There are plenty of articles explaining the security issues with android webview, like this article & this one. Many of these resources talk about the risks that an untrusted page, loaded inside a webview, poses to the underlying app. The threats become more prominent especially when javascript  and/or the javascript interface is enabled on the webview.

Mozilla releases Firefox version 74.0.1 to address two vulnerabilities exploited by threat actors in attacks in the wild, users should update their browsers asap. Mozilla is urging users to install the latest version of its browser, Firefox 74.0.1, which addresses two bugs that are being exploited in the wild by threat actors. The two vulnerabilities

An APT group is exploiting the flaws patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. An APT group is exploiting two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. The first issue, tracked as CVE-2019-17026, affects the Firefox browser and wa

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan.The Firefox vulnerability is CVE-2019-17026, which Mozilla patched in early January, and the Internet Explorer flaw is CVE-2020-0674, which Microsoft patched in February with its month

Microsoft has been forced to alert several dozen hospitals in a “first of its kind notification” that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints.The tech giant claimed that attackers behind the REvil (Sodinokibi) variant, for one, are probing the internet for vulnerable systems, wi

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked a

byPaul DucklinIf you’re at home right now – and who isn’t? – then you’ve probably heard of Houseparty.It’s a social networking app that came out back in 2015 and was bought by Epic Games – famous for Unreal and Fortnite – in the middle of 2019.The name gives you a good idea of what is does: simply put, you go o

The Zeus Sphinx malware is back, operators are now spreading it exploiting the interest in the Coronavirus outbreak. The Zeus Sphinx malware is back, it was observed in a new wave of attacks attempting to exploit the interest in the Coronavirus outbreak. Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor.DrayTek is a Taiwan-based manufacturer of networking equipment, including routers, firewalls, broadband customer premises equipment (CPE), and VPN devices.In early December 2019, researche

Criminals are preying on a fearful public and disrupting the provision of medical care during the coronavirus pandemic by selling counterfeit products, impersonating health workers and hacking computers as many citizens do their jobs online at home, European law enforcement agency Europol said Friday.In one instance, a cyberattack on a major hospital in the

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited.According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 (aka Evil Corp) and Sile

ACROS Security’s 0patch service released unofficial patches for two Windows flaws actively exploited by attackers in the wild. ACROS Security’s 0patch service released unofficial patches for two Windows vulnerabilities actively exploited by attackers in the wild, both issues have yet to be fixed by Microsoft. A few days ago, Microsoft warned of hacker

ACROS Security’s 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes.Microsoft revealed earlier this week that it had become aware of targeted attacks exploiting two Windows zero-days related to the way the Adobe Type Manager library handles Type 1 PostScript fonts.Ad

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports.The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware. Vulnerabilities a