What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-01 19:11:00 | Android Malware Wpeeper utilise des sites WordPress compromis pour masquer les serveurs C2 Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (lien direct) |
Les chercheurs en cybersécurité ont découvert un logiciel malveillant sans papiers auparavant ciblant les appareils Android qui utilise des sites WordPress compromis comme relais pour ses serveurs de commande et de contrôle (C2) pour l'évasion de détection.
Le logiciel malveillant, CodedaMed & nbsp; Wpeeper, est un binaire elfe qui exploite le protocole HTTPS pour sécuriser ses communications C2.
"Wpeeper est un cheval de cheval de porte dérobée typique pour Android
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android |
Malware Mobile | ★★★ | |
 |
2024-05-01 17:47:45 | Google tire le support RISC-V du noyau Android générique Google pulls RISC-V support from generic Android kernel (lien direct) |
Pas un excellent présage si vous espériez posséder un futur smartphone RV & # 8211;Le géant du Web dit qu'il n'a pas été totalement abandonné La prise en charge de RISC-V a été supprimée de l'image générique d'Android \\ (GKI) grâce à un correctif fusionné aujourd'hui.…
Not a great omen if you were hoping to own a future RV smartphone – tho web giant says it hasn\'t totally given up Support for RISC-V was dropped from Android\'s Generic Kernel Image (GKI) thanks to a patch successfully merged today.… |
Mobile | ★★ | |
 |
2024-05-01 16:48:29 | Rabbit R1 AI box revealed to just be an Android app (lien direct) | It sounds like the company is now blocking access from "bootleg" APKs.
It sounds like the company is now blocking access from "bootleg" APKs. |
Mobile | ★★ | |
 |
2024-05-01 15:06:19 | Google augmente les paiements de primes de bogue décuplé dans la poussée de sécurité des applications mobiles Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push (lien direct) |
> Les chercheurs peuvent gagner jusqu'à 450 000 $ pour un rapport de vulnérabilité unique car Google augmente son programme de récompenses de vulnérabilité mobile.
>Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program. |
Vulnerability Mobile | ★★ | |
 |
2024-05-01 12:03:00 | Australia\\'s Qantas apologises for mobile app data breach (lien direct) | > Les chercheurs peuvent gagner jusqu'à 450 000 $ pour un rapport de vulnérabilité unique car Google augmente son programme de récompenses de vulnérabilité mobile.
>Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program. |
Data Breach Mobile | ★★ | |
|
2024-05-01 11:57:52 | Wpeeper Android Trojan utilise des sites WordPress compromis pour protéger le serveur de commandement et de contrôle Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server (lien direct) |
Le nouveau Trojan Android Wpeeper a cessé les opérations après une semaine et n'a aucune détection dans Virustotal.
The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. |
Mobile | ★★ | |
 |
2024-05-01 08:45:00 | Le nouveau modèle de risque mobile de NCSC \\ visait les entreprises «à haute menace» NCSC\\'s New Mobile Risk Model Aimed at “High-Threat” Firms (lien direct) |
Le National Cyber Security Center du Royaume-Uni affirme que son modèle AMS protégera les entreprises contre les menaces mobiles soutenues par l'État
The UK\'s National Cyber Security Centre claims its AMS model will protect firms from state-backed mobile threats |
Mobile | ★★ | |
 |
2024-04-30 23:31:47 | Rabbit R1 – Le super gadget IA trop hype n\'est en fait qu\'une app Android (lien direct) | Le Rabbit R1, présenté comme un gadget IA révolutionnaire, s'avère n'être qu'une application Android préinstallée. Malgré les promesses, les fonctionnalités restent limitées par rapport à un smartphone. Un constat décevant pour ce produit vendu plusieurs centaines de dollars. | Mobile | ★★ | |
 |
2024-04-30 15:30:00 | 7 meilleures tablettes de dessin (2024): Wacom, iPad, sans écran, Android et Windows 7 Best Drawing Tablets (2024): Wacom, iPad, Screenless, Android, and Windows (lien direct) |
Que vous soyez photo-édition ou illustrant, la bonne tablette de dessin peut transformer votre workflow.Ces ardoises d'art numériques sont testées et approuvées.
Whether you\'re photo-editing or illustrating, the right drawing tablet can transform your workflow. These digital art slates are WIRED-tested and approved. |
Mobile | ★★★ | |
 |
2024-04-30 14:33:51 | Google paie maintenant jusqu'à 450 000 $ pour les bogues RCE dans certaines applications Android Google now pays up to $450,000 for RCE bugs in some Android apps (lien direct) |
Google a augmenté les récompenses pour la déclaration des vulnérabilités d'exécution de code distantes dans certaines applications Android de dix fois, de 30 000 $ à 300 000 $, la récompense maximale atteignant 450 000 $ pour des rapports de qualité exceptionnels.[...]
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [...] |
Vulnerability Mobile | ★★★ | |
|
2024-04-30 12:41:57 | Nouveau Wpeeper Android Malware se cache derrière des sites WordPress piratés New Wpeeper Android malware hides behind hacked WordPress sites (lien direct) |
Un nouveau logiciel malveillant Android nommé \\ 'Wpeeper \' a été repéré dans au moins deux magasins d'applications non officiels imitant l'App Store Uptodown, une boutique d'applications tierces populaire pour les appareils Android avec plus de 220 millions de téléchargements.[...]
