What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-11-29 16:00:00 | How to Delete Spam SMS Messages and Add New Blocked Numbers on Android (lien direct) | If you\'re looking to clear out old spam and blocked SMS messages from Android, Jack Wallen is here to show you how.
If you\'re looking to clear out old spam and blocked SMS messages from Android, Jack Wallen is here to show you how. |
Spam Mobile | ★★ | |
 |
2024-11-29 14:30:00 | Android \\'Find My Device\\' Has Gotten a Major Upgrade. Here\\'s What\\'s New (lien direct) | Google\'s device location service is catching up to Apple\'s.
Google\'s device location service is catching up to Apple\'s. |
Mobile | ★★ | |
 |
2024-11-29 10:00:38 | IT threat evolution in Q3 2024. Mobile statistics (lien direct) | The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.
The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps. |
Malware Threat Mobile | ★★ | |
 |
2024-11-29 01:01:00 | One of the best budget Android tablets is not from Samsung and it\\'s on sale for Cyber Week (lien direct) | If you want a tablet for normal use and entertainment for under $200, the AGM Pad P2 is my recommendation. The rugged version is also on sale ahead of Black Friday.
If you want a tablet for normal use and entertainment for under $200, the AGM Pad P2 is my recommendation. The rugged version is also on sale ahead of Black Friday. |
Mobile | ★★ | |
 |
2024-11-28 16:02:54 | Hackers Exploit Popular Godot Game Engine To Spread Malware (lien direct) | Security researchers at Check Point Research have discovered a new malware loader “GodLoader” that exploits the game engine “Godot Engine.” For those unaware, Godot Engine is a popular open-source game engine known for its versatility in 2D and 3D game development. Its user-friendly interface and robust feature set allow developers to export games to various platforms, including Windows, macOS, Linux, Android, iOS, HTML5 (Web), and more. Its Python-inspired scripting language, GDScript, alongside support for VisualScript and C#, makes it a favorite among developers across skill levels. With an active and growing community of over 2,700 developers and around 80,000 social media followers, the platform’s popularity and dedicated support are undeniable. However, the platform’s popularity has also made it a target for cybercriminals, who have leveraged its open-source nature to deliver malicious commands and malware while remaining undetected by almost all antivirus engines in VirusTotal. In a report titled “Gaming Engines: An Undetected Playground for Malware Loaders,” the researchers say they believe that the threat actor behind the GodLoader malware has been using it since June 29, 2024, and has infected more than 17,000 devices so far. Notably, these payloads included cryptocurrency miners like XMRig, which was hosted on a private Pastebin file uploaded on May 10, 2024. The file contained the XMRigconfiguration related to the campaign, which was visited 206,913 times. The malware is distributed via the Stargazers Ghost Network, which operates as a Distribution-as-Service (DaaS) model, enabling malicious malware’s “legitimate” distribution through GitHub repositories. Approximately 200 repositories and more than 225 Stargazer Ghost accounts were used to distribute GodLoader throughout September and October. The attacks, targeting developers, gamers, and general users, were carried out in four waves via GitHub repositories on September 12, September 14, September 29, and October 3, 2024, tempting them to download infected tools and games. “Godot uses .pck (pack) files to bundle game assets and resources, such as scripts, scenes, textures, sounds, and other data. The game can load these files dynamically, allowing developers to distribute updates, downloadable content (DLC), or additional game assets without modifying the core game executable,” Check Point researchers said in the report. “These pack files might contain elements related to the games, images, audio files, and any other “static” files. In addition to these static files, .pck files can include scripts written in GDScript (.gd). These scripts can be executed when the .pck is loaded using the built-in callback function _ready(), allowing the game to add new functionality or modify existing behavior. “This feature gives attackers many possibilities, from downloading additional malware to executing remote payloads-all while remaining undetected. Since GDScript is a fully functional language, threat actors have many functions like anti-sandbox, anti-virtual machine measures, and remote payload execution, enabling the malware to remain undetected.” While the researchers only identified GodLoader samples specifically targeting Windows systems, they also developed a proof-of-concept exploit using GDScript, demonstrating how easily the malware could be adapted to target Linux and macOS systems. To reduce the risks posed by threats like GodLoader, it is crucial to keep operating systems and applications updated with timely patches and exercise caution with unexpe | Malware Tool Vulnerability Threat Mobile Technical | ★★ | |
 |
2024-11-28 09:00:00 | Un support iPhone inspiré du travail de Dieter Rams, à imprimer en 3D (lien direct) | Vous vous souvenez de l’époque où on calait notre iPhone contre une pile de livres pour regarder des vidéos ou s’en servir comme réveil ? Eh bien, aujourd’hui je vais vous parler d’une création qui fait entrer nos supports de smartphones AliExpress dans une nouvelle dimension esthétique. En effet, un maker de talent s’est inspiré du design légendaire de Dieter Rams pour créer un support d’iPhone absolument incroyable.
