vlc -- remote code execution via crafted subtitles

Check Point research team reports: Remote code execution via crafted subtitles...

Google said in the release“of the Android O”the new version will not fix the screen hijacking vulnerability-vulnerability warning-the black bar safety net

Millions of Android smartphones are suffering from a serious“screen hijacking”vulnerabilities, a hacker could steal user passwords, Bank details and help ransomware app to steal money. Google is claiming that publishing the“Android O”version does not fix the vulnerability The worst thing is that...

Android Permissions Flaw Will Linger Until O Release

Google said Tuesday that a permissions flaw that puts Android users at a heightened risk for malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O. The vulnerability impacts an undisclosed number of apps hosted on Google Play, researchers at...

IBM: Destroy USBs Infected with Malware Dropper

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices. IBM would not comment on the source of the infection or where in the supply chain the interdiction happened, and instead referred Threatpost to an...

Apple Revokes Certificate Used By OSX/Dok Malware

Apple revoked a legitimate developer certificate used by hackers behind malware dubbed OSX/Dok, which was able to eavesdrop on secure HTTPS traffic of infected systems. On Sunday, Apple also rolled out an update to its XProtect built-in antimalware software to fend off existing and upcoming...

Beware! New Android Malware Infected 2 Million Google Play Store Users

Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million. Yes, about 2 Million Android users have fallen victim to malware hidden in over 40 fake companion guide...

Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus message...

WhatsApp and Telegram Vulnerabilities Opened Users to Account Takeover

Encrypted messaging services WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account, access personal and group conversations, along with photos, videos and other files. A trio of researchers with Check Point Software Technologies,...

38 Android Devices Infected with Malware Preinstalled in Supply Chain

Mobile devices manufactured by a diverse set of handset makers were discovered to be loaded with malware pre-installed somewhere along the supply chain. Check Point Software Technologies said that it found 38 Android handsets were infected with adware, information-stealing malware and ransomware,...

Charger Mobile Ransomware Removed from Google Play

Security researchers have identified a new and evasive mobile ransomware strain called Charger on the Google Play app store. The Charger malware was bundled with an SMS-snooping app called EnergyRescue that pawned itself off as a battery management utility, according to Check Point security...

Apps Carrying HummingBad Variant Booted From Google Play

Android malware known as HummingBad, that infected as many as 10 million devices in 2016, has resurfaced with several new features allowing it to perform ad fraud even more efficiently than its predecessor. Researchers said the variant, known as HummingWhale, was being distributed via 20 camera,...

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP...

Gooligan Malware Breaches 1 Million Google Accounts

Android malware called Gooligan is being blamed for 1 million breached Google accounts. The malware is still active, according Check Point Software Technologies, and is responsible for an additional 13,000 new breaches of Android devices daily. “We believe that it is the largest Google account...

Google Patches Quadrooter Vulnerabilities in Android

The Quadrooter vulnerabilities made a lot of people take notice because the scale of affected Android devices more than 900,000 put it on a level with Stagefright and other bugs that impact a large majority of the Android ecosystem. Some details on the four vulnerabilities were publicly disclosed...

$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered

Researchers claim to have found the largest ransomware-as-a-service RaaS ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Softwar...

checkpoint.com XSS vulnerability

Vulnerable URL: https://www.checkpoint.com/login/atcpartners.jsp?redirect="onMouseOver="confirmOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 16.08.2016 Latest check for patch:| 16.08.2016 13:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

Qualcomm Chip Flaw Leaves 900m Android Devices Open to Attack

Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t...

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed...

Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...

Jigsaw Ransomware Decrypted, Again

The four-month-old Jigsaw ransomware has been defeated again. The ransomware, that packs an emotional punch with its creepy graphics and hallmark countdown clock, can be overcome simply by tricking the ransomware code into thinking you’ve already paid. Researchers at Check Point published a fix f...