Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock downSome Android users can disable 2G now and why that is a good thingPhishers on the prowl with fake parking meter QR codesUpdate now: Microsoft patches 97 bugs including 6 zero-days and a wormable oneSoftware engineer hacked webcams to spy on girls—Here’s how to protec

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators.The addition of the option was spotted by EFF (Electronic Frontier Foundation), which calls the development a victory for privacy protection.Caught by “stingrays

The Electronic Frontier Foundation (EFF) has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and device that can be cracked in real time by an attacker to inte

Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity.Firefox Focus is a lightweight browser for mobile platforms (Android and iOS) designed to protect users' privacy by blocking ads and content trackers.

Hi list,Maybe you will find it interesting.Forcedentry state of the art exploit (as I read) used by NSO made itbig. Libstagefright (Media Framework on Android) with OOB write on theheap (with Scudo) which can possibly own your Mobile by playing anaudio file, didn't. Note: Not sure if you can do RCE with it. Leave itto experts :PHere is the repo with rep

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. A recent SMISHING campaign spotted by CSIRT KNF, FluBot targeted Polish users with a messaging asking th

Google this week published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS.The January 2022 Android Security Bulletin describes a total of 35 vulnerabilities addressed across two patch levels, the majority of which have

Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices.As reported first by Android Police, the malicious apps mimic ShowBox, a pirate app that went bust in 2018, after a coalition of movie studios managed to identify its operator and filed laws

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco 

An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, has deployed an unusual trick to spread to devices.The actors have set up a page that looks very close to Android's official Google Play app store to trick visitors into thinking they are installing the app from a trustw

Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication software that could allow accessing internal Microsoft services, spoofing the link preview, and, fo

Zimperium and Intertrust’s partnership offers best-in-class protection for edge devices in trusted data ecosystems Today, Zimperium and Intertrust announced a partnership to provide end-to-end security and data management for IoT devices, apps and media services operating in Zero Trust environments. Under the terms of the partnership, Intertrust will offer Z

The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.The threat actors target financial institutions, cryptocurrency wallets, and virtual payment platforms by impersonating an Orange S.A. Android app that attempts to steal login credentials.The report comes from researchers at Lookou

With 2.5 billion android users across 190 countries, the digital expansion offers limitless opportunities for businesses. But along with opportunities come the challenges that plague the digital world. The digital world has several touchpoints which can become sources of a cyberattack: stealing information, executing remote commands etc. This cybersecurit

The December 2021 security updates for Android have started rolling out to users with patches for 46 vulnerabilities, including several considered critical severity.The most severe of the addressed issues is an information leakage bug in the Media framework “that could lead to remote information disclosure with no additional execution privileges needed,” Goo