Pour ceux qui ne connaîtraient pas Dieter Rams, c’est le père spirituel du design minimaliste moderne. Ses créations pour Braun dans les années 60 ont tellement influencé Apple qu’on pourrait presque dire que Jony Ive avait une photo de lui sur sa table de nuit.
Vous vous souvenez de l’époque où on calait notre iPhone contre une pile de livres pour regarder des vidéos ou s’en servir comme réveil ? Eh bien, aujourd’hui je vais vous parler d’une création qui fait entrer nos supports de smartphones AliExpress dans une nouvelle dimension esthétique. En effet, un maker de talent s’est inspiré du design légendaire de Dieter Rams pour créer un support d’iPhone absolument incroyable. Pour ceux qui ne connaîtraient pas Dieter Rams, c’est le père spirituel du design minimaliste moderne. Ses créations pour Braun dans les années 60 ont tellement influencé Apple qu’on pourrait presque dire que Jony Ive avait une photo de lui sur sa table de nuit. |
Mobile | ★★ | |
|
2024-11-27 20:02:00 | I found the AirTags that Android users have been waiting for (and they\\'re on sale for Black Friday) (lien direct) | Chipolo\'s latest One and Card trackers are perfect for keys and wallets that can go missing. The four-pack bundle gets a price drop ahead of Black Friday and Cyber Week.
Chipolo\'s latest One and Card trackers are perfect for keys and wallets that can go missing. The four-pack bundle gets a price drop ahead of Black Friday and Cyber Week. |
Mobile | ★★★ | |
 |
2024-11-27 17:19:49 | Malicious Loan Apps Target Android Users in Africa, South America and Asia (lien direct) |
Researchers at McAfee warn of a surge in malicious loan apps targeting Android users across South America, Southern Asia, and Africa.
Researchers at McAfee warn of a surge in malicious loan apps targeting Android users across South America, Southern Asia, and Africa. |
Mobile | ★★ | |
 |
2024-11-27 13:00:55 | The Exploitation of Gaming Engines: A New Dimension in Cybercrime (lien direct) | >Executive Summary Check Point Research discovered a new technique using Godot Engine, a popular open-source game engine, to execute malicious code that executes nefarious commands and delivers malware and largely remains undetected. This innovative method enables cybercriminals to compromise devices across different platforms, including Windows, macOS, Linux, Android, and iOS. The Stargazers Ghost Network, a GitHub network that distributes malware as a service, distributes the malicious code and, in just three months, has infected over 17,000 machines. Potential attack scenarios can impact over 1.2 million users’ games developed with Godot by exploiting legitimate Godot executables to load harmful content through […]
>Executive Summary Check Point Research discovered a new technique using Godot Engine, a popular open-source game engine, to execute malicious code that executes nefarious commands and delivers malware and largely remains undetected. This innovative method enables cybercriminals to compromise devices across different platforms, including Windows, macOS, Linux, Android, and iOS. The Stargazers Ghost Network, a GitHub network that distributes malware as a service, distributes the malicious code and, in just three months, has infected over 17,000 machines. Potential attack scenarios can impact over 1.2 million users’ games developed with Godot by exploiting legitimate Godot executables to load harmful content through […] |
Malware Mobile | ★★ | |
 |
2024-11-27 12:05:16 | NSO Group Spies on People on Behalf of Governments (lien direct) | The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.
Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company\'s hacking software...
The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers. Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company\'s hacking software... |
Mobile | ★★★ | |
 |
2024-11-26 21:59:55 | Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) (lien direct) | ## Snapshot Researchers at Trustwave SpiderLabs have been tracking the growing use of the Rockstar 2FA phishing kit, which targets Microsoft accounts using Adversary-in-the-Middle (AiTM) techniques. ## Description This kit enables attackers to bypass multifactor authentication (MFA) by intercepting session cookies and credentials. Its campaigns feature spoofed Microsoft 365 login portals, aiming to trick victims into revealing sensitive information. According to TrustWave, the Rockstar 2FA kit is an evolution of the DadSec/Phoenix kit and marketed on platforms like Telegram, offering advanced features such as 2FA bypass, randomized code generation, and antibot measures. Subscription plans start as low as $200, making it accessible to cybercriminals. Threat actors use sophisticated social engineering techniques, including phishing emails themed around document sharing, payroll alerts, and voicemail notifications, delivered via trusted platforms to evade detection. A large Rockstar 2FA campaign also uses car-themed web pages and lures, TrustWave observed over 5,000 car-themed domains since May 2024. The phishing campaigns leverage Cloudflare Turnstile challenges to block automated analysis and employ obfuscated JavaScript to deliver either a phishing page or a decoy site based on user validation. Once victims enter their credentials, attackers gain access to both login details and session cookies, enabling account takeovers or subsequent attacks like business email compromise. Rockstar\'s campaigns, active since mid-2024, underscore the growing sophistication of Phishing-as-a-Service (PaaS) platforms. Their continued updates and integration of AiTM tactics highlight the importance of enhanced security measures to counteract these threats. ## Microsoft Analysis and Additional OSINT Context The actor group Microsoft tracks as [Storm-1575](https://security.microsoft.com/intel-profiles/a647864ed5679aef83782afd3e364c89d96df74b83512daf3ff8c2ba926ea632?tab=description&) is behind the development, support, and sale of a phishing-as-a-service (PhaaS) platform with [adversary-in-the-middle](https://security.microsoft.com/threatanalytics3/edd01a8c-283d-42f6-bdd4-0b7b4dbd369b/overview) (AiTM) capabilities. This platform, known as Dadsec, has been active since approximately May 5, 2023. The platform rapidly gained prominence among phishing actors. In July of 2023, Dadsec-related phishing constituted the largest volume of phishing attacks tracked by Microsoft. Dadsec has an open registration process, an increasingly common mode of operation among phishing services which lets large numbers of actors easily leverage their service. Dadsec also provides ready-built phishing pages and domains for the hosting of those pages, allowing phishing actors to launch phishing campaigns without developing the phishing websites themselves. These websites are designed to mimic legitimate web portals to harvest user credentials and authentication tokens. ## Recommendations - Invest in advanced anti-phishing solutions that monitor incoming emails and visited websites. [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-security-center-mdo) merges incident and alert management across email, devices, and identities, centralizing investigations for email-based threats. Organizations can also leverage web browsers that automatically [identify and block](https://learn.microsoft.com/deployedge/microsoft-edge-security-smartscreen) malicious websites, including those used in this phishing campaign. - [Require multifactor authentication (MFA).](https://learn.microsoft.com/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication)While AiTM phishing attempts to circumvent MFA, implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats. - Leverage more secure implementations such as FIDO Tokens, or [Microsoft Authenticator](https://www. | Spam Malware Tool Threat Mobile | ★★ | |
|
2024-11-26 20:22:49 | DPRK IT Workers | A Network of Active Front Companies and Their Links to China (lien direct) | ## Snapshot SentinelLabs has identified front companies in the DPRK\'s scheme of impersonating United States-based software and technology consulting businesses to achieve financial objectives. These threat actors have created front companies, copying the online brands of legitimate organizations, and have been linked to a larger set of organizations being established in China. ## Description North Korean IT workers, skilled in software development, mobile applications, blockchain, and cryptocurrency technologies, use fake identities and forged credentials to secure remote jobs and contracts worldwide, often routing payments through cryptocurrencies or shadow banking