A new Android backdoor malware named \'Wpeeper\' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [...] |
Malware Mobile | ★★ | |
|
2024-04-29 22:37:00 | Google a empêché 2,28 millions d'applications malveillantes d'atteindre Play Store en 2023 Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (lien direct) |
Google lundi a révélé que près de 200 000 soumissions d'applications à son Play Store pour Android ont été rejetées ou corrigées pour résoudre les problèmes d'accès à des données sensibles telles que les messages de localisation ou SMS au cours de la dernière année.
Le géant de la technologie a également déclaré qu'il avait bloqué 333 000 mauvais comptes de l'App Storefront en 2023 pour avoir tenté de distribuer des logiciels malveillants ou pour des violations répétées des politiques.
"En 2023,
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023, |
Malware Mobile | ★★ | |
|
2024-04-29 22:20:16 | Google a bloqué les applications de 2,3 m de Play Store l'année dernière pour avoir enfreint la loi G Google blocked 2.3M apps from Play Store last year for breaking the G law (lien direct) |
Le tiers d'un million de comptes de développeurs kiboshed aussi Google dit qu'il a empêché 2,28 millions d'applications Android de publier dans son Play Store officiel l'année dernière parce qu'ils ont violé les règles de sécurité.…
Third of a million developer accounts kiboshed, too Google says it stopped 2.28 million Android apps from being published in its official Play Store last year because they violated security rules.… |
Mobile | ★★★ | |
 |
2024-04-29 22:01:20 | Android malware hacks bancs comptes bancs avec de fausses invites à la mise à jour chromée Android Malware Hacks Bank Accounts With Fake Chrome Update Prompts (lien direct) |
Security researchers have discovered a new Android banking trojan that can steal users’ sensitive information and allow attackers to remotely control infected devices. “Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published on Thursday. According to ThreatFabric, Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The malware was discovered by the researchers while investigating a fake Google Chrome web browser “update” page, commonly used by cybercriminals to lure victims into downloading and installing malware. Looking at prior campaigns, the researchers found that Brokewell was used to target a popular “buy now, pay later” financial service and an Austrian digital authentication application. The malware is said to be in active development, with new commands added almost daily to capture every event on the device, from keystrokes and information displayed on screen to text entries and apps launched by the victim. Once downloaded, Brokewell creates an overlay screen on a targeted application to capture user credentials. It can also steal browser cookies by launching its own WebView, overriding the onPageFinished method, and dumping the session cookies after the user completes the login process. “Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device,” the ThreatFabric researchers point out. “It\'s important to highlight that, in this case, any application is at risk of data compromise: Brokewell logs every event, posing a threat to all applications installed on the device. This piece of malware also supports a variety of “spyware” functionalities: it can collect information about the device, call history, geolocation, and record audio.” After stealing the credentials, the attackers can initiate a Device Takeover attack using remote control capabilities to perform screen streaming. It also provides the threat actor with a range of various commands that can be executed on the controlled device, such as touches, swipes, and clicks on specified elements. ThreatFabric discovered that one of the servers used as a command and control (C2) point for Brokewell was also used to host a repository called “Brokewell Cyber Labs,” created by a threat actor called “Baron Samedit.” This repository comprised the source code for the “Brokewell Android Loader,” another tool from the same developer designed to bypass restrictions Google introduced in Android 13 and later to prevent exploitation of Accessibility Service for side-loaded apps (APKs). According to ThreatFabric, Baron Samedit has been active for at least two years, providing tools to other cybercriminals to check stolen accounts from multiple services, which could still be improved to support a malware-as-a-service operation. “We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware. Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions,” the researchers conclude. Hence, the only way to effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell is to use a comprehensive | Malware Tool Threat Mobile | ★★ | |
 |
2024-04-29 19:46:08 | 13.4m Kaiser Insurance Membres touchés par la fuite de données aux annonceurs en ligne 13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers (lien direct) |
Le code de suivi utilisé pour garder des onglets sur la façon dont les membres ont navigué dans les sites en ligne et mobiles du géant des soins de santé \\ sondait une quantité d'informations concernant.
