Mobile

Pierluigi Paganini December 08, 2022
Android app with over 5m downloads leaked user browsing history

The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research […]

Pierluigi Paganini December 07, 2022
Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during […]

Pierluigi Paganini December 05, 2022
Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-based cybersecurity company protecting major Fortune 500 companies, has identified a new underground marketplace in […]

Pierluigi Paganini December 02, 2022
Android Keyboard Apps with 2 Million downloads can remotely hack your device

Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws (CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483) that can be […]

Pierluigi Paganini November 23, 2022
Experts claim that iPhone’s analytics data is not anonymous

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the […]

Pierluigi Paganini November 18, 2022
China-based Fangxiao group behind a long-running phishing campaign

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. The sophisticated phishing campaign exploits the reputation of international brands and targets businesses in multiple industries, including […]

Pierluigi Paganini November 16, 2022
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta

Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. The Privacy Sandbox aims at creating technologies to […]

Pierluigi Paganini November 12, 2022
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan

Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking malware. Xenomorph was first spotted by ThreatFabric researchers in February 2022, at the time the malware was employed in attacks […]

Pierluigi Paganini November 11, 2022
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […]

Pierluigi Paganini November 11, 2022
Researcher received a $70k award for a Google Pixel lock screen bypass

Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David SchĂŒtz that was […]