Security News > 2021

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component. Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.

"Your mobile phone still fully functions with no SIM in it." 2, The network sees the equivalent of your phones unique network identifier that is the equivalent of an Ethernet MAC address.

On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products. The competition's organizer, Trend Micro's Zero Day Initiative, said there were seven attempts on the first day and five of them were successful.

From the Facebook data samples seen by BleepingComputer, almost every user record had a mobile phone number, a Facebook ID, a name, and the member's gender associated with it. Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages. Researchers at Check Point Research discovered this new malware disguised as an app named FlixOnline and trying to lure potential victims with promises of free access to Netflix content.

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. "The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option."

The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has taken legal action it hopes will prove that members' personal data does not remain in the possession of the rival International Association of Atheists. The Alliance first came to The Register's attention in February 2021 when a member shared an AAI newsletter that claimed the Association - a body founded by former AAI staffers - had taken a member database and was using it to mail AAI members.

Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation's FactoryTalk AssetCentre, an ICS-specific backup solution. Rockwell Automation's FactoryTalk AssetCentre is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information across industrial facilities.

When selecting an attack detection solution, no single product will provide the adequate detection needed that is required to detect and defend against the current advanced threat landscape. The technology should be a platform of integrated technologies providing detection at each point of entry that a threat actor may use such as email, endpoint, network, and public cloud.

Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or compatible. What exactly are each of these security models, and how can companies determine which one will be more appropriate for their security teams as they seek to protect the broader business from cyber threats?