Tracking code used for keeping tabs on how members navigated through the healthcare giant\'s online and mobile sites was oversharing a concerning amount of information. |
Mobile Medical | ★★ | |
 |
2024-04-29 16:05:58 | Faits saillants hebdomadaires, 29 avril 2024 Weekly OSINT Highlights, 29 April 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a diverse range of cyber threats targeting organizations globally. The articles highlight various attack vectors, including phishing emails with malware payloads (SSLoad, [Cobalt Strike](https://security.microsoft.com/intel-profiles/fd8511c1d61e93d39411acf36a31130a6795efe186497098fe0c6f2ccfb920fc)), ransomware variants (KageNoHitobito, DoNex), and mobile banking malware (Brokewell) distributed through fake domain schemes and overlay attacks. Threat actors behind these campaigns range from financially motivated ransomware groups to sophisticated state-sponsored actors like Sandworm ([Seashell Blizzard](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb)) and UAT4356 ([Storm-1849](https://sip.security.microsoft.com/intel-profiles/f3676211c9f06910f7f1f233d81347c1b837bddd93292c2e8f2eb860a27ad8d5)). Targetted organizations span Europe, Asia, and the Americas and targetted industries include critical infrastructure and IT. ## Description 1. **[Ongoing FROZEN#SHADOW Phishing Campaign](https://security.microsoft.com/intel-explorer/articles/e39d9bb3)**: The FROZEN#SHADOW campaign utilizes phishing emails to distribute SSLoad malware, alongside [Cobalt Strike](https://security.microsoft.com/intel-profiles/fd8511c1d61e93d39411acf36a31130a6795efe186497098fe0c6f2ccfb920fc) and ConnectWise ScreenConnect for extensive persistence and remote access. The victim organizations, predominantly in Europe, Asia, and the Americas, are targeted via JavaScript file downloads and MSI installers connecting to attacker-controlled domains. 2. **[Insights on KageNoHitobito and DoNex Ransomware](https://security.microsoft.com/intel-explorer/articles/ff848e92)**: KageNoHitobito and DoNex are ransomware variants with distinct encryption methods and ransom note presentations. While KageNoHitobito prompts victims to negotiate through a TOR site, DoNex terminates specific services and processes, deletes shadow copies, and may be linked to DarkRace ransomware. 3. **[Brokewell Mobile Banking Malware](https://security.microsoft.com/intel-explorer/articles/99a5deee)**: Brokewell poses a significant threat to the banking industry, utilizing overlay attacks, spyware functionalities, and remote control capabilities to steal credentials and device information. The malware\'s active development and promotion on underground channels indicate a growing interest among cybercriminals targeting different regions. 4. **[Malvertising Campaign Targeting IT Teams with MadMxShell](https://security.microsoft.com/intel-explorer/articles/ffa6ca10)**: A sophisticated threat actor distributes the MadMxShell backdoor through fake domains, using Google Ads to push them to the top of search results. MadMxShell employs complex evasion techniques, including multi-stage injection and DNS tunneling for C2 communication, indicating an interest in targeting IT professionals for unauthorized access. 5. **[ArcaneDoor Campaign by UAT4356 (Storm-1849)](https://security.microsoft.com/intel-explorer/articles/a0cf0328)**: UAT4356 (tracked by Microsoft as [Storm-1949](https://sip.security.microsoft.com/intel-profiles/f3676211c9f06910f7f1f233d81347c1b837bddd93292c2e8f2eb860a27ad8d5)) targets perimeter network devices like Cisco Adaptive Security Appliances (ASA) with backdoors "Line Runner" and "Line Dancer" for reconnaissance and malicious actions. The campaign showcases a state-sponsored actor\'s advanced tradecraft, with deliberate efforts to evade forensics and exploit 0-day vulnerabilities. The initial access vector used in this campaign remains unidentified, but two vulnerabilities ([CVE-2024-20353](https://security.microsoft.com/intel-explorer/cves/CVE-2024-20353/description) and[CVE-2024-20359](https://security.microsoft.com/intel-explorer/cves/CVE-2024-20359/description)) were exploited. 6. **[Kapeka Backdoor Linked to Sandworm (Seashell Blizzard)](https://security.microsoft.com/intel-explorer/articles/364efa92)**: Kapeka (tracked by Microsoft as K | Ransomware Malware Tool Vulnerability Threat Mobile Industrial | ★★★ | |
 |
2024-04-29 15:00:00 | Les nouvelles capacités FortixDR offrent une couverture élargie New FortiXDR Capabilities Offer Expanded Coverage (lien direct) |
Nous sommes ravis d'annoncer plusieurs améliorations à FortixDR, y compris le support pour les appareils mobiles iOS et Android et la chasse aux récipients.En savoir plus.
We\'re pleased to announce several enhancements to FortiXDR, including support for iOS and Android mobile devices and threat hunting for containers. Read more. |
Threat Mobile | ★★ | |
 |
2024-04-29 13:00:00 | Allumez les lumières: pourquoi la protection contre l'exécution est importante pour les applications mobiles Turn On The Lights: Why Runtime Protection Matters for Mobile Apps (lien direct) |
> Il est essentiel de reconnaître que la sécurité n'est pas synonyme de connaître vos menaces.Les logiciels de grande valeur ne peuvent pas être correctement protégés en adoptant arbitrairement l'obscurcissement du code et la protection de l'exécution seule.Pour obtenir une sécurité appropriée des applications, vous devez vous assurer que vos protections agissent contre les menaces actives et pertinentes.Traditionnellement, les entreprises ont protégé des logiciels critiques de [& # 8230;]
>It\'s essential to recognize that security is not synonymous with knowing your threats. High-value software cannot be adequately protected by arbitrarily embracing code obfuscation and runtime protection alone. To achieve proper application security, you must ensure your protections act against active and relevant threats. Traditionally, businesses have safeguarded critical software from […] |
Mobile | ★★ | |
|
2024-04-29 12:00:00 | Google a rejeté 2,28 millions d'applications Android risquées de Play Store en 2023 Google rejected 2.28 million risky Android apps from Play store in 2023 (lien direct) |
Google a empêché 2,28 millions d'applications Android de publier sur Google Play après avoir trouvé diverses violations des politiques qui pourraient menacer la sécurité de l'utilisateur.[...]
