September 4, 2024 at 10:12AM Google has released its monthly security updates for the Android operating system to address a high-severity vulnerability (CVE-2024-32896) related to privilege escalation in the Android Framework component. The vulnerability has been actively exploited and impacts the entire Android ecosystem. Users are advised to update their devices to protect against potential … Read more
September 3, 2024 at 06:48AM A new Android banking trojan named Rocinante targets mobile users in Brazil, capable of keylogging and stealing personal information from victims. The malware can masquerade as various banking apps and is linked to a threat actor known as DukeEugene. Symantec also highlighted a banking trojan campaign targeting Spanish and Portuguese-speaking … Read more
August 26, 2024 at 12:54AM Researchers have discovered new Android malware, NGate, aimed at stealing contactless payment data from physical credit and debit cards to conduct fraudulent operations. Targeting banks in Czechia, the attack involves social engineering and SMS phishing to trick users. NGate prompts victims to enter sensitive financial details and instigates an NFC … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 20, 2024 at 04:21PM A novel phishing campaign in the Czech Republic targets mobile users through Progressive Web Applications to steal banking account credentials from banks such as CSOB, OTP, and TBC. The phishing websites are distributed through voice calls, SMS, and social media. The attack is notable for deceiving users into installing PWAs … Read more
August 16, 2024 at 03:15AM Dormant software in certain Google Pixel devices presents a vulnerability, allowing potential nefarious attacks and malware delivery. The issue stems from a pre-installed Android app with extensive system privileges, leaving devices susceptible to remote code execution. Despite being non-malicious, the app’s potential exploitation prompted Google to remove it from supported … Read more
August 14, 2024 at 02:53PM Zimperium and Okta’s collaboration marks a milestone in mobile security, integrating Zimperium Mobile Threat Defense with Okta Identity Threat Protection. This partnership enables continuous risk monitoring and automated threat response, upholding a zero trust framework. The integration empowers organizations with real-time threat intelligence, comprehensive mobile threat protection, and stronger zero-trust … Read more
August 10, 2024 at 03:21PM Numerous security flaws in Google’s Quick Share for Android and Windows have been discovered, allowing for an RCE attack chain and posing serious risks such as unauthorized file writing and Wi-Fi connection manipulation. These vulnerabilities have been fixed in Quick Share version 1.0.1724.0, and Google is tracking them under two … Read more
August 8, 2024 at 05:46AM Verizon Business has released the 2024 Mobile Security Index (MSI) report, emphasizing the increasing threats to mobile and IoT device security. The report highlights the growing reliance on such devices and the associated security concerns, urging the adoption of robust frameworks and AI-driven cybersecurity solutions. The findings aim to inform … Read more
August 7, 2024 at 09:23PM Samsung has introduced a bug bounty program with rewards of up to $1 million for successfully compromising its Knox Vault system in its smartphones. Other targets include TEEGRIS and Rich Execution Environment, with rewards varying based on the level of compromise. In contrast, Microsoft has awarded researchers $16.6 million in … Read more