Security News
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. "We increased reward amounts by up to 10x in some categories," Google information security engineer Kristoffer Blasiak has pointed out.
Bitwarden has just launched a new multi-factor authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. In contrast, the Bitwarden Authenticator app is available for free to all users, even those without a Bitwarden account, and can be used as a standalone app.
Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent.
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary...
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2)...
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. The list of in-scope apps includes Google Play Services, the Android Google Search app, Google Cloud, and Gmail.
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. Wpeeper stands out for its novel use of compromised WordPress sites to act as relays for its actual command and control servers, acting as an evasion mechanism.
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. In addition to blocking nearly 2.3 million apps and suspending 333,000 offending publishers, Google has rejected or remediated 200,000 app submissions requesting access to risky permissions such as SMS content and background location data without a good reason.