Featured Story
Google Patches New Android Kernel Vulnerability Exploited in the Wild
Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” the tech giant noted in its monthly Android security bulletin for August 2024.
It is of the utmost importance to apply the latest Android patch as this critical vulnerability is known to have been actively exploited in the wild. Smartphones are ideal targets for hackers due to their constant connectivity and vast amounts of personal and professional data. Using a reliable antivirus is strongly recommended.
Other Stories
WARNING: KIBANA VULNERABILITY LET ATTACKERS EXECUTE ARBITRARY CODE, PATCH IMMEDIATELY!
This vulnerability in Kibana 8 prior to version 8.14.2 and Kibana 7 prior to version 7.17.23 allows attackers with access to the ML and Alerting features and write access to internal ML indices to trigger a prototype vulnerability. This can lead to arbitrary code execution.
Update Kibana to the latest stable version immediately. Monitoring infrastructure is critical and must be kept secure. Remember to back up your systems before patching and test after updates.
Vulnerability Allowed Eavesdropping via Sonos Smart Speakers
NCC Group researchers disclosed vulnerabilities in Sonos smart speakers, including CVE-2023-50809, which could be exploited over Wi-Fi for remote code execution. Affected devices could be used for unauthorized eavesdropping.
This vulnerability highlights the need to update overlooked smart devices. Ensure firmware is current and avoid placing these devices in sensitive environments like meeting rooms or executive offices.
Warning: attempted smishing in the name of Partenamut
Cybercriminals are using a fake Facebook account in the name of Partenamut to conduct smishing attacks. Victims are contacted and asked to make a payment under the promise of a refund.
Threat actors often disguise themselves using legitimate brands to appear trustworthy. Be cautious of unexpected financial requests via messaging apps or social media. When in doubt, report suspicious messages to Safeonweb.
Contact the Approach Cyber SOC team for tailored support and training programs.