Mobile Archives - Page 13 of 90

Pierluigi Paganini April 19, 2023

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. In 2022, the Citizen Lab analyzed the NSO Group activity after finding […]

Pierluigi Paganini April 17, 2023

New QBot campaign delivered hijacking business correspondence

Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot, QuackBot, and Pinkslipbot). QBot has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials, and other […]

Pierluigi Paganini April 15, 2023

New Android malicious library Goldoson found in 60 apps +100M downloads

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The third-party library can perform ad fraud by clicking advertisements […]

Pierluigi Paganini April 15, 2023

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added Android and Novi Survey flaws to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: Google addressed the vulnerability CVE-2023-20963 with the release of “The Android Security Bulletin—March 2023” security updates. The […]

Pierluigi Paganini April 13, 2023

A flaw in the Kyocera Android printing app can be abused to drop malware

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware. Such kinds of flaws expose a resource to the wrong control sphere, providing unintended actors with inappropriate […]

Pierluigi Paganini April 12, 2023

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream. The victims include journalists, political opposition figures, and an NGO worker […]

Pierluigi Paganini April 11, 2023

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

Apple released updates to backport patches addressing two actively exploited zero-day vulnerabilities in older iPhones, iPads, and Macs. Apple has released emergency updates to backport security patches that address two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. On April 7, 2023, Apple has released emergency security updates to address two actively exploited zero-day […]

Pierluigi Paganini April 01, 2023

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Five of the issues added by CISA to its catalog are part of the exploits used by surveillance […]

Pierluigi Paganini March 23, 2023

Nexus, an emerging Android banking Trojan targets 450 financial apps

Experts warn of an emerging Android banking trojan dubbed Nexus that was employed in attacks against 450 financial applications. Cybersecurity firm experts from Cleafy warn of an emerging Android banking trojan, named Nexus, that was employed by multiple groups in attacks against 450 financial applications. The Nexus ransomware was first analyzed in early March by researchers from the […]

Pierluigi Paganini March 20, 2023

Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images

The Acropalypse flaw in the Markup tool of Google Pixel allowed the partial recovery of edited or redacted screenshots and images. Security researchers Simon Aarons and David Buchanan have discovered a vulnerability, named ‘Acropalypse,’ in the Markup tool of Google Pixel. The Markup tool is a built-in Markup utility, released with Android 9 Pie that […]

Mobile

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

New QBot campaign delivered hijacking business correspondence

New Android malicious library Goldoson found in 60 apps +100M downloads

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

A flaw in the Kyocera Android printing app can be abused to drop malware

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Nexus, an emerging Android banking Trojan targets 450 financial apps

Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Seychelles Commercial Bank Reported Cybersecurity Incident

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

Scattered Spider targets VMware ESXi in using social engineering

QUICK LINKS

Mobile

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!