Security News

Google added a new CVE ID to track the Pixel fix for CVE-2024-29748, a vulnerability exploited by several forensics companies, as BleepingComputer reported in April. "It's fixed on Pixels with the June update and will be fixed on other Android devices when they eventually update to Android 15. If they don't update to Android 15, they probably won't get the fix, since it has not been backported. Not all patches are backported."

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. Google tagged 44 other security bugs in this month's Pixel update bulletin, seven of which are privilege escalation vulnerabilities considered critical and impact various subcomponents.

Today, the Cybersecurity and Infrastructure Security Agency warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. Those who suspect they're on the receiving end of a scam phone call where a criminal claims to be a CISA employee should never give in to their demands to send money, write down their phone number, and immediately hang up.

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps that display convincing corporate login forms to steal credentials. D0x demonstrates how to create PWA apps to display corporate login forms, even with a fake address bar showing the normal corporate login URL to make it look more convincing.

"Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information," Life360 CEO Chris Hulls said. The exposed data "Does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types," Hulls added.

The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government. Brute force attacks on networks and services were the only other vector to register more than 1,000 cases - but took the price for the biggest YoY percentage increase in incidents, up from just 197 the year before.

At its annual re:Inforce conference, Amazon Web Services has announced new and enhanced security features and tools. To facilitate the concerted push to get customers to secure their accounts with multiple authentication factors, AWS has added support for FIDO2 passkeys as a second authentication method.

Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. DirectAccess is a bidirectional remote access technology introduced by Microsoft in Windows 7 and Windows Server 2008 R2, providing domain-joined remote users an "Always on" connection to internal corporate networks without using VPN connections.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD to evade detection by the popular antivirus products.