Security News

Exploit released for Android local elevation flaw impacting 7 OEMs
2024-01-31 19:15

A proof-of-concept exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers is now publicly available on GitHub. Tracked as CVE-2023-45779, the flaw was discovered by Meta's Red Team X in early September 2023 and was addressed in Android's December 2023 security update without disclosing details an attacker could use to discern and exploit it.

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
2024-01-22 16:35

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to...

Microsoft tests instant access to Android photos in Windows 11
2024-01-18 19:42

Microsoft plans to provide Windows 11 users with almost instant access to photos and screenshots they've taken on their Android smartphones. The new feature "Introduces the ability to effortlessly access and edit your most recent photos and screenshots from your Android mobile device in Snipping Tool on your PC," the Windows Insider team said.

Bigpanzi botnet infects 170,000 Android TV boxes with malware
2024-01-17 18:54

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Bigpanzi infects the devices via firmware updates or backdoored apps the users are tricked into installing themselves, as highlighted in a September 2023 report by Dr. Web.

5 Best VPNs for Android in 2024
2024-01-17 18:41

In this article, I'll be running down a quick list of the five best VPNs for Android in 2024. While all the VPNs on this list secure your internet connection on your Android device, not all of them share the same set of features and pricing.

GrapheneOS: Frequent Android auto-reboots block firmware exploits
2024-01-14 15:32

The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project revealed that it recently reported firmware vulnerabilities in the Android operating system that impact Google Pixel and Samsung Galaxy phones, which could be exploited to steal data and spy on users when the device is not at rest.

New year, new updates for security holes in Windows, Adobe, Android and more
2024-01-09 22:26

Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. "And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.

Google Search bug shows blank page in Firefox for Android
2024-01-09 14:48

Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. A report of the issue on GitHub confirms that the problem is reproducible on Firefox Mobile 121.0 for Android 13 and additional tests indicate the same behavior on Firfox Nightly 123 and all versions starting v65.

PIN-Stealing Android Malware
2024-01-09 12:03

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Android game dev’s Google Drive misconfig highlights cloud security risks
2023-12-31 15:09

Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. Setting Google Drive to "Anyone with the link can view" makes it viewable only to those with the exact URL, typically reserved for collaboration between people working with non-sensitive data.