systems to support state programs. The report details four DPRK IT Worker front companies whose websites were seized by the United States Government: Independent Lab LLC, Shenyang Tonywang Technology Ltd, Tony WKJ LLC, and HopanaTech. These companies copied the website designs and content from real businesses like Kitrum, Urolime, ArohaTech IT Services, and ITechArt, modifying them to appear as United States-based entities. SentinelLabs\' research has further connected these activities to a broader network, including Shenyang Huguo Technology Ltd, and has identified links to identities such as Wang Kejia and Tong Yuze, who are associated with multiple companies in China, including technology and food service businesses. The findings show the DPRK exploiting global markets to fund state activities, including weapons development. ## Microsoft Analysis and Additional OSINT Context [Microsoft and other security researchers](https://security.microsoft.com/intel-explorer/articles/87adc2a0) have reported several North Korean activity clusters using highly skilled IT workers to fraudulently obtain remote employment with companies worldwide, allowing them to generate significant revenue for the regime by hiding their identities and funneling earnings back to the state. North Korean threat actors have specifically been detected targeting United States companies associated with technology, car manufacturing, aerospace, media, retail, and food delivery. They have used these infiltrations for data theft and to establish access for other North Korean cyber threat groups. Microsoft tracks North Korean IT remote worker activity as [Storm-0287](https://security.microsoft.com/intel-explorer/articles/29ec3550). ## Recommendations Microsoft has identified the following vetting approaches to identify a possible North Korean remote worker based on trends we have observed among these workers: - Check to make sure a potential employee\'s social media/professional accounts are not highly similar to the accounts of other individuals. In addition, check that a contact phone number listed on a potential employee\'s account is unique and not also used by other accounts, particularly if that number is Chinese. - Scrutinize resumes and background checks for consistency of names, addresses, and dates. Consider contacting references by phone or video-teleconference rather than email only. - Exercise greater scrutiny for employees of staffing companies, since this is the easiest avenue for North Korean workers to infiltrate target companies. - Search whether a potential employee is employed at multiple companies using the same persona. - Ensure the potential employee is seen on camera during multiple video telecommunication sessions. If the potential employee reports video and/or microphone issues that prohibit participation, this should be considered a red flag. - Confirm the potential employee has a digital footprint. This includes a real phone number (not VOIP), a residential address, and social media accounts. Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-m | Tool Threat Mobile | ★★ | |
 |
2024-11-26 14:37:00 | What Are Computer Worms? (lien direct) | In today\'s interconnected digital world, businesses are constantly under threat from cybercriminals seeking to exploit vulnerabilities in systems, networks, and devices. One of the most persistent and silent threats that organizations face is computer worms. These malicious programs can spread across networks, infecting systems autonomously and wreaking havoc before a user even realizes something is wrong. Computer worms are a type of malware designed to replicate themselves and spread autonomously across networks and computer systems. Unlike traditional viruses that require user action to propagate, computer worms can self-replicate without needing to attach to a host file or program. This unique capability makes them especially dangerous, as they can spread rapidly and infect numerous devices before users are even aware of their presence. The impact of computer worms can range from reduced system performance to the complete loss of critical data. High-profile attacks, such as those by the infamous Code Red and WannaCry worms, have highlighted how severe and disruptive these threats can be. Despite the growing awareness of cybersecurity threats like viruses, ransomware, and phishing attacks, computer worms remain one of the most harmful types of malware. They can silently infiltrate your network, consume bandwidth, corrupt or steal data, and even open the door to additional attacks. Understanding what computer worms are, how they work, and how to defend against them is crucial for any business, large or small. In this article, we will explore the nature of computer worms, their risks and potential damage, and how to protect your organization against them. Let’s dive in! Computer Worm Definition At its core, a computer worm is a type of self-replicating malware that spreads across networks or systems without anyone doing anything. