mobile

Pierluigi Paganini February 06, 2024
Google fixed an Android critical remote code execution flaw

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031. The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, […]

Pierluigi Paganini January 05, 2024
MyEstatePoint Property Search Android app leaks user passwords

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, […]

Pierluigi Paganini December 09, 2023
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. A team of researchers from the Singapore University of Technology and Design discovered a set of security vulnerabilities in the firmware implementation of 5G mobile network modems from major chipset vendors. The […]

Pierluigi Paganini December 08, 2023
Android barcode scanner app exposes user passwords

An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs. The Cybernews team discovered the Android app Barcode to Sheet leaking sensitive user information and enterprise data stored by app creators. Barcode to Sheet has over 100k […]

Pierluigi Paganini October 16, 2023
Signal denies claims of an alleged zero-day flaw in its platform

Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation. The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability. “PSA: […]

Pierluigi Paganini October 05, 2023
A WhatsApp zero-day exploit can cost several million dollars

TechCrunch reported that a working zero-day exploit for the popular WhatsApp can be paid millions of dollars. The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the developers of the mobile OSs and the app. TechCrunch reported that a zero-day exploits for […]

Pierluigi Paganini October 04, 2023
Apple fixed the 17th zero-day flaw exploited in attacks

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed […]

Pierluigi Paganini September 26, 2023
Xenomorph malware is back after months of hiatus and expands the list of targets

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play […]

Pierluigi Paganini July 11, 2023
Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution. These tools are used by criminals involved in online-banking theft to impersonate compromised account holders and […]

Pierluigi Paganini July 09, 2023
Two spyware sending data of more than 1.5M users to China were found in Google Play Store

Two apps on the Google Play Store with more than 1.5 million downloads have been discovered spying on users and sending data to China. Researchers from cybersecurity firm Pradeo discovered two malicious apps on Google Play hinding spyware and spying on up to 1.5 million users. Both applications are file management apps from the same […]