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user\'s security. [...] |
Mobile | ★★★ | |
|
2024-04-29 12:00:00 | Google a rejeté 2,28 millions d'applications risquées de Play Store en 2023 Google rejected 2.28 million risky apps from Play Store in 2023 (lien direct) |
Google a empêché 2,28 millions d'applications Android de publier sur Google Play après avoir trouvé diverses violations des politiques qui pourraient menacer la sécurité de l'utilisateur.[...]
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user\'s security. [...] |
Mobile | ★ | |
 |
2024-04-29 11:59:47 | Comment nous avons combattu de mauvaises applications et de mauvais acteurs en 2023 How we fought bad apps and bad actors in 2023 (lien direct) |
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here\'s what these principles mean in practice: (S)afeguard our Users. Help them discover quality apps that they can trust. (A)dvocate for Developer Protection. Build platform safeguards to enable developers to focus on growth. (F)oster Responsible Innovation. Thoughtfully unlock value for all without compromising on user safety. (E)volve Platform Defenses. Stay ahead of emerging threats by evolving our policies, tools and technology. With those principles in mind, we\'ve made recent improvements and introduced new measures to continue to keep Google Play\'s users safe, even as the threat landscape continues to evolve. In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play1 in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes. We have also strengthened our developer onboarding and review processes, requiring more identity information when developers first establish their Play accounts. Together with investments in our review tooling and processes, we identified bad actors and fraud rings more effectively and banned 333K bad accounts from Play for violations like confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were rejected or remediated to ensure proper use of sensitive permissions such as background location or SMS access. To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps. We also significantly expanded the Google Play SDK Index, which now covers the SDKs used in almost 6 million apps across the Android ecosystem. This valuable resource helps developers make better SDK choices, boosts app quality and minimizes integration risks. Protecting the Android Ecosystem Building on our success with the App Defense Alliance (ADA), we partnered with Microsoft and Meta as steering committee members in the newly restructured ADA under the Joint Development Foundation, part of the Linux Foundation family. The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks. Additionally, we announced new Play Store transparency labeling to highlight VPN apps that have completed an independent security review through App Defense Alliance\'s Mobile App Security Assessment (MASA). When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data safety section. This helps users see at-a-glance that a developer has prioritized security and privacy best practices and is committed to user safety. | Malware Tool Threat Mobile | ★★★ | |
 |
2024-04-29 10:25:22 | Les fausses mises à jour chromées masquer les logiciels malveillants Android Bkekewell ciblant votre banque Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank (lien direct) |
> Par deeba ahmed
Nouvelle alerte de logiciels malveillants Android!Brokewell vole les données, prend en charge les appareils & # 038;cible votre banque.Apprenez comment fonctionne ce malware sournois & # 038;Ce que vous pouvez faire pour vous protéger.Arrêtez Brokewell avant de vous arrêter!
Ceci est un article de HackRead.com Lire le post original: Les fausses mises à jour Chrome cachent des logiciels malveillants Android Brokewell ciblant votre banque
>By Deeba Ahmed New Android malware alert! Brokewell steals data, takes over devices & targets your bank. Learn how this sneaky malware works & what you can do to protect yourself. Stop Brokewell before it stops you! This is a post from HackRead.com Read the original post: Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank |
Malware Mobile | ★★ | |
 |
2024-04-26 19:35:47 | Android TV a accès à l'ensemble de votre compte mais Google change cela Android TV has access to your entire account-but Google is changing that (lien direct) |
Le téléchargement de touche devrait-il compromettre vraiment votre compte entier?
Should sideloading Chrome on an old smart TV really compromise your entire account? |
Mobile | ★★ | |
|
2024-04-26 16:12:00 | Nouveau \\ 'Brokewell \\' Android Malware Spread à travers de fausses mises à jour du navigateur New \\'Brokewell\\' Android Malware Spread Through Fake Browser Updates (lien direct) |
Les fausses mises à jour du navigateur sont & nbsp; être utilisées & nbsp; pour pousser un logiciel malveillant Android précédemment sans papiers appelé & nbsp; Brokewell.
"Brokewell est un logiciel malveillant bancaire moderne typique équipé à la fois de capacités de vol de données et de télécommande intégrées dans les logiciels malveillants", a publié jeudi la société de sécurité néerlandaise.
Le malware est & nbsp; dit être & nbsp; en développement actif,
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development, |
Malware Mobile | ★★ | |
|
2024-04-26 14:08:40 | Trojan Android \\ 'Brokewell \\' puissant permet aux attaquants de prendre des appareils Powerful \\'Brokewell\\' Android Trojan Allows Attackers to Takeover Devices (lien direct) |
Un nouveau cheval de Troie Android nommé Brokewell peut voler les informations sensibles de l'utilisateur et permet aux attaquants de prendre les appareils.
