Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Tips for Preventing Breaches in 2025

Hackers are constantly evolving, and so too should our security protocols.

DARKReading
Open in Source
#vulnerability#android#cisco#ddos#auth#mongo#ssl
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

Cybercrime Gangs Abscond With Thousands of AWS Credentials

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails

SUMMARY Zimperium’s zLabs has shared its latest research with Hackread.com, ahead of its publishing on December 10. According…

CVE-2024-49057: Microsoft Defender for Endpoint on Android Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user must install and use a specially-crafted malicious application on their Android device.

Attackers Can Use QR Codes to Bypass Browser Isolation

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.

Google Launches Open Source Patch Validation Tool

Vanir automates the process of scanning source code to identify missing security patches.

New DroidBot Android Spyware Targeting Banking and Crypto Users

DroidBot, a sophisticated Android RAT, is targeting individuals and financial institutions across Europe.

GHSA-3hpf-ff72-j67p: shared_preferences_android vulnerability

### Impact Due to some data types not being natively representable for the available storage options, shared_preferences_android serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code execution. As a result, Files containing the preferences can be overwritten with a malicious one with a deserialization payload that triggers as soon as the data is loaded from the disk. ### Patches 2.3.4 ### Workarounds Update to the latest version of shared_preferences_android that contains the changes to address this vulnerability. ### References TBD ### For more information See [our community page](https://dart.dev/community) to find ways to contact the team. ### Thanks Thank you so much to Oskar Zeino-Mahmalat from sonarsource for finding and reporting this issue!

FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's