selling Imminent Monitor RAT

In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Categories: A week in security Tags: backdoor Tags: blog recap Tags: bytedance Tags: cookies Tags: data breach Tags: Google Tags: linux Tags: microsoft Tags: ransomware Tags: SQL injection Tags: T-Mobile Tags: tiktok Tags: Uber Tags: week in security The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

Plus: Google delays the end of cookies (again), EU officials were targeted with Pegasus spyware, and more of the top security news.

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote).

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.