Security News

At breakfast, she was convinced either Facebook or Google was listening to her the previous night. You see, Facebook knows my mother-in-law and I are friends on the platform.

The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert. At a session at Black Hat Europe 2021 this week, Timur Yunusov, a senior security expert at Positive Technologies, explained flaws in contactless payment apps that could lead to fraud using lost or stolen mobile phones.

Two Android apps available on the Google Play store have been found to contain malware this week. Smart TV remote app packs 'Joker' malware.

Google will end support for the Chrome sync feature for all users still running Google Chrome 48 and earlier after Chrome 96 reaches the stable channel. "Chrome sync no longer supports Chrome 48 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync," Google said at the time.

Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. Clicking on the malicious Google Ad takes the user to a malicious site doctored to look like the Phantom wallet site, Check Point noted.

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday.

Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency. These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange platforms, such as PancakeSwap and Uniswap.

Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. "By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware - steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances."

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.