Tag: putting | SpinSafe

Google releases security updates for Android owners with millions warned over ‘critical’ flaws putting phones at risk

March 11, 2023/in Mobile Security

Millions of Android owners are being urged to update their devices to fix security flaws making their phones vulnerable to hackers.

Google this week released its March security updates, revealing 60 flaws including critical-level vulnerabilities that need to be addressed.

WATCH THE VIDEO ABOVE: Flip phones making a return with a modern twist.

Watch the latest News on Channel 7 or stream for free on 7plus >>

The flaws are fixed by two security patches, 2023-03-01 and 2023-03-05, that can be downloaded by updating the device.

The first patch fixes core Android components like framework, system and Google Play, while the second deals with fixes for third-party vendor components from MediaTek, Unisoc and Qualcomm.

“The most severe of these issues is a critical security vulnerability in the system component that could lead to remote code execution with no additional execution privileges needed,” Android says in its latest security bulletin.

“User interaction is not needed for exploitation.”

Google chooses to withhold additional information on the two critical-level security flaws affecting the Android system, tracked as CVE-2023-20951 and CVE-2023-20954, to prevent hackers from exploiting devices before the owners have the chance to apply the updates, Bleeping Computer reports.

Two other critical severity vulnerabilities, tracked as CVE-2022-33213 and CVE-2022-33256, have been identified on closed-source Qualcomm components, while all other flaws are high-severity vulnerabilities.

To update your device, head to settings and system update or select security and privacy and then choose security update.

“We encourage all users to update to the latest version of Android where possible,” Android said.

To learn if a device is updated to the necessary security patch level, visit here.

Aussie woman gets stuck in KFC drive through after alcohol interlock goes off.

Source…

Honolulu Transit Putting Services Back Online After Hack

December 24, 2021/in Internet Security

(TNS) — Honolulu transportation officials continue to restore online services shut down by a ransomware attack—collaborating with other entities that have fallen victim on how to best fortify systems against the barrage of cyber assaults.

The city transportation services network intrusions and disruptions on Dec. 9 infiltrated online services for TheBus, TheHandi-Van, TheBus app and its HOLO card system.

City information technology officials speculate the attack was the work of hackers affiliated with Russia but acknowledge the investigation into the incident by the FBI, Honolulu police and U.S. Secret Service is ongoing. A warning not to interfere while the hackers infiltrated OTS systems was allegedly connected to a Russian email address.

Separately last week, an apparent ransomware attack infiltrated and shut down the time-keeping services for employees at the Board of Water Supply and Emergency Medical Services—part of a nationwide offensive on public and private networks that could take weeks to fix.

Over the past year, scheduling, real-time location services and operating systems for buses and para-transit services in five other municipal transportation entities have also come under attack.

“We don’t have any specific knowledge of targeted information, but are collaborating with other transit agencies and authorities who have experienced similar cyber attacks in the past year,” Travis Ota, spokesman for the city Department of Transportation Services, in a statement to the Honolulu Star-Advertiser.

The city and OTS are working with the San Francisco Municipal Transportation Agency, New York Metropolitan Transportation Authority, Santa Clara Valley (Calif.) Transportation Authority, Dallas Area Rapid Transit and Ann Arbor (Mich.) Area Transportation Authority to understand the system disruption.

The Cybersecurity Infrastructure and Security Agency determined that Chinese government cyber actors compromised New York’s MTA.

“The Transportation Systems Sector faces a multitude of cyber threats at the hands of criminals, hackers, insiders and nation-state actors,” according to an October presentation…

Source…

Outdated routers putting internet users at risk, claims Which?

May 6, 2021/in Internet Security

Share

Millions of internet users could be at risk of hacking attacks because they are using outdated routers from their broadband providers that have security flaws, a Which? investigation has found.

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds, nine of them, had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

The consumer watchdog’s lab testing identified a range of issues with the routers. These security risks could potentially affect around 7.5 million people, based on the number of respondents who said they were using these router models in Which?’s nationally representative survey.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier. This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

The problems uncovered by Which?’s lab tests on the old router models that failed were:

Weak default passwords, which in certain circumstances could allow a cybercriminal to hack the router and access it from anywhere;
a lack of firmware updates, which are vital for both security and performance;
a local network vulnerability issue with the EE Brightbox 2. This could give a hacker full control of the device, and for example allow them to add malware or spyware, although they would have to be on the network already to attack.

The survey also suggested that 2.4 million users haven’t had a router upgrade in the last five years.

Which? is concerned that many customers are being left using old kit,…

Source…

Roblox accused of putting 100 million players at risk of data theft

May 1, 2021/in Mobile Security

Researchers have claimed that popular online game Roblox suffers from a series of security vulnerabilities that could have compromised the data of more than 100 million players, many of whom are children.

According to a report from CyberNews, Roblox is guilty of a number of “glaring” lapses in security, specifically relating to the Android application.

However, Roblox has denied the claims, stating that the research was based on inactive code and that the vulnerabilities weren’t serious at all.

A Roblox spokesperson told TechRadar Pro: “We take all reports seriously, and immediately investigated when first approached by the researcher in March. Our investigation determined there is no correlation between these claims and real risk to users’ data privacy.”

“One claim was inaccurate and the other three pertained to inactive code not used on the Roblox platform. Regardless, we deleted the inactive code as part of our commitment to the security and the safety of our users.”

Roblox security issues?

The CyberNews report alleges that the app exposed user data via four separate avenues: through misconfigurations in the Roblox Android manifest file, inadequate hashing algorithms, susceptibility to the Janus vulnerability and hardcoded API keys.

Together, these issues supposedly earned the Roblox Android app a remarkably low 10/100 score as per the Mobile Security Framework, a common test used to assess the security performance of mobile apps.

Although CyberNews acknowledged that some of the security holes have been patched in the latest versions, the researchers believe “the threat to player security is very real” and that user data such as names and email addresses could be compromised with relative ease.

Roblox

(Image credit: Roblox)

While security issues are cause for concern in any context, this is particularly true in the case of Roblox, which is played predominantly by children between the ages of 9 and 15.

Many data protection regulations worldwide, including GDPR, contain specific provisions intended to enhance the protection of children’s personal data, which means companies such as Roblox are required to go the extra mile to shield data from attack.

What’s more, according to…

Source…

Tag Archive for: putting