Security
Headlines
HeadlinesLatestCVEs

Tag

#samsung

Brazilian Police Arrest Suspected Member of Lapsus$ Hacking Group

The Federal Police of Brazil on Wednesday announced it had arrested an individual for purported links to the notorious LAPSUS$ extortionist gang. The arrest was made as part of a new law enforcement effort, dubbed Operation Dark Cloud, that was launched in August 2022, the agency noted. Not much is known about the suspect other than the fact that the person could be a teenager. The Polícia

The Hacker News
Open in Source
#web#microsoft#cisco#samsung#The Hacker News
Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Android Tags: Samsung Tags: Xiaomi Tags: Adobe Tags: SAP Tags: VMWare Tags: Fortinet Tags: CVE-2022-41033 Tags: CVE-2022-41040 Tags: zero-day No fix for ProxyNotShell (Read more...) The post Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected appeared first on Malwarebytes Labs.

CVE-2021-0696: Android Security Bulletin—October 2022  |  Android Open Source Project

In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778

CVE-2022-20429: Android Automotive OS Update Bulletin—October 2022  |  Android Open Source Project

In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473

Stairwell Announces $45M Series B Funding Round

Investment led by Section 32 will be used to scale the product and team.

CVE-2022-40278: TizenRT/provisioningdatabasemanager.c at f8f776dd183246ad8890422c1ee5e8f33ab2aaaf · Samsung/TizenRT

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.

CVE-2022-40279: Security: Malfunction in function l2_packet_receive_timeout() · Issue #5629 · Samsung/TizenRT

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

Time to Change Our Flawed Approach to Security Awareness

Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.

Cloudflare Takes a Stab at a Captcha That Doesn’t Suck

The internet infrastructure company has an alternative tool to check whether you’re human—and it doesn’t force you to pick out buses in tiny boxes.

The Dire Warnings in the Lapsus$ Hacker Joyride

The fun-loving cybercriminals blamed for breaches of Uber and Rockstar are exposing weaknesses in ways others aren't.