A new Android trojan named Brokewell can steal user\'s sensitive information and allows attackers to take over devices. |
Mobile | ★★★ | |
|
2024-04-25 21:59:15 | Les applications de clavier chinois ouvrent les personnes 1B à l'écoute Chinese Keyboard Apps Open 1B People to Eavesdropping (lien direct) |
Huit applications sur neuf que les gens utilisent pour saisir les caractères chinois dans les appareils mobiles ont une faiblesse qui permettent à une écoute passive de collecter des données de frappe.
Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data. |
Mobile | ★★ | |
|
2024-04-25 18:53:33 | Les nouveaux logiciels malveillants Brokewell prennent le contrôle des appareils Android New Brokewell Malware Takes Over Android Devices (lien direct) |
## Instantané
Les analystes de menace de menace ont découvert une nouvelle famille de logiciels malveillants mobiles appelée "Brokewell" qui représente une menace importante pour le secteur bancaire.Le malware est équipé à la fois de capacités de vol de données et de télécommande, permettant aux attaquants d'accéder à une distance à distance à tous les actifs disponibles via les services bancaires mobiles.
## Description
Brokewell utilise des attaques de superposition pour capturer les informations d'identification des utilisateurs et peut voler des cookies en lançant sa propre vue Web.Le malware prend également en charge une variété de fonctionnalités "spyware", notamment la collecte d'informations sur l'appareil, l'historique des appels, la géolocalisation et l'enregistrement de l'audio.Après avoir volé les informations d'identification, les acteurs peuvent lancer une attaque de prise de contrôle de l'appareil à l'aide de capacités de télécommande, ce qui leur donne un contrôle total sur l'appareil infecté.Le malware est en développement actif, avec de nouvelles commandes ajoutées presque quotidiennement.
Les analystes ThreatFabric ont découvert une fausse page de mise à jour du navigateur conçu pour installer une application Android utilisée pour distribuer le malware.Le malware serait promu sur les canaux souterrains en tant que service de location, attirant l'intérêt d'autres cybercriminels et déclenchant de nouvelles campagnes ciblant différentes régions.
## Les références
[https://www.thereatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malwarego-farke-by-new-banking-malware)
[https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-teals-data/-Brokewell-malware-takes-over android-disvices vole-data /)
## Snapshot ThreatFabric analysts have discovered a new mobile malware family called "Brokewell" that poses a significant threat to the banking industry. The malware is equipped with both data-stealing and remote-control capabilities, allowing attackers to gain remote access to all assets available through mobile banking. ## Description Brokewell uses overlay attacks to capture user credentials and can steal cookies by launching its own WebView. The malware also supports a variety of "spyware" functionalities, including collecting information about the device, call history, geolocation, and recording audio. After stealing the credentials, the actors can initiate a Device Takeover attack using remote control capabilities, giving them full control over the infected device. The malware is in active development, with new commands added almost daily. ThreatFabric analysts discovered a fake browser update page designed to install an Android application that was used to distribute the malware. The malware is believed to be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions. ## References [https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware](https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware) [https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/](https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/) |
Malware Threat Mobile | ★★ | |
|
2024-04-25 18:01:42 | Bodfather Banking Trojan engendre des échantillons de 1,2k dans 57 pays Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (lien direct) |
Les opérateurs de logiciels malveillants mobiles en tant que service augmentent leur jeu en produit automatiquement des centaines d'échantillons uniques sur un coup de tête.
Mobile malware-as-a-service operators are upping their game by automatically churning out hundreds of unique samples on a whim. |
Mobile | ★★ | |
|
2024-04-25 08:19:38 | OpenELM – Apple sort ses modèles IA légers et open-source (lien direct) | Apple a dévoilé OpenELM, une famille de modèles IA légers, open-source et conçus pour tourner directement sur vos appareils. Zoom sur cette avancée qui préfigure l'intégration future de l'IA sur iPhone, iPad et Mac. | Mobile | ★★ | |
|
2024-04-25 06:00:00 | Les nouveaux logiciels malveillants Brokewell prennent le contrôle des appareils Android, vole des données New Brokewell malware takes over Android devices, steals data (lien direct) |
Les chercheurs en sécurité ont découvert un nouveau cheval de Troie bancaire Android qu'ils ont nommé Brokewell qui peut capturer chaque événement sur l'appareil, des touches et des informations affichées à la saisie de texte et aux applications que l'utilisateur lance.[...]
