#android

In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.

10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA México. These apps alone

User data related to at least 500,000 Android accounts at risk

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

By Owais Sultan In this digital era, online threats are booming as much as the internet user base. Sometimes, malware infects… This is a post from HackRead.com Read the original post: Fake Updates Continue To Be A Digital Risk: What To Do?

By Deeba Ahmed The takedown resulted from a global law enforcement operation involving eleven countries, headed by Europol’s European Cybercrime Center.… This is a post from HackRead.com Read the original post: Authorities Take Down SMS-based FluBot Android Spyware

An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report.

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.