Security News
Let's Encrypt has warned users whose devices are running older versions of Android that they may start getting errors next year when visiting websites secured by its certificates. The organization estimates that roughly one-third of Android devices are still running these older versions, which means their users will start getting certificate errors once the cross-signed certificate expires.
Let's Encrypt, a Certificate Authority that puts the "S" in "HTTPS" for about 220m domains, has issued a warning to users of older Android devices that their web surfing may get choppy next year. Next year, on September 1, 2021, the DST Root X3 certificate that Let's Encrypt initially relied for cross-signing will expire and devices that haven't been updated in the past four years to trust the X1 root certificate may find they're unable to connect to websites securely, not without throwing up error messages, at least.
We advised everyone to look for a Chrome or Chromium version number ending in.111, given that the previous mainstream version turned out to include a buffer overflow bug that was already known to cybercriminals. The ultimate sort of crack - the gold-medal-with-a-laurel-wreath version - was one that came out with a zero-day delay, where the game and its revenue-busting crack appeared on the very same day.
Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities. The first part of the update, the 2020-11-01 security patch level addresses a total of 17 vulnerabilities in the Android runtime, Framework, Media Framework, and System components.
An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection. The malware, dubbed "Firestarter," is used by an APT threat group called "DoNot." DoNot uses Firebase Cloud Messaging, which is a cross-platform cloud solution for messages and notifications for Android, iOS and web applications.
Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps were downloaded nearly eight million times from Google's app marketplace.
Samsung phones will soon come with automatic spam call blocking. The feature, which is part of Samsung Smart Call, will debut on the Galaxy Note20 and will roll out to all new devices released after 2020.
Avatier announced the release of Avatier for iOS and Android, a new mobile app platform that creates a collaborative, self-service approach to enterprise access without compromising security. Avatier's new mobile experience is designed for the modern workforce, giving employees, customers, contractors and vendors a single mobile app that enables self-service business agility for time-sensitive security requests.
SlashNext announced the on-device AI mobile phishing defense for iOS and Android with natural language and link-based detection to protect users from the exponential increase in mobile-based SMS phishing attacks. Now SlashNext, customers and partners can benefit from the industry's fastest and most accurate, 2.0 mobile AI phishing defense, protecting users from all forms of phishing across all their communication channels - SMS, email, social networking, gaming, collaboration and search - without compromising user privacy or performance.
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware - dubbed "GravityRAT" - now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server.