Latest News

2020/06/03

Two Critical Android Bugs Open Door to RCE

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution (RCE) on Android mobile devices.

The critical bugs (CVE-2020-0117 and CVE-2020-8597) exist in the Android System area, and would allow a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process. They affect Android versions 8 to Android 10.

“Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process,” according to a related advisory from the Multi-State Information Sharing and Analysis Center (MS-ISAC), sent via email. “These vulnerabilities could be exploited through multiple methods such as email, web browsing and MMS when processing media files.”
2020/05/27

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data.
"ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with The Hacker News. "We identified at least three targets: two Ministries of Foreign Affairs in Eastern Europe and a national parliament in the Caucasus region."
2020/05/26

New jailbreak tool works on Apple’s just-released iOS 13.5

A new tool by hacking group Unc0ver can jailbreak iOS 13.5, the just-released version of Apple’s mobile operating system, Wired reported. The group says the jailbreak, which works on iOS 11 and higher, is built on a zero-day vulnerability, doesn’t drain a device’s battery life, and doesn’t affect the use of Apple services or undermine the iOS sandbox security, according to Wired.

Unc0ver’s lead developer told Wired the jailbreak adds exceptions to existing rules, and “enables reading new jailbreak files and parts of the filesystem that contain no user data.” The jailbreak tool is not open source, and the group didn’t say which vulnerability in iOS it exploited to build the tool.
2020/05/26

That used or refurbished Android phone might be unsafe: 6 things to know

With flagship phones like the Samsung Galaxy S20 Ultra and iPhone 11 Pro costing over $1,000, it's more tempting than ever to pick up a bargain, refurbished phone. But while you can pick up a used Samsung Galaxy, Sony or HTC phone that's of good quality for a very low price, is it actually safe to use these phones?

Phones released years ago run outdated versions of Android. That may well mean that they don't have critical security updates that can keep you -- and your data -- safe from prying eyes. If you're concerned about security and privacy on your previously owned phone, here are some things you should conside
Source: www.cnet.com
2020/05/26

Security News This Week: Look Out for This Covid-19 Excel Phishing Scam

THE COVID-19 PANDEMIC has provided boundless opportunities for scammers since January at least. But a group of fraudsters known as Scattered Canary has reached new depths, ripping off state unemployment systems for millions of dollars just as funds are running dangerously low.

It's not all bad news, though. For the past several months, the FBI has once again been pressuring Apple to undermine its encryption so that it could get into a mass shooter's iPhones. And just as it did in 2016, the agency ultimately relented after it was able to determine the passwords on its own. Go figure!