Political hackers strike City of Fort Worth, in protest at anti-trans legislation
The city of Fort Worth in Texas announced on Saturday that it had suffered a security breach that saw hackers claim to have gained unauthorised access to data.
But it doesn’t appear, for now at least, that the hackers are attempting to extort a ransom from the city…
Google Pixel Phone Zero-days Exploited by Forensic Firms in the Wild : Patch Now
[[{“value”:”
The Pixel Update Bulletin details security vulnerabilities and functional improvements for supported devices.
Updating to the April 2024 security patch level (2024-04-05 or later) addresses all these issues and those included in the April 2024 Android Security Bulletin.
The device’s security patch level can be checked through the “Check and update your Android version” option. In contrast, Google strongly recommends installing this update on all supported Pixel devices to maintain security and improve functionality.
Google released an update addressing security vulnerabilities on Pixel devices. The update patches two critical vulnerabilities (CVE-2024-29745 and CVE-2024-29748) that might be under limited, targeted attacks.
CVE-2024-29745 is an information disclosure vulnerability in the bootloader. This program loads the operating system, while CVE-2024-29748 is a privilege escalation vulnerability in the Pixel firmware, potentially allowing attackers to gain more control over the device.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
It is recommended that all Pixel users update their devices to the latest security patch (April 5, 2024, or later) to mitigate these vulnerabilities.
Android publishes security patches to address vulnerabilities in the Android Open Source Project (AOSP). These patches are grouped by the component they impact and described in detail.
Android Open Source Project
Each patch includes a table that includes the Common Vulnerabilities and Exposures (CVE) identifier, links to relevant references, the type of vulnerability, its severity level, and which versions of AOSP are updated (if applicable).
When available, the public code change that fixes the vulnerability is linked to the bug ID, and if there are multiple code changes associated with a single bug, there are links to additional references following the bug ID.
According to the Pixel Update Bulletin for April 2024, Google Pixel devices are vulnerable to multiple security exploits.
Security Bulletin Table
The most critical vulnerability (CVE-2024-29740) resides in the ACPM (Advanced Configuration and Power Management) component and could potentially allow attackers to compromise the device ultimately.
Other high-severity vulnerabilities affect the S2MPU (Sensor Management Processing Unit), Pixel firmware, Companion app, and other ACPM components.
Google has released security patches addressing these vulnerabilities in the April 5th security patch level update, in which it is recommended that all Pixel users update their devices to the latest security patch level as soon as possible.
Components of the Qualcomm
The Android Security Team acknowledges several researchers who identified and reported vulnerabilities (CVEs) in Qualcomm components that affect various Qualcomm subcomponents and have varying severity levels.
The report highlights researchers like Alena Skliarova (CVE-2024-0026, etc.), CheolJun Park (CVE-2023-32890, etc.), and Daniel Micay (CVE-2024-29745, etc.) for their contributions and also details vulnerabilities discovered by Google employees like Martijn Bogaard (CVE-2024-27231, etc.) and Mostafa Saleh (CVE-2024-29741).
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
E-commerce sites using Adobe’s Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.
The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
"The attacker seems to be Read More
The Hacker News | #1 Trusted Cybersecurity News Site