Network-attached storage (NAS) appliance maker QNAP on Thursday said it’s investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions
Technology
Realme GT 2 was launched in India on Friday. The new Realme phone was unveiled alongside the Realme GT 2 Pro in China in January, and both Realme phones were showcased at MWC 2022 in February. The Realme GT 2 carries features including a 120Hz AMOLED display, triple rear cameras, and a Paper Tech Master
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira’s authentication framework, Jira Seraph. Khoadha of Viettel
Samsung Galaxy M53 5G was launched as the company’s latest M series smartphone in India. It comes with various features such as a 6.7-inch Super AMOLED+ display with a 120Hz refresh rate, MediaTek Dimensity 900 SoC under the hood, and a quad rear camera setup headlined by a 108-megapixel camera. Samsung Galaxy M52 5G is
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several
Truecaller has announced that it will not offer its call recording feature from May 11. The development comes soon after Google announced that it has updated its Play Store policy restricting the access of third-party applications to the Accessibility API from May 11. It is to be noted that first party dialler apps and the
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. “It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses,” CrowdStrike said in a new report. “It evades detection by targeting Alibaba Cloud’s monitoring service and
Security flaws in an audio codec have been uncovered by security researchers, putting millions of Android phones and other Android devices powered by chipsets from MediaTek and Qualcomm at risk of being compromised by hackers. Stemming from an codec created by Apple several years ago, the vulnerabilities were left unpatched since the company open-sourced the
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition – Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2
Xiaomi’s Redmi Note series has gained a lot of attention recently with the launch of Redmi Note 11 Pro in January 2022, with March launch for the Redmi Note 11 Pro+ 5G. Within a few weeks of the Redmi Note 11 series being launched in the market, rumours have already started to spark the buzz
The “hotpatch” released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. “Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution,” Palo Alto Networks Unit
Google recently updated its Play Store policy to restrict third-party applications from providing the ability to record calls on recent versions of Android. The Android maker had previously blocked apps from recording calls via the microphone with the launch of Android 10 in September 2019. Google is now cutting off another avenue used by developers
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. “This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with
Samsung just gave the Android tablet space a big boost by launching three devices in its new Galaxy Tab S8 series. The Galaxy Tab S8, Galaxy Tab S8+, and Galaxy Tab S8 Ultra are targeted at different price points to cater to a wide audience. Samsung’s Galaxy Tab S8 Ultra is one of the most
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. “Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” authorities from Australia, Canada, New Zealand, the U.K., and
Google Pixel 6a may soon be out in the market, reportedly at the Google IO 2022, which is starting May 11. While the speculations regarding the lower-cost smartphone’s features and pricing run high, there are a few rumours that are already making a buzz. It has been reported that the new flagship chipset may compromise with
Google Project Zero called 2021 a “record year for in-the-wild 0-days,” as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
iQoo announced three smartphones this year as a part of its premium 9-series lineup. We all expected an iQoo 9 to be launched, but iQoo surprised us with two new phones. The iQoo 9 Pro (Review), with its Qualcomm Snapdragon 8 Gen 1 processor and gimbal-stabilised camera is meant to compete with top-tier smartphones from
A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies
Netflix is joining hands with the makers of Exploding Kittens — the silly card game — for a game and TV series based on the title. Exploding Kittens – The Game, already available on Android and iOS, is set to launch in May on the Netflix app, while the TV series is expected to drop