HackDig : Dig high-quality web security articles

A week in security (January 10 – 16)

Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock downSome Android users can disable 2G now and why that is a good thingPhishers on the prowl with fake parking meter QR codesUpdate now: Microsoft patches 97 bugs including 6 zero-days and a wormable oneSoftware engineer hacked webcams to spy on girls—Here’s how to protec
Publish At:2022-01-17 08:50 | Read:96 | Comments:0 | Tags:A week in security 2G Android Facebook Pixel Hunt fifa 22 mi

Android users can now disable 2G to block Stingray attacks

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators.The addition of the option was spotted by EFF (Electronic Frontier Foundation), which calls the development a victory for privacy protection.Caught by “stingrays
Publish At:2022-01-13 18:34 | Read:193 | Comments:0 | Tags:Security Google android

Some Android users can disable 2G now and why that is a good thing

The Electronic Frontier Foundation (EFF) has happily informed people that Google has quietly pushed a new feature to its Android operating system allowing users to optionally disable 2G at the modem level in their phones. This is beneficial because 2G uses weak encryption between the tower and device that can be cracked in real time by an attacker to inte
Publish At:2022-01-13 12:46 | Read:153 | Comments:0 | Tags:Android 2G Allow 2G Cell-site simulators EFF encryption andr

Firefox Focus now blocks cross-site tracking on Android devices

Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity.Firefox Focus is a lightweight browser for mobile platforms (Android and iOS) designed to protect users' privacy by blocking ads and content trackers.
Publish At:2022-01-11 18:34 | Read:118 | Comments:0 | Tags:Security android

CVE-2021-39623 Libstagefright (Media Framework on Android) with OOB write on the heap

Hi list,Maybe you will find it interesting.Forcedentry state of the art exploit (as I read) used by NSO made itbig. Libstagefright (Media Framework on Android) with OOB write on theheap (with Scudo) which can possibly own your Mobile by playing anaudio file, didn't. Note: Not sure if you can do RCE with it. Leave itto experts :PHere is the repo with rep
Publish At:2022-01-11 13:15 | Read:238 | Comments:0 | Tags: android

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. A recent SMISHING campaign spotted by CSIRT KNF, FluBot targeted Polish users with a messaging asking th
Publish At:2022-01-08 13:00 | Read:170 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android Cybercrime

Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates

Google this week published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS.The January 2022 Android Security Bulletin describes a total of 35 vulnerabilities addressed across two patch levels, the majority of which have
Publish At:2022-01-05 09:00 | Read:296 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Riskware Android streaming apps found on Samsung's Galaxy store

Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices.As reported first by Android Police, the malicious apps mimic ShowBox, a pirate app that went bust in 2018, after a coalition of movie studios managed to identify its operator and filed laws
Publish At:2021-12-28 14:37 | Read:260 | Comments:0 | Tags:Security Mobile android

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco 
Publish At:2021-12-27 06:23 | Read:429 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android Android mal

Android banking trojan spreads via fake Google Play Store page

An Android banking trojan targeting Itaú Unibanco, a large financial services provider in Brazil with 55 million customers globally, has deployed an unusual trick to spread to devices.The actors have set up a page that looks very close to Android's official Google Play app store to trick visitors into thinking they are installing the app from a trustw
Publish At:2021-12-24 14:37 | Read:419 | Comments:0 | Tags:Security Mobile android

Three trivial bugs in Microsoft Teams Software remain unpatched

Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication software that could allow accessing internal Microsoft services, spoofing the link preview, and, fo
Publish At:2021-12-23 10:19 | Read:459 | Comments:0 | Tags:Breaking News Hacking Android data leak DOS hacking news inf

Zimperium and Intertrust Partner to Provide End-to-End Security for IoT devices

Zimperium and Intertrust’s partnership offers best-in-class protection for edge devices in trusted data ecosystems Today, Zimperium and Intertrust announced a partnership to provide end-to-end security and data management for IoT devices, apps and media services operating in Zero Trust environments. Under the terms of the partnership, Intertrust will offer Z
Publish At:2021-12-16 14:56 | Read:437 | Comments:0 | Tags:Android iOS Mobile Security Digital Rights Management iOT se

Anubis Android malware returns to target 394 financial apps

The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.The threat actors target financial institutions, cryptocurrency wallets, and virtual payment platforms by impersonating an Orange S.A. Android app that attempts to steal login credentials.The report comes from researchers at Lookou
Publish At:2021-12-14 14:37 | Read:422 | Comments:0 | Tags:Security Mobile android

Cybersecurity Webinar CISO – Android Application Security

With 2.5 billion android users across 190 countries, the digital expansion offers limitless opportunities for businesses. But along with opportunities come the challenges that plague the digital world. The digital world has several touchpoints which can become sources of a cyberattack: stealing information, executing remote commands etc. This cybersecurit
Publish At:2021-12-09 07:38 | Read:342 | Comments:0 | Tags:Android Penetration Testing Android Security Webinar Android

Android Security Updates Patch 46 Vulnerabilities

The December 2021 security updates for Android have started rolling out to users with patches for 46 vulnerabilities, including several considered critical severity.The most severe of the addressed issues is an information leakage bug in the Media framework “that could lead to remote information disclosure with no additional execution privileges needed,” Goo
Publish At:2021-12-08 06:25 | Read:298 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3