Security News
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Google added a new CVE ID to track the Pixel fix for CVE-2024-29748, a vulnerability exploited by several forensics companies, as BleepingComputer reported in April. "It's fixed on Pixels with the June update and will be fixed on other Android devices when they eventually update to Android 15. If they don't update to Android 15, they probably won't get the fix, since it has not been backported. Not all patches are backported."
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. Google tagged 44 other security bugs in this month's Pixel update bulletin, seven of which are privilege escalation vulnerabilities considered critical and impact various subcomponents.
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new...
The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available. A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group, the operators of the Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.
Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. As Forbes reported today, the exploit used by the attackers to hack the accounts via DMs only needs the targets to open the malicious message and doesn't require downloading a payload or clicking embedded links.
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations' network. The existence and in-the-wild exploitation of the flaw was revealed by Check Point on Tuesday, a day after they warned that about discovered instances of attackers making login attempts "Using old VPN local-accounts relying on unrecommended password-only authentication method."
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. Check Point warned customers on Monday that attackers are targeting their security gateways using old VPN local accounts with insecure password-only authentication.