July 9, 2024 at 07:07AM Ongoing surveillanceware operation targets military personnel in Middle East with Android data-gathering tool GuardZoo. More than 450 victims impacted, mainly in Yemen. GuardZoo, a modified version of Dendroid RAT, has over 60 commands and uses WhatsApp for distribution. It has been using the same dynamic DNS domains for C2 operations … Read more
July 2, 2024 at 11:18AM Google has released patches for 25 security vulnerabilities in the Android operating system, including a critical flaw in the Framework component. The CVE-2024-31320 bug affects Android versions 12 and 12L, allowing an attacker to escalate privileges. The updates address various high-severity issues and advise users to promptly update their devices. … Read more
July 1, 2024 at 09:06AM Transparent Tribe, a threat actor, has been targeting individuals with malware-laced Android apps as part of a social engineering campaign. Their latest campaign, dubbed CapraTube, expanded to target mobile gamers, weapons enthusiasts, and TikTok fans. The group has a history of targeting the Indian government and military, using spear-phishing and … Read more
June 28, 2024 at 09:33AM SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that may have gone unnoticed. This week’s stories include Microsoft patching a critical Dataverse vulnerability, a credential stuffing attack on Levi Strauss, a data breach at Ventura County Credit Union, malware delivery by a South Korean ISP, and various … Read more
June 26, 2024 at 09:35AM Snowblind, a new Android malware, bypasses app anti-tampering protections by abusing the seccomp security feature. It targets apps handling sensitive data, intercepts system calls, and manipulates processes to avoid detection and modify app behavior. Google Play Protect offers automatic protection, but the malware’s techniques could pose a threat to Android … Read more
June 26, 2024 at 09:06AM “Snowblind,” a new malware targeting Southeast Asian banking apps, exploits the Linux security feature “seccomp” to isolate applications from detecting tampering, thwarting existing anti-tampering measures. This forces developers and security experts to adapt and find new strategies to counter such attacks, as traditional defense mechanisms become less effective against this … Read more
June 26, 2024 at 04:39AM Researchers discovered an updated version of the Android banking trojan, Medusa, targeting users in multiple countries. The trojan features new capabilities and uses fake updates and dropper apps for distribution. Its reduced permissions and expanded geographic reach make it harder to detect. Similar campaigns distributing another Android malware, SpyMax, have … Read more
June 25, 2024 at 08:00AM Rare VR headset attacks were demonstrated by researcher Harish Santhanalakshmi Ganesan, who managed to install ransomware on Meta’s Quest 3 using a method relying on limited Android-based system knowledge and social engineering. Despite no specific malware vulnerability found, the process exposes the potential for similar attacks and serves as a … Read more
June 12, 2024 at 03:13PM Google has released patches for 50 security vulnerabilities affecting its Pixel devices. One flaw, CVE-2024-32896, has been targeted in zero-day attacks and is considered a high-severity issue. The company advises all supported Google devices to accept the 2024-06-05 patch update. Pixel users must go to Settings > Security & privacy … Read more
June 10, 2024 at 06:56PM Arm has issued a security bulletin regarding a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers, known as CVE-2024-4610, impacting versions r34p0 through r40p0. This use-after-free vulnerability (UAF) poses a risk of information disclosure and arbitrary code execution. The issue has been fixed in version r41p0, with users urged … Read more