Security News

While enterprises stagger under sustained ransomware attacks, Android users are increasingly being targeted by banking malware, with Slovakian infosec firm ESET reckoning it had seen a 159 per cent increase in such malicious software over the last few months. Tongue in cheek, the firm added: "It is interesting to see a real-life example of what can cause Android users to suddenly become interested in cybersecurity protection!".

Researchers at cybersecurity firm Check Point discovered that many Android applications publicly expose sensitive user data through misconfigured third-party services. The exposed data, which pertains to more than 100 million Android users, includes chat messages, emails, passwords, location information, user identifiers, photos, and more.

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "In some cases, this type of misuse only affects the users the developers were also left vulnerable. The misconfigurations put users' personal data and developer's internal resources, such as access to update mechanisms, storage, and more at risk."

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. In the case of at least two of the apps, cloud keys were exposed with no safeguards, according to the researchers.

Google updated its May 3 Android security bulletin on Wednesday to say that there are "Indications" that four of the 50 vulnerabilities "May be under limited, targeted exploitation." That was mostly confirmed by Maddie Stone, a member of Google's Project Zero exploit research group, who clarified on Twitter that the "4 vulns were exploited in-the-wild" as zero-days. These four bugs make up a full two-thirds of the six total bugs to be exploited in the wild since 2014, according to Google's tracking spreadsheet.

Google has updated its May 2021 Android security bulletin to alert users that four vulnerabilities appear to have been exploited in attacks. Rolling out to users since early May, the latest Android security update patches over 40 flaws, including four with a severity rating of critical.

Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources.

Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days. CVE-2021-1906 - A flaw concerning inadequate handling of address deregistration that could lead to new GPU address allocation failure.

According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month's Android security updates were published.

Google is rolling out a new Chrome on Android feature to help users change passwords compromised in data breaches with a single tap. Chrome already helped you check if your credentials were compromised and, with the rollout of the new automated password change feature, it will also allow you to change them automatically.