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...] |
Malware Mobile | ★★ | |
 |
2024-04-24 13:29:58 | ADM21 et Vecow lancent ECS-4700, Box PC compact robuste de qualité marine (lien direct) | Vecow a annoncé le lancement du ECS-4700, système compact innovant et robuste, conçu pour des applications d'IA dans des environnements difficiles. Conçu sur la base de processeurs I5/I7 de 13ème génération, ce modèle certifié EN60945 offre des performances exceptionnelles, prévues pour des environnements difficiles et réduits comme la Marine, la vision industrielle, le NVR mobile et autres applications Edge AI. L'ECS-4700 étend la gamme de BOX PC embarqués, ultra-compacts de Vecow avec des E/S (...) - Produits | Mobile Industrial | ★★ | |
 |
2024-04-24 11:06:01 | Apple : l\'UE serait prête à approuver son plan pour ouvrir l\'accès NFC (lien direct) | La Commission européenne serait sur le point d'approuver la proposition d'Apple visant à fournir à ses concurrents un accès à la technologie sans contact pour iPhone et iPad. | Mobile | ★★★ | |
|
2024-04-24 11:03:04 | Applications de clavier populaires divulguent les données des utilisateurs: milliards potentiellement exposés Popular Keyboard Apps Leak User Data: Billion Potentially Exposed (lien direct) |
> Par waqas
Les applications de clavier populaires divulguent les données utilisateur!Citizen Lab rapporte que 8 Android Imes sur 9 exposent des touches.Changez le vôtre & # 038;protéger les mots de passe!
Ceci est un article de HackRead.com Lire le post original: Les applications de clavier populaires divulguent les données des utilisateurs: milliards potentiellement exposés
>By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed |
Mobile | ★★ | |
|
2024-04-23 13:15:47 | Découvrir des menaces potentielles à votre application Web en tirant parti des rapports de sécurité Uncovering potential threats to your web application by leveraging security reports (lien direct) |
Posted by Yoshi Yamaguchi, Santiago Díaz, Maud Nalpas, Eiji Kitamura, DevRel team
The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues such as security violations or soon-to-be-deprecated APIs, from users\' browsers from all over the world.
Collecting reports is often as simple as specifying an endpoint URL in the HTTP header; the browser will automatically start forwarding reports covering the issues you are interested in to those endpoints. However, processing and analyzing these reports is not that simple. For example, you may receive a massive number of reports on your endpoint, and it is possible that not all of them will be helpful in identifying the underlying problem. In such circumstances, distilling and fixing issues can be quite a challenge.
In this blog post, we\'ll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them. We\'ll also introduce an open source solution, so you can easily replicate Google\'s approach to processing reports and acting on them.
How does the Reporting API work?
Some errors only occur in production, on users\' browsers to which you have no access. You won\'t see these errors locally or during development because there could be unexpected conditions real users, real networks, and real devices are in. With the Reporting API, you directly leverage the browser to monitor these errors: the browser catches these errors for you, generates an error report, and sends this report to an endpoint you\'ve specified.
How reports are generated and sent.
Errors you can monitor with the Reporting API include:
Security violations: Content-Security-Policy (CSP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Embedder-Policy (COEP)
Deprecated and soon-to-be-deprecated API calls
Browser interventions
Permissions policy
And more
For a full list of error types you can monitor, see use cases and report types.
The Reporting API is activated and configured using HTTP response headers: you need to declare the endpoint(s) you want the browser to send reports to, and which error types you want to monitor. The browser then sends reports to your endpoint in POST requests whose payload is a list of reports.
Example setup:# |
Malware Tool Vulnerability Mobile Cloud | ★★★ | |
|
2024-04-22 21:19:56 | Meta fait ses débuts Horizon OS, avec Asus, Lenovo et Microsoft à bord Meta debuts Horizon OS, with Asus, Lenovo, and Microsoft on board (lien direct) |
La rivalité avec Apple reflète désormais plus que jamais la concurrence Android / iOS.
Rivalry with Apple now mirrors the Android/iOS competition more than ever. |
Mobile | ★★ | |
 |
2024-04-22 13:00:33 | Prendre des mesures vers la réalisation de Fedramp Taking Steps Toward Achieving FedRAMP (lien direct) |
> Les secteurs fédéral, étatique, gouvernemental local et éducation continuent d'être les plus ciblés par les cyberattaques aux États-Unis.Selon les organismes de recherche, d'éducation et de recherche sur les points de contrôle, connaissent 1 248 par semaine, en moyenne & # 8212;la plupart de toute industrie.Le gouvernement et les organisations militaires connaissent 1 034 par semaine, quatrième parmi toutes les industries.De plus, les organisations gouvernementales et militaires ont connu des attaques plus élevées que la moyenne de types de logiciels malveillants notables, notamment l'infostaler, le mobile, le ransomware et le botnet.Dans le secteur de l'éducation, les recherches sur les points de contrôle ont révélé des volumes d'attaque supérieurs à la moyenne d'infostaler, de ransomwares et de malwares de botnet.Pour aider à lutter contre ces menaces, vérifiez [& # 8230;]
>The federal, state, local government and education sectors continue to be the most targeted by cyberattacks in the United States. According to Check Point Research, education and research organizations experience 1,248 per week, on average — the most of any industry. The government and military organizations experience 1,034 per week, fourth among all industries. Further, government and military organizations have seen higher than average attacks of notable malware types, including Infostealer, mobile, ransomware and botnet. In the education sector, Check Point research found higher than average attack volumes of Infostealer, ransomware and botnet malwares. To help combat these threats, Check […] |
Ransomware Malware Mobile | ★★ | |
|
2024-04-18 20:12:55 | Google fusionne les divisions Android, Chrome et matériel Google merges the Android, Chrome, and hardware divisions (lien direct) |
Google dit que la nouvelle équipe «plate-forme et appareils» le laissera évoluer plus rapidement.
