Security News

We'll refer to this one a Fourthytuesday instead, now that Firefox has reduced its update wavelength to four weeks to get important-but-not-zero-day-critical fixes out just that bit more frequently. If your automatic update hasn't happened yet, a manual check will let you "Jump the queue" and get the update a bit sooner.

Avast has released an Android version of Avast Secure Browser to extend its platform support beyond Windows and Mac on desktop to mobile. Avast Secure Browser for Android was developed following Avast's 2019 acquisition of Tenta, a private browser backed by Blockchain pioneers ConsenSys, and has been built from the ground up by privacy and cybersecurity engineers focused on total encryption.

An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of. Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices for the past year from unofficial app stores.

Rubean and CCV, in partnership with Intertrust and Riscure, announced the launch of a jointly developed contactless payment application that transforms Android handsets running 8.0 Oreo or later into contactless payment terminals, supporting PIN entry with no additional hardware. "Combining whiteCryption, our world-class application shielding for zero-trust environments, with Riscure's penetration testing and certification, has brought down barriers for Rubean and CCV to deliver streamlined payment capabilities to the market."

The "Undeletable" xHelper malware - which ultimately results in the installation of the Triada trojan - has become a virulent scourge for Android devices this year, according to researcher analysis - bringing with it a hallmark of being virtually indestructible for the common user. According to analysis by Kaspersky, the latest sample of xHelper uses a Russian nesting-doll type architecture to worm its way into the heart of Android devices.

Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component. "The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google notes in an advisory.

In March researchers reported that some apps pay a lot of attention to other apps installed on a device, which in theory could be used to gather data on a user's behaviour and inclinations. The study examined two issues - what proportion of apps exhibited secret behaviours and how these might be used or abused.

A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices-making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place.

Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. Set to discover such behaviors, researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security came up with a tool that can detect "The execution context of user input validation and also the content involved in the validation," thus finding any secrets of interest.

How to set up an Android phone as your security key for your Google account. Set up two-step verification for your Google account through your phone or a computer by signing into the webpage for your Google account.