Android

Mobile Security

Issued by: CSO Online

Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches. “The zero-day exploits were used alongside n-day exploits and took advantage…

Mobile Security

Issued by: Security Affairs

The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations. The banking Trojan was used to target 56 European banks and steal sensitive information…

Mobile Security

Issued by: Dark Reading

A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…

Mobile Security

Issued by: Security Week

Since 2011, Hinchy has owned and operated numerous companies, including the 16 investigated by the New York OAG, for selling and promoting spyware targeting Android and iOS devices, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, and TurboSpy. Once installed on victim devices, the spyware would collect and exfiltrate data such as…

Mobile Security

Issued by: Security Week

The initiative was initially announced in February, with the developer preview version of the feature being released in May. The Privacy Sandbox on Android is meant to limit the sharing of user data and prevent cross-app identifiers such as advertising IDs, while supporting developers and businesses that are targeting mobile devices. In May, the internet…

Mobile Security

Issued by: Security Week

Tracked as CVE-2022-20465, the security bug was resolved as part of the November 2022 Android patches, and could have allowed an attacker with physical access to a device to unlock it in minutes. The issue, which Schutz accidentally discovered, could allow an attacker to unlock an Android phone by triggering the SIM PIN reset mechanism,…

Mobile Security

Issued by: Trend Micro Blog

Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant…

Application Security

Issued by: Security Week

A type of memory corruption bugs, use-after-free issues occur when a program does not clear the pointer after freeing memory allocation. These flaws could lead to arbitrary code execution, data corruption, or denial of service. Use-after-free vulnerabilities may also be combined with other security flaws, leading to complete system compromise. The exploitation of use-after-free issues…

Cloud Security, Mobile Security

Issued by: Dark Reading

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…