HackDig : Dig high-quality web security articles

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “g
Publish At:2023-01-26 15:36 | Read:60450 | Comments:0 | Tags:Mobile Security Risk Management App Security Apple Apple App

Apple Patches WebKit Code Execution Flaws

Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multi
Publish At:2023-01-23 18:28 | Read:53471 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities

Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.An alternative app marketplace, the Galaxy Store comes pre-installed on Samsung’s Android devices and can be used alongside Google Play to download and install soft
Publish At:2023-01-23 12:00 | Read:60373 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Application Security Vul

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses ove
Publish At:2023-01-10 23:32 | Read:85280 | Comments:0 | Tags:Mobile Security Application Security Fraud Protection Malwar

Justices Turn Away Israeli Spyware Maker in WhatsApp Suit

The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.WhatsApp parent
Publish At:2023-01-09 14:30 | Read:153584 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy

FCC Proposes Tighter Data Breach Reporting Rules for Wireless Carriers

The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers.The updated rules, the FCC says, will fall in line with recent changes in federal and state laws regarding data breaches in other sectors.FCC chairwoman Jessica Rosenworcel initially shared the Notice of Proposed Rulemaking (NPRM) wit
Publish At:2023-01-09 10:32 | Read:119929 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Incident Response Wirele

Nearly 300 Vulnerabilities Patched in Huawei's HarmonyOS in 2022

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.Huawei smartphones and other devices ran Android until 2019, when the US government barred American companies from selling software and technology to the Chinese firm.Later that year, Huawei unveiled its new HarmonyOS operating system, which works on a wide
Publish At:2023-01-03 10:32 | Read:80863 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States.The attack method, named EarSpy, is described in a paper published
Publish At:2022-12-28 10:31 | Read:103283 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Mobile & Wir

Godfather Android Banking Trojan Targeting Over 400 Applications

The Godfather Android banking trojan has been observed targeting over 400 banking and crypto applications in 16 countries, threat intelligence firm Group-IB warns.Godfather was initially observed in June 2021 and is believed to be the successor of the Anubis banking trojan, likely built on top of the Anubis source code that leaked in 2019.Compared to Anubis,
Publish At:2022-12-22 06:33 | Read:108364 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Malware Malw

How to Browse Privately on Your Phone

Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages.  While being able to browse whenever and wherever you want is convenient, yo
Publish At:2022-12-15 18:15 | Read:121911 | Comments:0 | Tags:Mobile Security VPN incognito mode phone security phone priv

US Government Agencies Issue Guidance on Threats to 5G Network Slicing

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.The document explains that “a network slice is an end-to-end logical network that provides spe
Publish At:2022-12-15 10:31 | Read:107114 | Comments:0 | Tags:Mobile Security Network Security NEWS & INDUSTRY Wireles

Apple Patches Zero-Day Vulnerability Exploited Against iPhones

Apple on Tuesday published 10 new advisories describing vulnerabilities affecting its products, including a zero-day that has been exploited against iPhone users.Apple announced on November 30 that an advisory for iOS 16.1.2 would be released in the coming days. The advisory was published two weeks later, on Patch Tuesday, and it’s unclear why the tech giant
Publish At:2022-12-14 10:31 | Read:117038 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Adobe Patches 38 Flaws in Enterprise Software Products

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple enterprise-facing products.The San Jose, California software maker said the flaws could expose users to code execution and privilege escalation attacks across all computer platforms.The most serious vulnerabil
Publish At:2022-12-13 18:27 | Read:126769 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

2022’s Top 5 App Security Tips

Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some people’s digital safety. Cybercriminals take ever
Publish At:2022-12-10 02:23 | Read:161870 | Comments:0 | Tags:Mobile Security app security online safety digital identity

Apple Scraps CSAM Detection Tool for iCloud Photos

Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.Instead, the Cupertino, California device maker said it would expand investments into different tooling and features to warn children if they receive or a
Publish At:2022-12-08 14:29 | Read:145577 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud