Security
Headlines
HeadlinesLatestCVEs

Tag

#android

A week in security (March 10 – March 16)

A list of topics we covered in the week of March 10 to March 16 of 2025

Malwarebytes
Open in Source
#vulnerability#ios#android#apple#google
Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…

End-to-End Encrypted Texts Between Android and iPhone Are Coming

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol

North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

Sungrow iSolarCloud Android App WiNet Firmware

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment: iSolarCloud Android App, WiNet Firmware Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sungrow software products are affected: iSolarCloud Android App: Version 2.1.6 and prior WiNet Firmware: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks. This may allow an attacker to impersonate the iSolarCloud server and communicate with the And...

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”

Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.

Android devices track you before you even sign in

Google spies on Android device users, starting from even before they have logged in to their Google account.

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)

This week on the Lock and Code podcast, we speak with Tim Shott about his attempt to find his location data following a major data breach.

Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets

Plus: The world’s “largest illicit online marketplace” gets hit by regulators, police seize the Garantex crypto exchange, and scammers trick targets by making up ransomware attacks.