Technology

Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims’ secrets. “The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply

Honor Magic V3 was launched in China in July as the company’s next-generation foldable phone, and it could soon be launched in global markets. A new variant of the smartphone has been spotted on a widely used performance benchmarking website, giving us an idea of what to expect to from the handset if it is

Aug 10, 2024Ravie LakshmananVulnerability / Mobile Security As many as 10 security flaws have been uncovered in Google’s Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. “The Quick Share application implements its own specific application-layer communication

Russia’s state communications watchdog Roskomnadzor said that Signal, an encrypted messaging app, had been blocked in the country for violating laws linked to anti-terrorist operations, Interfax news agency reported on Friday. “Access to the Signal messaging app is blocked in connection with violation of the requirements of Russian legislation which must be complied with to

Aug 10, 2024Ravie LakshmananVulnerability / Enterprise Security Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office – Microsoft Office

Google has commenced the testing of Wear OS 5.1, its upcoming operating system (OS) for Android-based wearables such as smartwatches, according to a report. Test builds of the OS are said to have been spotted for the Pixel Watch 2 which suggests that it may be based on a different version of Android. Google first

Aug 09, 2024Ravie LakshmananCloud Security / Data Protection Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. “The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing

iPhone 16 series is rumoured to be announced next month, and ahead of the launch, a report has claimed that the display panels for the smartphones have entered mass production. The OLED displays for the upcoming iPhone series will be manufactured by Samsung Display and LG Display, as per the report. Apple reportedly expects a

Aug 09, 2024Ravie LakshmananIoT Security / Wireless Security Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to

Motorola Edge 50 Neo is said to be in the works as the latest entrant in the company’s Edge series. We haven’t heard much about a potential release date for Motorola Edge 50 Neo, but TENAA has listed the phone with photos and some specifications. The listing suggests a 6.36-inch OLED display and a 50-megapixel

Aug 08, 2024Ravie LakshmananCyber Attack / Cyber Espionage The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error

Microsoft blamed Delta Air Lines on Tuesday for its dayslong struggle to recover from a global cyber outage that led it to cancel more than 6,000 flights. A software update last month by global cybersecurity firm CrowdStrike triggered system problems for Microsoft customers, including many airlines. But disruptions subsided the next day at other major

Aug 08, 2024Ravie LakshmananVulnerability / Browser Security Cybersecurity researchers have discovered a new “0.0.0.0 Day” impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability “exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local

Amazon Great Freedom Festival 2024 sale, which started in India on August 6, is offering a wide range of products, including multiple electronic items at discounted rates. These include large appliances like air conditioners, smart TVs, refrigerators and washing machines as well as personal gadgets like smartphones, laptops, tablets, earphones and more. So far, we

Aug 07, 2024Ravie LakshmananEmail Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances. “When a victim views a malicious email in Roundcube sent by an

Apple Arcade, the game subscription service from Apple, is adding three new games to its catalogue next month. The new additions to the service include sports title NFL Retro Bowl ’25, deckbuilder Monster Train+, and a new Apple Vision Pro spatial title, Puzzle Sculpt. All three games will join Apple Arcade on September 5, Apple

Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. “Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics

OnePlus Open Apex Edition has been launched in India. This new variant of the OnePlus Open comes nearly a year after the debut of the standard model and is offered in a fresh red shade with a leather finish at the rear. The OnePlus Open Apex Edition brings a new RAM + storage option along

Aug 06, 2024Ravie LakshmananEmail Security / Financial Fraud INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to

Amazon’s Great Freedom Festival 2024 sale is now open for all shoppers after providing exclusive early access for Prime members. Beyond smartphones, tablets, laptops and other large electronic appliances, the yearly sale brings up to 80 percent discount on several mobile phone accessories including power banks, cases, mobile holders, headsets, cables, and chargers. Additionally, Amazon