Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Google Improves Its Password Manager to Boost Security Across All Platforms

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also expected to automatically

The Hacker News
Open in Source
#web#ios#android#apple#google#chrome#The Hacker News
18 Zero-Days Exploited So Far in 2022

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.

Threat Source newsletter (June 30, 2022) — AI voice cloning is somehow more scary than deepfake videos

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  We took a week off for summer vacation but are back in the thick of security things now.  My first exposure to deepfake videos was when Jordan Peele worked with BuzzFeed News to produce this video of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently

CVE-2021-40663: Prototype Pollution in deep.assign npm package · Issue #1 · janbialostok/deep-assign

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

A Guide to Surviving a Ransomware Attack

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs, and Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

CVE-2017-20120: Offensive Security’s Exploit Database Archive

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Hermit spyware is deployed with the help of a victim’s ISP

A new commercial spyware for governments, called Hermit, has spotted in the wild. It affects iOS and all Android versions. The post Hermit spyware is deployed with the help of a victim’s ISP appeared first on Malwarebytes Labs.

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an