Electronic signature and cloud authentication cybersecurity company OneSpan Inc. today announced a strategic investment in and partnership with ThreatFabric B.V., a Dutch provider of proactive fraud detection, mobile threat intelligence and malware defense solutions. The partnership will allow OneSpan to expand its cyber fraud prevention capabilities for the financial services industry, which has experienced a significant surge […] The post OneSpan invests in ThreatFabric to strengthen mo...| SiliconANGLE
The market leading smartphone operating systems, Android and iOS, allow users to install apps through official pre-installed markets. Android also supports app installation from third-party sources, known as sideloading. Sideloading fosters competition and enables open source app markets. However, it also enables the proliferation of markets distributing pirated and modded apps: apps whose features and functionality have been altered by a third-party. Modded apps typically claim to offer user...| Light Blue Touchpaper
DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict.| blog.polyswarm.io
A set of four Bluetooth vulnerabilities dubbed “PerfektBlue”, discovered by researchers at PCA Cyber Security, expose a critical weakness in the BlueSDK Bluetooth stack developed by OpenSynergy. This stack isRead More → The post This Bluetooth Exploit Can Hack a Mercedes, Volkswagen — No Tools, Just a Pairing Request appeared first on Information Security Newspaper | Hacking News.| Information Security Newspaper | Hacking News
Smartphones have become essential gadgets in today's society. We rely on them to do our daily tasks ranging from asking directions to mobile banking. With| IPBurger.com
.png)
Data protection, digital sovereignty, GDPR compliance: trust a leading European cybersecurity provider.| blog.pradeo.com
Explore how education on phishing and browser extensions help secure Android devices and ensure safe online browsing.| Poly Plugins
Press release from Appdome Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat [...]| intellyx.com
Abstract This article analyzes the cause of CVE-2024-31317, an Android user-mode universal vulnerability, and shares our exploitation research and methods. Through this vulnerability, we can obtain…| Flanker Sky
摘要 本文分析了CVE-2024-31317这个Android用户态通杀漏洞的起因,并分享了笔者的利用研究和方法。通过这个漏洞,我们可以获取任意uid的权限,近似于突破Android沙箱获取任意app的权限。这个漏洞具有类似于笔者当年发现的魔形女漏洞(黑客奥斯卡Pwnie Award最佳提权漏洞)的效果,但又各有千秋。 漏洞缘起 数月之前,Meta X Red Team发表了两篇非常有意思的…| Flanker Sky
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.| threatpost.com
GearBrain provides helpful tips and valuable insights on building a smart home of any size.| Gearbrain
TL;DR: A rogue Android app could read any other App’s file metadata: filename, size, last modification date. If a filename contained sensitive predictable data, the rogue Android app could locally brute-force this, which was the case for Instagram on Android. Through the leakage of filesize and last modification date, a rogue Android app could monitor real-time usage of others apps. The file system permissions bug has been present in Android since the very beginning. Google rated this vulne...| Arne Swinnen
TL;DR: Instagram contained two distinct vulnerabilities that allowed an attacker to brute-force passwords of user accounts. Combined with user enumeration, a weak password policy, no 2FA nor other mitigating security controls, this could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones. Facebook fixed both issues and awarded a combined bounty of $5.000.| Arne Swinnen
在最近的一系列文章中,我会介绍这些年以来通过Pwn2Own和官方渠道所报告的在各种Android厂商设备中发现的各种CVE,包括通过fuzz和代码审计发现的各式各样的内存破坏漏洞和逻辑漏洞。第一篇文章将会介绍在2017年末我们用来远程攻破Galaxy S8并安装应用的利用链,一个V8漏洞来获取最开始的沙箱内代码执行,和五个逻辑漏洞来最终实现沙箱逃逸和提权来安装任意应用,demo视频...| Flanker Sky
Hello everyone, long time no see! Now begins a series of blog posts about bugs I found before and now on Android vendors, including memory corruption and logical bugs, reported and fixed via Pwn2Ow…| Flanker Sky