Android Archives - Page 3 of 9 - Cyber Security Minute

Comprehensive Traceability for Android Supply-Chain Security

Issued by: Trend Micro Blog

Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant…

Application Security

Google Improves Chrome Protections Against Use-After-Free Bug Exploitation

Issued by: Security Week

A type of memory corruption bugs, use-after-free issues occur when a program does not clear the pointer after freeing memory allocation. These flaws could lead to arbitrary code execution, data corruption, or denial of service. Use-after-free vulnerabilities may also be combined with other security flaws, leading to complete system compromise. The exploitation of use-after-free issues…

Cloud Security, Mobile Security

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

Issued by: Dark Reading

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…

Mobile Security, Vulnerabilities

TikTok for Android Bug Allows Single-Click Account Hijack

Issued by: Dark Reading

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a single click. Microsoft discovered the high-severity vulnerability in the handling of one of TikTok for…

Malware & Threats

‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud

Issued by: Security Week

Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. Exobot was used in…

Malware & Threats

TianySpy Malware Uses Smishing Disguised as Message From Telco

Issued by: Trend Micro Blog

It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is…

Application Security

Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users

Issued by: Security Week

The defendant is Alexander Alexandrovich Solonchenko, whom Facebook says used the online monikers “Solomame” and “barak_obama” on the RaidForums hacker forum, where he allegedly sold illegally obtained information. According to the social media giant, Solonchenko, who worked as a freelance computer programmer, abused its Contact Importer tool to scrape the user IDs and phone numbers…

Mobile Security

Installing unknown apps in Android: a safety guide

Issued by: Kaspersky Blog

For Android users, installing applications from Google Play, and Google Play only, is the wise choice. With its strong safety rules, official app monitoring, plentiful user reviews, and security researcher scrutiny, Android’s official store tends to be a safe place for downloading apps. Even when malware does make it to Google Play, it is quickly…

Application Security

Google Patches High-Risk Android Security Flaws

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Vulnerabilities

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case

Issued by: Security Week

U.S. District Judge Paul A. Crotty said in a written order that Joshua Schulte had shown that he was sure he wanted to act as his own lawyer. Schulte, 32, faces an October trial on charges that he leaked CIA secrets to WikiLeaks, which published materials in 2017 that revealed how the CIA hacked Apple…