Mobile Security Archives - Page 2 of 15

Latest version of Xenomorph Android malware targets 400 banks

Issued by: Security Affairs

The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…

Mobile Security

Shein Shopping App Glitch Copies Android Clipboard Contents

Issued by: Dark Reading

A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…

Mobile Security

New York Attorney General Fines Vendor for Illegally Promoting Spyware

Issued by: Security Week

Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, and TurboSpy. Once installed on victim devices, the spyware would collect and exfiltrate data such as…

Mobile Security

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

Issued by: Security Affairs

On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed the vulnerability with improved state handling for the iPhone 6s (all models),…

Mobile Security

TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Issued by: Security Week

The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full…

Mobile Security

Google Migrating Android to Memory-Safe Programming Languages

Issued by: Security Week

Between 2019 and 2022, the annual number of reported memory safety issues in Android has dropped from 223 to 85, due to an increase in the amount of memory-safe code entering the mobile platform, and the trend is expected to continue. Memory safety bugs, Google notes, are typically the most severe type of vulnerabilities. In…

Mobile Security

PCI SSC publishes new standard for mobile payment acceptance solutions

Issued by: Help Net Security

The PCI Security Standards Council (PCI SSC) published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS (MPoC) builds on the existing PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) Standards, which individually address security requirements for solutions that enable…

Mobile Security

Google Ready to Roll Out Android Privacy Sandbox in Beta

Issued by: Security Week

The initiative was initially announced in February, with the developer preview version of the feature being released in May. The Privacy Sandbox on Android is meant to limit the sharing of user data and prevent cross-app identifiers such as advertising IDs, while supporting developers and businesses that are targeting mobile devices. In May, the internet…

Mobile Security

Google Pays $70k for Android Lock Screen Bypass

Issued by: Security Week

Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes. The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism,…

Mobile Security

Comprehensive Traceability for Android Supply-Chain Security

Issued by: Trend Micro Blog

Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant…