June 13, 2024 at 06:08AM A new report from Cisco Talos details a group called “Cosmic Leopard,” operating as “Operation Celestial Force,” which has been conducting cyber espionage against Indian government and defense entities for at least six years. The group’s tactics include using malware like GravityRAT and HeavyLift to target individuals and organizations. Preventative … Read more
June 13, 2024 at 04:00AM Google has warned of a zero-day security flaw, CVE-2024-32896, in Pixel Firmware, being exploited in targeted attacks. The June 2024 security update addresses a total of 50 vulnerabilities, including denial-of-service issues and information disclosure flaws in Qualcomm chipsets. Updates are available for supported Pixel devices. Previous security flaws have also … Read more
June 11, 2024 at 11:18AM UK authorities have arrested two suspects in Manchester and London for their involvement in a smishing campaign, using a homemade mobile antenna to send phishing SMS messages. The messages were designed to mimic those from official organizations and bypass network protections. The investigation involved collaboration with telecoms operators and authorities … Read more
June 11, 2024 at 03:21AM Arm has warned of a security vulnerability in Mali GPU Kernel Driver, CVE-2024-4610, actively exploited in the wild. The issue affects certain products, allowing improper GPU memory processing operations for unauthorized access. The vulnerability has been addressed in Bifrost and Valhall GPU Kernel Driver r41p0, with reports of exploitation in … Read more
May 28, 2024 at 05:51PM Summary: Over 90 malicious Android apps, including Anatsa banking trojan, were found on Google Play, amassing over 5.5 million installations. Anatsa targets financial institutions, using deceptive decoy apps and multi-stage payload loading to evade detection. Though only 3% of total malicious downloads, Anatsa and Coper pose high-risk on-device fraud. Review … Read more
May 28, 2024 at 11:02AM Over 90 malicious mobile apps, including the Anatsa banking Trojan, have been downloaded over 5.5M times from the Google Play store. These apps act as decoys and spread various malware. The Anatsa Trojan uses evasive tactics to steal sensitive banking credentials, primarily targeting Android users in Europe but expanding globally. … Read more
May 10, 2024 at 07:00AM Malicious Android apps posing as popular services like Google, Instagram, and WhatsApp are stealing user credentials. These apps gain control over devices, allowing for unauthorized actions like data theft and malware deployment. Social engineering campaigns and phishing URLs are also being used to propagate Android malware, leading to increased attacks … Read more
May 6, 2024 at 06:33AM Multiple security vulnerabilities have been reported in various applications and system components within Xiaomi devices running Android. The flaws include access to system privileges, theft of files, and disclosure of sensitive data. Notable issues impact apps like Gallery, Settings, and Mi Video. Xiaomi has been notified, and users are urged … Read more
May 1, 2024 at 11:21AM Google has raised the bug bounty rewards for its Mobile VRP, offering up to $450,000 for a single vulnerability report meeting certain criteria. Researchers can earn up to $150,000 for code execution flaws in Tier 2 apps and $45,000 for issues in Tier 3 apps. Reports without proposed patches may … Read more
April 29, 2024 at 01:53PM Google revealed that in 2023, almost 200,000 app submissions on the Play Store were rejected or fixed due to access to sensitive data issues. The company also blocked 333,000 bad accounts attempting to spread malware. Investments in security features, policy updates, and partnerships with SDK providers improved privacy for over … Read more