Summary

Top Articles:

  • Android users: watch out for this fake address bar trick
  • New Android malware on Google Play installed 3 million times
  • Announcing AMP Real URL
  • EarSpy attack eavesdrops on Android phones via motion sensors
  • Malicious Android app found powering account creation service
  • FBI asks Apple to help it unlock iPhones of naval base shooter
  • New strain of Cerberus Android banking trojan can steal Google Authenticator codes
  • Google will boost Android security through firmware hardening
  • Using WiFi connection probe requests to track users
  • Amazon fixes high-severity vulnerability in Android Photos app

Google fixed critical zero-click RCE in Android

Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered. An […]

...more

Google will boost Android security through firmware hardening

Published: 2023-02-21 17:30:00

Popularity: 67

Author: Bill Toulas

Keywords:

  • Security
  • Mobile
  • Google has presented a plan to strengthen the firmware security on secondary Android SoCs (systems on a chip) by introducing mechanisms like control flow integrity, memory safety systems, and compiler-based sanitizers. [...]

    ...more

    EarSpy attack eavesdrops on Android phones via motion sensors

    Published: 2022-12-27 13:39:20

    Popularity: 227

    Author: Bill Toulas

    Keywords:

  • Security
  • Mobile
  • A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech. [...]

    ...more

    Malicious Android app found powering account creation service

    Published: 2022-11-28 22:52:53

    Popularity: 199

    Author: Bill Toulas

    Keywords:

  • Security
  • Google
  • Mobile
  • ​A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...]

    ...more

    New Android malware on Google Play installed 3 million times

    Published: 2022-07-13 15:00:33

    Popularity: 739

    Author: Bill Toulas

    Keywords:

  • Security
  • Google
  • Mobile
  • A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [...]

    ...more

    Amazon fixes high-severity vulnerability in Android Photos app

    Published: 2022-06-29 11:00:00

    Popularity: 48

    Author: Bill Toulas

    Keywords:

  • Security
  • Mobile
  • Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. [...]

    ...more

    Using WiFi connection probe requests to track users

    Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about […] The post Using WiFi connection probe requests to track users appeared first on Security Affairs.

    ...more

    Google addresses actively exploited Android flaw in the kernel

    Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600. The CVE-2021-22600 is a privilege escalation issue that […] The post Google addresses actively exploited Android flaw in the kernel appeared first on Security Affairs.

    ...more

    Telegram is becoming the paradise of cyber criminals

    Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Many experts believe that the popular Telegram app is an efficient alternative to dark web marketplaces, its channels are used by hacking communities and cybercriminals to buy and sell stolen data, accesses […] The post Telegram is becoming the paradise of cyber criminals appeared first on Security Affairs.

    ...more

    WhatsApp CVE-2020-1910 bug could have led to user data exposure

    The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […] The post WhatsApp CVE-2020-1910 bug could have led to user data exposure appeared first on Security Affairs.

    ...more

    Google addresses 4 zero-day flaws in Android exploited in the wild

    Google released Android Security Bulletin for May 2021 security updates that address four zero-day vulnerabilities that were exploited in the wild. Android Security Bulletin for May 2021 security updates address four zero-day vulnerabilities, tracked as CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664, that were actively exploited in the wild. The four vulnerabilities impact Qualcomm GPU and Arm […] The post Google addresses 4 zero-day flaws in Android exploited in the wild appeared first on Security Affairs.

    ...more

    Flaws in mobile Internet protocol GTP allow hackers to target 5G users

    Security vulnerabilities in modern communication protocol GTP used by mobile network operators can be exploited by attackers to target 4G/5G users. Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNOs). Threat actors could exploit these flaws to conduct several […] The post Flaws in mobile Internet protocol GTP allow hackers to target 5G users appeared first on Security Affairs.

    ...more

    New strain of Cerberus Android banking trojan can steal Google Authenticator codes

    Published: 2020-02-27 13:21:26

    Popularity: 74

    Author: Pierluigi Paganini

    Keywords:

  • Breaking News
  • Cyber Crime
  • Malware
  • Mobile
  • Android
  • Cerberus
  • it security
  • it security news
  • malware
  • Security Affairs
  • security affairs news
  • Security News
  • Trojan
  • 🤖: "Trojan alert"

    Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time passcodes (OTP) generated through Google Authenticator that is used as part of 2FA to protect online […] The post New strain of Cerberus Android banking trojan can steal Google Authenticator codes appeared first on Security Affairs.

    ...more

    FBI asks Apple to help it unlock iPhones of naval base shooter

    This could signal a renewed war between Apple and law enforcement over breaking encryption.

    ...more

    Android users: watch out for this fake address bar trick

    Published: 2019-04-30 14:38:05

    Popularity: 1221

    Author: Danny Bradbury

    Keywords:

  • Android
  • Google
  • iOS
  • Mobile
  • Operating Systems
  • Organisations
  • Phishing
  • Security threats
  • Technologies
  • chrome
  • css
  • Fake URL
  • phishing
  • When is an address bar not an address bar? When it's a fake.

    ...more

    Announcing AMP Real URL

    Published: 2019-04-17 00:45:00

    Popularity: 630

    Author: Zack Bloom

    Keywords:

  • AMP
  • Mobile
  • Perfomance
  • Product News
  • The promise of the AMP (Accelerated Mobile Pages) project was that it would make the web, and, in particular, the mobile web, much more pleasant to surf. The AMP HTML framework was designed to make web pages load quickly.

    ...more

    end