Google says the new “Platform and Devices” team will let it move faster. |
Mobile | ★★★ | |
|
2024-04-18 16:01:00 | Nouveau Android Trojan \\ 'Soumnibot \\' Évite la détection avec des astuces intelligentes New Android Trojan \\'SoumniBot\\' Evades Detection with Clever Tricks (lien direct) |
Un nouveau chevalier Android appelé & nbsp; soumnibot & nbsp; a été détecté dans les utilisateurs de ciblage sauvage en Corée du Sud en tirant parti des faiblesses dans la procédure d'extraction et d'analyse manifeste.
Le malware est "notable pour une approche non conventionnelle pour échapper à l'analyse et à la détection, à savoir l'obscurcissement du manifeste Android", le chercheur de Kaspersky Dmitry Kalinin & nbsp; dit & nbsp; dans une analyse technique.
A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis. |
Malware Mobile Technical | ★★ | |
|
2024-04-18 10:45:00 | Rien d'oreille et rien d'oreille (a) revue: troisième fois, toujours charmant Nothing Ear and Nothing Ear (a) Review: Third Time, Still Charming (lien direct) |
La troisième génération de clones AirPod claires en plastique est là, et ils sont certains des meilleurs écouteurs sans fil pour Android.
The third generation of Nothing\'s clear-plastic AirPod clones is here, and they\'re some of the best wireless earbuds for Android. |
Mobile | ★★★ | |
|
2024-04-17 17:38:28 | Soumnibot Malware exploite les bogues Android pour échapper à la détection SoumniBot malware exploits Android bugs to evade detection (lien direct) |
Un nouveau logiciel malveillant bancaire Android nommé \\ 'Soumnibot \' utilise une approche d'obscurcation moins courante en exploitant les faiblesses dans la procédure d'extraction et d'analyse manifeste Android.[...]
A new Android banking malware named \'SoumniBot\' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...] |
Malware Mobile | ★★ | |
|
2024-04-17 15:35:50 | Atlas – Le robot humanoïde de Boston Dynamics passe en version sans fil (lien direct) | Boston Dynamics dévoile une nouvelle version de son robot humanoïde Atlas, désormais alimenté par une batterie électrique. Cette avancée majeure le rend plus mobile et autonome pour de potentielles applications industrielles et de secours. | Mobile | ★★ | |
 |
2024-04-17 14:58:18 | Keeper Security propose un générateur de phrase de passe intégrée pour renforcer la sécurité Keeper Security Offers Built-In Passphrase Generator to Strengthen Security (lien direct) |
Aujourd'hui, Keeper Security a annoncé l'ajout d'un générateur de phrase de passe à Keeper Web Vault, avec le support sur mobile et pour l'extension du navigateur à venir bientôt.La version comprend également une mise à jour du générateur de mots de passe existant qui offre aux utilisateurs de nouvelles options pour répondre aux exigences de mot de passe spécifiques.En plus de pouvoir inclure [& # 8230;]
Le post Offre un générateur de phrase de passe intégrée pour renforcer la sécurité C'est apparu pour la première fois sur gourou de la sécurité informatique .
Today Keeper Security have announced the addition of a passphrase generator to Keeper Web Vault, with support on mobile and for the browser extension coming soon. The release also includes an update to the existing password generator which provides users with new options to meet specific password requirements. In addition to being able to include […] The post Keeper Security Offers Built-In Passphrase Generator to Strengthen Security first appeared on IT Security Guru. |
Mobile | ★★ | |
 |
2024-04-17 10:00:28 | Soumnibot: les techniques uniques du New Android Banker \\ SoumniBot: the new Android banker\\'s unique techniques (lien direct) |
Nous passons en revue le nouveau banquier de Troie mobile Soumnibot, qui exploite les bogues dans l'analyseur Android Manifest pour esquiver l'analyse et la détection.
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. |
Mobile | ★★ | |
 |
2024-04-17 10:00:00 | Unearthing APT44: Russia\'s Notorious Cyber Sabotage Unit Sandworm (lien direct) | Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom
With Russia\'s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group\'s operations in support of Moscow\'s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia\'s conventional forces than in any other previous phase of the conflict. To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia\'s military campaign. Yet the threat posed by Sandworm is far from limited to Ukraine. Mandiant continues to see operations from the group that are global in scope in key political, military, and economic hotspots for Russia. Additionally, with a record number of people participating in national elections in 2024, Sandworm\'s history of attempting to interfere in democratic processes further elevates the severity of the threat the group may pose in the near-term. Given the active and diffuse nature of the threat posed by Sandworm globally, Mandiant has decided to graduate the group into a named Advanced Persistent Threat: APT44. As part of this process, we are releasing a report, “APT44: Unearthing Sandworm”, that provides additional insights into the group\'s new operations, retrospective insights, and context on how the group is adjusting to support Moscow\'s war aims. Key Findings Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. While most state-backed threat groups tend to specialize in a specific mission such as collecting intelligence, sabotaging networks, or conducting information operations, APT44 stands apart in how it has honed each of these capabilities and sought to integrate them into a unified playbook over time. Each of these respective components, and APT44\'s efforts to blend them for combined effect, are foundational to Russia\'s guiding “information confrontation” concept for cyber warfare. 
Figure 1: APT44\'s spectrum of operations
APT44 has aggressively pursued a multi- |
Malware Tool Threat Mobile Cloud | NotPetya | ★★ |
|
2024-04-17 09:34:09 | ESET Research découvre de fausses applications de messagerie disponibles sur le Web et Google Play (lien direct) | ESET Research D & eacute; Couvre de Fausses Applications de Messagerie Disponibles sur le Web et Google Play
• Visite exotique est une campagne d\'espionnage qui cible l\'Asie du Sud.
• Sur Android, les logiciels malveillants imitent des applications de messagerie.
• Ces fausses applicles disonibles de SONT sur des sites Web et Google Play.
• Les applications LES CONTIENNent du code d\'Android XploitSPY RAT (open source).
• Les auteurs ont adapté leur code en y ajoutant de l\'obfuscation.
• ESET Research ne peut attribuer en l\'état cette campagne à un groupe spécifique.
-
Malwares
ESET Research découvre de fausses applications de messagerie disponibles sur le Web et Google Play • eXotic Visit est une campagne d\'espionnage qui cible l\'Asie du Sud. • Sur Android, les logiciels malveillants imitent des applications de messagerie. • Ces fausses applications sont disponibles sur des sites Web et Google Play. • Les applications contiennent du code d\'Android XploitSPY RAT (open source). • Les auteurs ont adapté leur code en y ajoutant de l\'obfuscation. • ESET Research ne peut attribuer en l\'état cette campagne à un groupe spécifique. - Malwares |
Mobile | ★★ | |
 |
2024-04-17 08:45:30 | Comment bloquer «pas d'identifiant de l'appelant» sur un iPhone How to block “No Caller ID” on an iPhone (lien direct) |
[…] | Mobile | ★★ | |
|
2024-04-16 15:52:14 | Ivanti met en garde contre les défauts critiques dans sa solution Avalanche MDM Ivanti warns of critical flaws in its Avalanche MDM solution (lien direct) |
Ivanti a publié des mises à jour de sécurité pour corriger 27 vulnérabilités dans sa solution Avalanche Mobile Device Management (MDM), dont deux critiques de tas critiques qui peuvent être exploitées pour l'exécution de la commande distante.[...]
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...] |
Vulnerability Mobile | ★★ | |
|
2024-04-16 15:42:43 | Sécuriser la mobilité: naviguer dans le cycle de vie de l'appareil mobile NIST Enterprise Mobile Device Securing Mobility: Navigating the NIST Enterprise Mobile Device Lifecycle (lien direct) |
> Les appareils mobiles sont la pierre angulaire des opérations d'entreprise, permettant la flexibilité, la productivité et la connectivité comme jamais auparavant.À une époque où l'agilité et l'accessibilité sont primordiales, les employés et les fonctionnaires comptent fortement sur leurs appareils mobiles pour accéder aux informations critiques, quel que soit le lieu.Cependant, assurer la sécurité de ces appareils est nécessaire [& # 8230;]
>Mobile devices are the cornerstone of enterprise operations, enabling flexibility, productivity, and connectivity like never before. In an era where agility and accessibility are paramount, employees and officials rely heavily on their mobile devices to access critical information, regardless of location. However, ensuring the security of these devices is necessary […] |
Mobile | ★★ | |
|
2024-04-16 07:54:36 | La sécurité en amont reçoit des investissements des investissements Cisco Upstream Security Receives Investment from Cisco Investments (lien direct) |
La sécurité en amont reçoit des investissements de Cisco Investments, car la demande de cybersécurité IoT monte à monnacer
Les véhicules connectés et les appareils IoT mobiles introduisent des couches supplémentaires de cyber-risques, constituant des menaces à la disponibilité opérationnelle et à la sécurité sensible des données
-
nouvelles commerciales
Upstream Security Receives Investment from Cisco Investments as the Demand for IoT Cybersecurity Soars Connected vehicles and mobile IoT devices introduce additional layers of cyber risks, posing threats to operational availability and sensitive data security - Business News |
Mobile | ★★ | |
|
2024-04-16 07:42:31 | HID, Smart Spaces et Cohesion annoncent une nouvelle fonctionnalité d\'identifiants mobiles dans Google Wallet (lien direct) | HID et ses principaux partenaires technologiques offrent des identifiants mobiles dans Google Wallet™ pour les employés, les locataires et les visiteurs HID et ses partenaires technologiques, annoncent une nouvelle offre d'accès mobile avec Google Wallet pour améliorer l'expérience utilisateur. Smart Spaces et Cohesion s'associent à HID pour offrir un accès pratique et sécurisé aux espaces et équipements de travail compatibles avec Android. - Produits | Mobile | ★★ |
To see everything:
