Dec 05, 2022Ravie LakshmananEndpoint Security / Data Protection A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor’s offices and courts. “Although it disguises itself as a ransomware and extorts money from the victim for ‘decrypting’ data, [it] does not actually encrypt, but purposefully destroys data in the affected
Technology
Google is reportedly working on faster full over-the-air (OTA) updates for its Pixel phones. The tech giant is said to be planning to reduce the installation time for OTA updates. Updates are installed in the background on Pixel phones, allowing users to continue to use their devices without waiting for the process to complete. However,
Dec 05, 2022Ravie LakshmananServer Security / Cloud Technology Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. “The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants,
Once a popular Indian smartphone brand, Lava faded into the background over the past couple of years as industry heavyweights such as Samsung and cash-loaded Chinese brands such as Realme and Redmi pretty took over the mainstream smartphone landscape. However, Lava marked its resurgence in 2021 with the Lava Z series. Last year, the company also launched its first 5G
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security
Tecno Pova 4 India launch date has been set for December 7. The Chinese smartphone vendor has announced the launch of its new Pova series phone through its social media channels. The gaming-focused Tecno Pova 4 is confirmed to be powered by a 6nm MediaTek Helio G99 SoC coupled with 8GB of RAM and 128GB
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed “Hell’s Keychain” by cloud security firm Wiz, has been described as a “first-of-its-kind supply-chain attack vector impacting a
Google’s Android Partner Vulnerability Initiative, in a major security leak admission, has disclosed a new key vulnerability that has affected Android smartphones from major brands such as Samsung and LG, among others. Due to the leaking of the signing keys used by Android OEMs, imposter apps or malware could disguise themselves as “trusted” apps. The
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive
MIUI 14, Xiaomi’s Android 13-based operating system update for eligible smartphones, has seemingly leaked on Twitter ahead of its official announcement. The OS was set to be unveiled alongside the Xiaomi 13 smartphone series, on December 1. However, the company recently revealed that it had postponed the launch event, and a new date is yet
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. “Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. “A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image,”
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on
Lenovo K14 and the Lenovo K14 Note will reportedly be launched as the two new smartphones in the company’s budget-friendly K series. Both the speculated Lenovo K-series handsets were recently spotted on the Google Play console. The listing has revealed some of the key specifications of the smartphones as well as a few front-facing images.
iQoo 11 5G’s launch event has been rescheduled for December 8 after the Chinese smartphone manufacturer postponed its initial plans to introduce the handset on December 2. iQoo Indonesia confirmed the development on the Instagram handle. Some of the key specifications of the latest iQoo flagship smartphone have already been hinted, as spotted on various
iQoo 11 Pro charging specifications have been revealed, ahead of the upcoming launch of the smartphone in China. The flagship-grade smartphone will will pack a 4,700mAh battery with support for 200W charging, according to the company. The company recently announced that it had postponed the launch of its flagship iQoo 11 series in the country,
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. “Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary
Vivo Y02 was launched in Indonesia on November 29. Just two days after the budget smartphone’s launch, it is now being tipped to make its way to India soon. The handset, launched in the entry-level segment in Indonesia by the Chinese smartphone manufacturer, features a 6.51-inch HD+ FullView display and is driven by an undisclosed
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. “We are in the process of analyzing the data, but the data released appears to be the data we believed the
Google Pixel 7 and Pixel 7 Pro are getting free access to the company’s Google One VPN, according to a report. Owners of the flagship Pixel 7 and Pixel 7 Pro handsets can now connect to Google’s VPN for free, as Google promised at its Made by Google event earlier this year. The VPN can