From Fitbit to financial despair: How one woman lost her life savings and more to a scammer

We hear so often about people falling for scams and losing money. But we often don’t find out the real details of what happened, and how one "like" can turn into a nightmare that controls someone’s life for many years. This is that story. Not too long ago, a scam victim named Karen reached out to...

Malicious code in hubot-hangouts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a411a5e1860f7c3e70679f26150c8bc5300c4e1545d0b6e53e9794171a5529a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50175 media: qcom: camss: Remove use_count guard in stop_streaming

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

CVE-2024-50175

CVE-2024-50175 concerns the CAMSS pipeline in the Linux kernel where a use_count guard in stop_streaming misinterprets the number of active streams as a user-space open count. This causes stop_streaming to leave buffers active and can lead to -EBUSY and broken restart behavior when multiple VCs s...

In-depth exploration found in the wild iOS exploit chain VII-vulnerability warning-the black bar safety net

In a previous article, we studied how could an attacker on the iPhone as root for a sandbox escape code execution. In each chain at the end you can see the attacker calls posixspawn, the path passed to the/ tmp directory, the malicious binary file. Implanted code in the background to run as root,...

Implant Teardown

Posted by Ian Beer, Project Zero In the earlier posts we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posixspawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant...

hangouts.google.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-707944 Description| Value ---|--- Affected Website:| hangouts.google.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| hidden until...

Hangouts - BSD license, Customized SSL, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Hangouts published at the 'play' market has multiple vulnerabilities...

Data Leaking 'Surreptitious Sharing' Vulnerability Identified in Android API

Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf,...

Nexus Security Bulletin - February 2016Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49G or later and Android M with Security Patch Level o...

Android Stagefright Exploit Code Released to Public

Joshua Drake, the researcher who found the so-called Stagefright vulnerability in Android, today released exploit code to the public, which he hopes will be used to test systems’ exposure to the flaw. The move comes more than a month after vulnerability details were released in August during...

Nexus Security Bulletin—August 2015Stay organized with collectionsSave and categorize content based on your preferences.

We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48I or later address these issues. Partners were...

Leaked Screenshots Suggest New Gmail Interface Coming Soon

Google is reportedly testing out some new UI changes for its popular email service, Gmail on the desktop browser that would redesign your inbox in totally different Interface. So, the traditional Gmail we all know may soon get a new makeover and we hope users will definitely love it. Google has...

Stable Channel Update for Chrome OS

Update: Samsung Chromebook has been updated to 33.0.1750.124 Platform version: 5116.88.2 The Stable channel has been updated to 33.0.1750.124 Platform version: 5116.88.0 for all Chrome OS devices except Samsung Chromebook. This build contains a number of bug fixes, security updates and feature...