Security
Headlines
HeadlinesLatestCVEs

Tag

#samsung

Samsung Fails Consumers in Preventable Back-to-Back Data Breaches, According to Federal Lawsuit

Company unnecessarily collected consumers' personal data and failed to safeguard it, suit alleges, leading to two back-to-back data breaches.

DARKReading
Open in Source
#acer#samsung#auth
Should Hacking Have a Code of Conduct?

For white hats who play by the rules, here are several ethical tenets to consider.

UK Teen Arrested Amid Uber and GTA 6 Hacking Saga

By Deeba Ahmed The teen was arrested from Oxfordshire and is still in police custody but his involvement in Uber and GTA hacks is unconfirmed. This is a post from HackRead.com Read the original post: UK Teen Arrested Amid Uber and GTA 6 Hacking Saga

Uber Blames LAPSUS$ Hacking Group for Recent Security Breach

Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack

The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.

CVE-2022-40757: mTower/tee_api_operations.c at efd36709306a9afcca5b4782499d01be0c7a02a5 · Samsung/mTower

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

CVE-2022-40758: mTower/tee_api_operations.c at efd36709306a9afcca5b4782499d01be0c7a02a5 · Samsung/mTower

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

CVE-2022-40760: mTower/tee_api_operations.c at efd36709306a9afcca5b4782499d01be0c7a02a5 · Samsung/mTower

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

CVE-2022-40759: Security: NULL Pointer Dereference in the function TEE_MACCompareFinal · Issue #80 · Samsung/mTower

A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

CVE-2022-40761: mTower/tee_svc_cryp.c at efd36709306a9afcca5b4782499d01be0c7a02a5 · Samsung/mTower

The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.