DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict.| blog.polyswarm.io
A set of four Bluetooth vulnerabilities dubbed “PerfektBlue”, discovered by researchers at PCA Cyber Security, expose a critical weakness in the BlueSDK Bluetooth stack developed by OpenSynergy. This stack isRead More → The post This Bluetooth Exploit Can Hack a Mercedes, Volkswagen — No Tools, Just a Pairing Request appeared first on Information Security Newspaper | Hacking News.| Information Security Newspaper | Hacking News
Smartphones have become essential gadgets in today's society. We rely on them to do our daily tasks ranging from asking directions to mobile banking. With| IPBurger.com
Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features| CyberScoop
Data protection, digital sovereignty, GDPR compliance: trust a leading European cybersecurity provider.| blog.pradeo.com
Explore how education on phishing and browser extensions help secure Android devices and ensure safe online browsing.| Poly Plugins
Press release from Appdome Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat [...]| intellyx.com
Abstract This article analyzes the cause of CVE-2024-31317, an Android user-mode universal vulnerability, and shares our exploitation research and methods. Through this vulnerability, we can obtain…| Flanker Sky
摘要 本文分析了CVE-2024-31317这个Android用户态通杀漏洞的起因,并分享了笔者的利用研究和方法。通过这个漏洞,我们可以获取任意uid的权限,近似于突破Android沙箱获取任意app的权限。这个漏洞具有类似于笔者当年发现的魔形女漏洞(黑客奥斯卡Pwnie Award最佳提权漏洞)的效果,但又各有千秋。 漏洞缘起 数月之前,Meta X Red Team发表了两篇非常有意思的…| Flanker Sky
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.| threatpost.com
GearBrain provides helpful tips and valuable insights on building a smart home of any size.| Gearbrain
TL;DR: A rogue Android app could read any other App’s file metadata: filename, size, last modification date. If a filename contained sensitive predictable data, the rogue Android app could locally brute-force this, which was the case for Instagram on Android. Through the leakage of filesize and last modification date, a rogue Android app could monitor real-time usage of others apps. The file system permissions bug has been present in Android since the very beginning. Google rated this vulne...| Arne Swinnen
TL;DR: Instagram contained two distinct vulnerabilities that allowed an attacker to brute-force passwords of user accounts. Combined with user enumeration, a weak password policy, no 2FA nor other mitigating security controls, this could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones. Facebook fixed both issues and awarded a combined bounty of $5.000.| Arne Swinnen
在最近的一系列文章中,我会介绍这些年以来通过Pwn2Own和官方渠道所报告的在各种Android厂商设备中发现的各种CVE,包括通过fuzz和代码审计发现的各式各样的内存破坏漏洞和逻辑漏洞。第一篇文章将会介绍在2017年末我们用来远程攻破Galaxy S8并安装应用的利用链,一个V8漏洞来获取最开始的沙箱内代码执行,和五个逻辑漏洞来最终实现沙箱逃逸和提权来安装任意应用,demo视频...| Flanker Sky
Hello everyone, long time no see! Now begins a series of blog posts about bugs I found before and now on Android vendors, including memory corruption and logical bugs, reported and fixed via Pwn2Ow…| Flanker Sky