#android

Categories: News Tags: cryptojackers Tags: CISA Tags: Reddit Tags: social engineering Tags: Google Tags: PLex Tags: Hikvision Tags: patch management Tags: ChromeOS Tags: Twitter Tags: Binance Tags: Gitlab Tags: TrickBot Tags: LastPass The important security news of this week (Read more...) The post A week in security (August 22 - August 28) appeared first on Malwarebytes Labs.

Categories: Android Categories: News A PDF reader found on Google Play with over one million downloads is aggressively displaying full screen ads, even when the app is not in use. (Read more...) The post Adware found on Google Play — PDF Reader servicing up full screen ads appeared first on Malwarebytes Labs.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Russia’s invasion of Ukraine was once the most talked about story in the world. Six months into the conflict, modern attention spans have moved on to other news stories. But Ukraine Independence Day yesterday should serve as a reminder to everyone that the threats to Ukraine have not gone anywhere.  The country still faces a physical conflict with Russia every day that seemingly has no easy end, and the barrage of cyber attacks is suspected to continue.   As discussed in our livestream yesterday, Talos continues to see evolving cybersecurity threats in the region, including the most recent GoMet backdoor. And as Joe Marshall highlighted in his blog post last week, Ukraine’s agriculture industry — which is vital to the global food supply chain — remains vulnerable to kinetic and virtual attacks. Because there’s been no one major cyber attack against Ukraine since Russia’s invasion began, the larg...

By Deeba Ahmed Microsoft has warned that the new post-compromise backdoor MagicWeb lets hackers "authenticate as anyone." This is a post from HackRead.com Read the original post: SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence.

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known

By Deeba Ahmed According to Dr. Web, the backdoor comes pre-installed in Counterfeit Android devices targeting WhatsApp and WhatsApp Business messengers. This is a post from HackRead.com Read the original post: Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

Categories: News Tags: CSAM Tags: de-Google Tags: AI Tags: NCMEC Tags: EFF Tags: false positive Tech giants are scanning our private files to find predators guilty of sexually abusing children, but they are creating victims of their own. (Read more...) The post Google flags man as sex abuser after he sends photos of child to doctor appeared first on Malwarebytes Labs.

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by