Google Pixel | Breaking Cybersecurity News | The Hacker News

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745  - An information disclosure flaw in the bootloader component CVE-2024-29748  - A privilege escalation flaw in the firmware component "There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google  said  in an advisory published April 2, 2024. While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." "CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking," they  said  in a series of posts on X (formerly Twitter). "Forensic companies are rebooting devices in After First U

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as  CVE-2022-20465  and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's  monthly Android update  for November 2022. "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass,  said  in a write-up of the flaw. The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps - Supply incorrect fingerprint three times to disable biometric authentication on the locked device Hot swap  the SIM card in the device with an attacker-controlled SIM that has a PIN code set up Enter incorrect SIM pin thric

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica