Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia

Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information

The Hacker News
Open in Source
#web#android#windows#apple#google#microsoft#wordpress#auth#The Hacker News
CVE-2022-47757: Arbitrary Code Execution via file download

In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.

Google Authenticator WILL get end-to-end encryption. Eventually.

Categories: News Google has promised to add end-to-end encryption to Google Authenticator backups after users were warned against turning on the new feature. (Read more...) The post Google Authenticator WILL get end-to-end encryption. Eventually. appeared first on Malwarebytes Labs.

Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts

The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.

Apple and Google Join Forces to Stop Unauthorized Tracking Alert System

Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and

BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware

CVE-2023-2000: Security Updates

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate

CVE-2022-48186

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.

Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022

Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity