Security
Headlines
HeadlinesLatestCVEs

Tag

#android

How GDPR Is Failing

The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.

Wired
Open in Source
#android#mac#apple#google#microsoft#amazon#git#auth#sap
5 Casual Games You Can Play on Your Mobile Browser Now

By Owais Sultan Online gaming has always been the buddy of leisure time because they allow us to bring some enjoyment… This is a post from HackRead.com Read the original post: 5 Casual Games You Can Play on Your Mobile Browser Now

North Korean IT Workers Are Infiltrating Tech Companies

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news.

CVE-2022-29216: tensorflow/saved_model_cli.py at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

CVE-2022-24906: Keep exceptions http response generic by juliushaertl · Pull Request #3384 · nextcloud/deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.

CVE-2022-29160

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.

CVE-2022-30551: GitHub - OPCFoundation/UA-Java-Legacy: This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.