IT threat evolution in Q2 2024. Non-mobile statistics

The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q2 2024: Kaspersky solutions blocked over 664 million attacks from various internet sources. The web antivirus...

IT threat evolution in Q2 2024. Mobile statistics

Quarterly figures According to Kaspersky Security Network, in Q2 2024: 7 million attacks using malware, adware or unwanted mobile software were blocked. The most common threat to mobile devices was RiskTool software – 41% of all detected threats. A total of 367,418 malicious installation packages...

Android 15 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 15. Android 15 devices with a security patch level of 2024-09-01 or later are protected against these issues Android 15, as released on AOSP, will have...

The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments like PiTool, allows a hacker to execute arbitrary code.

The vulnerability of the WebSocket protocol implementation in applications for launching and managing Pimax Play games, as well as in software for configuring and calibrating VR environments called PiTool. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Microsoft Plug and Play Service Registry Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Plug and Play Service Registry Overflow', 'Description' = %q This module triggers a stack buffer overflow in the Windows Plug and Play...

Android Browser Remote Code Execution Through Google Play Store XFO

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser RCE Through Google Play Store XFO', 'Description' = %q This module combines two vulnerabilities to achieve remote code execution ...

Security Bulletin: IBM MaaS360 has identified a vulnerability in the MaaS360 MDM for Android Application (CVE-2024-35118)

Summary A vulnerability was identified and remediated in the IBM MaaS360 MDM for Android Application Version 8.60 and Prior Vulnerability Details CVEID:CVE-2024-35118 DESCRIPTION: IBM MaaS360 Android agent v 8.55 and lower is using hard coded credentials that can be obtained by a user with physic...

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt...

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Overview Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpoints CWE-923. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be executed by a...

New Android Trojan "BlankBot" Targets Turkish Users' Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. "BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with...

Pimax Play 安全漏洞

Pimax Play is a virtual reality driver from the Chinese company Xiaopai Pimax. A security vulnerability exists in Pimax Play versions prior to V1.21.01, which stems from accepting a WebSocket connection from an unintended endpoint, where an unauthenticated, remote attacker may be able to execute...

PT-2024-5835 · Pimax · Pimax

Name of the Vulnerable Software and Affected Versions: Pimax products affected versions not specified Description: The issue concerns the implementation of the WebSocket protocol in Pimax applications for launching and managing Pimax Play games and PiTool software for configuring and calibrating ...

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpointsCWE-923. Impact Arbitrary code may be executed by a remote unauthenticated attacker. Solution Update the Software For Pimax Play, update the software to the latest version according to the information...

Android Security Bulletin—August 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2024-41944 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the report/data/proofofplayReport API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the...

New Mandrake Spyware Found in Google Play Store Apps After Two Years

A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled...

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Introduction In May 2020, Bitdefender released a white paper containing a detailed analysis of Mandrake, a sophisticated Android cyber-espionage platform, which had been active in the wild for at least four years. In April 2024, we discovered a suspicious sample that appeared to be a new version ...

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play aka Balloonfly and PlayCrypt that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an...