Security
Headlines
HeadlinesLatestCVEs

Tag

#samsung

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC reported. Kurtaj, who is autistic, was

The Hacker News
Open in Source
#vulnerability#web#microsoft#git#samsung#The Hacker News
GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

By Deeba Ahmed From Teen Prodigy to Cybercriminal: The Fall of a Lapsus$ Gang Member and the Dangers of the Online Underworld. This is a post from HackRead.com Read the original post: GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical

Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Android phones can be taken over remotely – update when you can

Android phones are vulnerable to attacks that allow a remote execution of malicious code and it requires no user interaction.

CVE-2023-41268: Fix bug with top-level-await with class variable init by ksh8281 · Pull Request #1260 · Samsung/escargot

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.

CVE-2023-42581: Samsung Mobile Security

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

CVE-2023-42570: Samsung Mobile Security

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

CVE-2023-45781: Android Security Bulletin—December 2023

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.