Transparent Tribe resurfaces. Trojanized Super Mario is game over. Data breach trends. Disinformation, hacktivist auxiliaries, and sanctions in a hybrid war.
Transparent Tribe resurfaces against Indian military and academic targets. Trojanized Super Mario Brothers game spreads SupremeBot malware. Law enforcement agencies seize BreachForums’ web domain. Report: Unauthorized access is the leading cause of data breaches for the fifth year in a row. Russian ISPs blocked Google News as tension with the Wagner Group mounted Friday. Ukrainian hacktivist auxiliaries break into Russian radio broadcasts. New EU sanctions are directed against Russian IT firms. Read More
GitHub warns of SAML auth bypass flaw in Enterprise Server
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. […] Read More
Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for the next Super BowI. And the International Criminal Court confirms that it’s sustained a cyberespionage incident. Read More
Google Pixel Phone Zero-days Exploited by Forensic Firms in the Wild : Patch Now
[[{“value”:”
The Pixel Update Bulletin details security vulnerabilities and functional improvements for supported devices.
Updating to the April 2024 security patch level (2024-04-05 or later) addresses all these issues and those included in the April 2024 Android Security Bulletin.
The device’s security patch level can be checked through the “Check and update your Android version” option. In contrast, Google strongly recommends installing this update on all supported Pixel devices to maintain security and improve functionality.
Google released an update addressing security vulnerabilities on Pixel devices. The update patches two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) that might be under limited, targeted attacks.
CVE-2024-29745 is an information disclosure vulnerability in the bootloader. This program loads the operating system, while CVE-2024-29748 is a privilege escalation vulnerability in the Pixel firmware, potentially allowing attackers to gain more control over the device.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
It is recommended that all Pixel users update their devices to the latest security patch (April 5, 2024, or later) to mitigate these vulnerabilities.
Android publishes security patches to address vulnerabilities in the Android Open Source Project (AOSP). These patches are grouped by the component they impact and described in detail.
Android Open Source Project
Each patch includes a table that includes the Common Vulnerabilities and Exposures (CVE) identifier, links to relevant references, the type of vulnerability, its severity level, and which versions of AOSP are updated (if applicable).
When available, the public code change that fixes the vulnerability is linked to the bug ID, and if there are multiple code changes associated with a single bug, there are links to additional references following the bug ID.
According to the Pixel Update Bulletin for April 2024, Google Pixel devices are vulnerable to multiple security exploits.
Security Bulletin Table
The most critical vulnerability (CVE-2024-29740) resides in the ACPM (Advanced Configuration and Power Management) component and could potentially allow attackers to compromise the device ultimately.
Other high-severity vulnerabilities affect the S2MPU (Sensor Management Processing Unit), Pixel firmware, Companion app, and other ACPM components.
Google has released security patches addressing these vulnerabilities in the April 5th security patch level update, in which it is recommended that all Pixel users update their devices to the latest security patch level as soon as possible.
Components of the Qualcomm
The Android Security Team acknowledges several researchers who identified and reported vulnerabilities (CVEs) in Qualcomm components that affect various Qualcomm subcomponents and have varying severity levels.
The report highlights researchers like Alena Skliarova (CVE-2024-0026, etc.), CheolJun Park (CVE-2023-32890, etc.), and Daniel Micay (CVE-2024-29745, etc.) for their contributions and also details vulnerabilities discovered by Google employees like Martijn Bogaard (CVE-2024-27231, etc.) and Mostafa Saleh (CVE-2024-29741).
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide