mobile security Archives - Page 4 of 13

Android App Developers Required by Google to Share More Info on Data Handling

Issued by: Security Week

Planned as a safety section in Google Play, the change is expected to “help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security.” Google is already asking developers to say whether their application is collecting user data, but the new requirement will…

Malware & Threats

FluBot Android Malware Expected to Start Targeting U.S.

Issued by: Security Week

Initially observed in Spain, FluBot has since expanded operations to reach Germany, Hungary, Italy, Poland, and the UK as well, with tens of thousands of malicious SMS messages that leverage FedEx, DHL, and Correos lures being sent hourly. The malware is believed to have made over 7,000 victims in the UK alone, where the campaign…

Application Security

FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities

Issued by: Security Week

Last Thursday (April 15th), Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a focus on 5g networks and software and cloud services vulnerabilities. “I am committed to working with our federal partners and the private sector to increase the security and resiliency of our nation’s…

Malware & Threats

Google Patches Critical Code Execution Vulnerability in Android

Issued by: Security Week

Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the 2021-04-01 security patch level. “The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file…

Vulnerabilities

VMware Patches Critical Flaw in Carbon Black Cloud Workload

Issued by: Security Week

Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface for the appliance and exists because attackers could bypass authentication through manipulation of a URL on the interface. “A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance…

Application Security

Apple Patches Under-Attack iOS Zero-Day

Issued by: Security Week

The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple’s flagship iOS platform and the company said it was “aware of reports that an exploit for this issue exists in the wild.” As is customary, the company did not provide any additional details on the in-the-wild attacks. A brief advisory describes…

Vulnerabilities

F5 Patches Four Critical Bugs in Big-IP Suite

Issued by: Security Week

The BIG-IP software powers a wide range of products, including hardware, modularized software, and virtual appliances, which run on the TMOS architecture and provide customers with modules that support load balancing, firewall, access control, threat protection, and more. On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which…

Vulnerabilities

Apple Patches Remote Code Execution Bug in WebKit

Issued by: Security Week

Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim…

Mobile Security

Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers

Issued by: Security Week

The issue, the company notes, is rooted in the fact that many developers tend to overlook the security of cloud containers during the development process. Cloud services help resolve the issue of storage space on mobile devices, and developers have numerous such solutions to choose from, some of the most popular being Amazon Web Services,…

Mobile Security

Mobile Health Apps Found to Expose Records of Millions of Users

Issued by: Security Week

Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII). With people increasingly relying on mHealth apps during the COVID-19 pandemic,…