Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates. Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088. The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered. An […]
...moreSummary
Total Articles Found: 16
Top sources:
Top Keywords:
- Mobile: 16
- Security: 9
- Security Affairs: 8
- Security News: 8
- hacking news: 7
Top Authors
- Pierluigi Paganini: 8
- Bill Toulas: 5
- Lisa Vaas: 1
- Danny Bradbury: 1
- Zack Bloom: 1
Top Articles:
- Android users: watch out for this fake address bar trick
- New Android malware on Google Play installed 3 million times
- Announcing AMP Real URL
- EarSpy attack eavesdrops on Android phones via motion sensors
- Malicious Android app found powering account creation service
- FBI asks Apple to help it unlock iPhones of naval base shooter
- New strain of Cerberus Android banking trojan can steal Google Authenticator codes
- Google will boost Android security through firmware hardening
- Using WiFi connection probe requests to track users
- Amazon fixes high-severity vulnerability in Android Photos app
Google fixed critical zero-click RCE in Android
Published: 2023-12-05 08:02:58
Popularity: 19
Author: Pierluigi Paganini
Keywords:
Google will boost Android security through firmware hardening
Google has presented a plan to strengthen the firmware security on secondary Android SoCs (systems on a chip) by introducing mechanisms like control flow integrity, memory safety systems, and compiler-based sanitizers. [...]
...moreEarSpy attack eavesdrops on Android phones via motion sensors
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech. [...]
...moreMalicious Android app found powering account creation service
A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...]
...moreNew Android malware on Google Play installed 3 million times
A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. [...]
...moreAmazon fixes high-severity vulnerability in Android Photos app
Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. [...]
...moreUsing WiFi connection probe requests to track users
Published: 2022-06-13 07:52:41
Popularity: 56
Author: Pierluigi Paganini
Keywords:
Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about […] The post Using WiFi connection probe requests to track users appeared first on Security Affairs.
...moreGoogle addresses actively exploited Android flaw in the kernel
Published: 2022-05-05 19:47:00
Popularity: 12
Author: Pierluigi Paganini
Keywords:
Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600. The CVE-2021-22600 is a privilege escalation issue that […] The post Google addresses actively exploited Android flaw in the kernel appeared first on Security Affairs.
...moreTelegram is becoming the paradise of cyber criminals
Published: 2021-09-27 07:56:11
Popularity: None
Author: Pierluigi Paganini
Keywords:
Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Many experts believe that the popular Telegram app is an efficient alternative to dark web marketplaces, its channels are used by hacking communities and cybercriminals to buy and sell stolen data, accesses […] The post Telegram is becoming the paradise of cyber criminals appeared first on Security Affairs.
...moreWhatsApp CVE-2020-1910 bug could have led to user data exposure
Published: 2021-09-02 21:20:19
Popularity: None
Author: Pierluigi Paganini
Keywords:
The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp’s image filter feature, tracked as CVE-2020-1910, could have been exploited by attackers to read sensitive information from the app’s memory by simply sending a specially crafted image over the messaging app […] The post WhatsApp CVE-2020-1910 bug could have led to user data exposure appeared first on Security Affairs.
...moreGoogle addresses 4 zero-day flaws in Android exploited in the wild
Published: 2021-05-19 18:39:44
Popularity: None
Author: Pierluigi Paganini
Keywords:
Google released Android Security Bulletin for May 2021 security updates that address four zero-day vulnerabilities that were exploited in the wild. Android Security Bulletin for May 2021 security updates address four zero-day vulnerabilities, tracked as CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664, that were actively exploited in the wild. The four vulnerabilities impact Qualcomm GPU and Arm […] The post Google addresses 4 zero-day flaws in Android exploited in the wild appeared first on Security Affairs.
...moreFlaws in mobile Internet protocol GTP allow hackers to target 5G users
Published: 2020-06-15 22:42:36
Popularity: None
Author: Pierluigi Paganini
Keywords:
Security vulnerabilities in modern communication protocol GTP used by mobile network operators can be exploited by attackers to target 4G/5G users. Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNOs). Threat actors could exploit these flaws to conduct several […] The post Flaws in mobile Internet protocol GTP allow hackers to target 5G users appeared first on Security Affairs.
...moreNew strain of Cerberus Android banking trojan can steal Google Authenticator codes
Published: 2020-02-27 13:21:26
Popularity: 74
Author: Pierluigi Paganini
Keywords:
LLM Says: "Trojan alert"
Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time passcodes (OTP) generated through Google Authenticator that is used as part of 2FA to protect online […] The post New strain of Cerberus Android banking trojan can steal Google Authenticator codes appeared first on Security Affairs.
...moreFBI asks Apple to help it unlock iPhones of naval base shooter
Published: 2020-01-09 11:41:31
Popularity: 188
Author: Lisa Vaas
Keywords:
This could signal a renewed war between Apple and law enforcement over breaking encryption.
...moreAndroid users: watch out for this fake address bar trick
Published: 2019-04-30 14:38:05
Popularity: 1221
Author: Danny Bradbury
Keywords:
When is an address bar not an address bar? When it's a fake.
...moreAnnouncing AMP Real URL
Published: 2019-04-17 00:45:00
Popularity: 630
Author: Zack Bloom
Keywords:
The promise of the AMP (Accelerated Mobile Pages) project was that it would make the web, and, in particular, the mobile web, much more pleasant to surf. The AMP HTML framework was designed to make web pages load quickly.
...more