Security flaws in an audio codec have been uncovered by security researchers, putting millions of Android phones and other Android devices powered by chipsets from MediaTek and Qualcomm at risk of being compromised by hackers. Stemming from an codec created by Apple several years ago, the vulnerabilities were left unpatched since the company open-sourced the
Technology
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition – Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2
Xiaomi’s Redmi Note series has gained a lot of attention recently with the launch of Redmi Note 11 Pro in January 2022, with March launch for the Redmi Note 11 Pro+ 5G. Within a few weeks of the Redmi Note 11 series being launched in the market, rumours have already started to spark the buzz
The “hotpatch” released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. “Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution,” Palo Alto Networks Unit
Google recently updated its Play Store policy to restrict third-party applications from providing the ability to record calls on recent versions of Android. The Android maker had previously blocked apps from recording calls via the microphone with the launch of Android 10 in September 2019. Google is now cutting off another avenue used by developers
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. “This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with
Samsung just gave the Android tablet space a big boost by launching three devices in its new Galaxy Tab S8 series. The Galaxy Tab S8, Galaxy Tab S8+, and Galaxy Tab S8 Ultra are targeted at different price points to cater to a wide audience. Samsung’s Galaxy Tab S8 Ultra is one of the most
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. “Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” authorities from Australia, Canada, New Zealand, the U.K., and
Google Pixel 6a may soon be out in the market, reportedly at the Google IO 2022, which is starting May 11. While the speculations regarding the lower-cost smartphone’s features and pricing run high, there are a few rumours that are already making a buzz. It has been reported that the new flagship chipset may compromise with
Google Project Zero called 2021 a “record year for in-the-wild 0-days,” as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
iQoo announced three smartphones this year as a part of its premium 9-series lineup. We all expected an iQoo 9 to be launched, but iQoo surprised us with two new phones. The iQoo 9 Pro (Review), with its Qualcomm Snapdragon 8 Gen 1 processor and gimbal-stabilised camera is meant to compete with top-tier smartphones from
A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies
Netflix is joining hands with the makers of Exploding Kittens — the silly card game — for a game and TV series based on the title. Exploding Kittens – The Game, already available on Android and iOS, is set to launch in May on the Netflix app, while the TV series is expected to drop
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo
OnePlus 10R 5G is all set to launch in India on April 28, alongside OnePlus Nord CE 2 Lite. Just a week ahead of the launch, the Chinese smartphone company has revealed several details about the upcoming OnePlus smartphones offering a glimpse into their camera, battery, and fast charging capabilities. OnePlus 10R 5G is confirmed
How well do your Linux security practices stack up in today’s challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. The research sponsored by TuxCare sought to understand better how organizations
Vivo is reportedly gearing up to release two new smartphones in India. The rumoured handsets are said to be a part of the Vivo T lineup and could release in May. Earlier in February, the Chinese tech giant released the Vivo T1 5G in India. This handset had a launch price of Rs. 15,590 for
An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the
Realme has released the Realme Q5i smartphone in China, which is part of the new Q5 lineup. This new series also features the vanilla Realme Q5 and the Realme Q5 Pro which are set to release during the April 20 launch event. The new Q5i handset is powered by a MediaTek Dimensity 810 SoC which
Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and