Security News
Has your password been compromised? Are you certain? If you're a Google Chrome user, you know there's a feature that will inform you if your password has been stolen and should be changed. With this new Android Password Checkup feature, you can stay in the know about when it's time to change a password.
Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT," Check Point researchers Aviran Hazum, Bohdan Melnykov, and Israel Wernik said in a write-up published today.
This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. This comes after Android had published their March 2021 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.
Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how.
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches. The company initially released the Password Checkup Chrome extension in February 2019 to alert users when their saved logins are weak or affected by a breach.
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices.
Trend Micro has published a report claiming that data-sharing Android app SHAREit, which has over a billion downloads, contains multiple vulnerabilities after the app's maker ignored advice to fix the flaws. According to Duan and Chang, the SHAREit app implements a broadcast receiver component called "Com.lenovo.anyshare.app.DefaultReceiver" that can be invoked via Android's Intent inter-app communication mechanism from any other app.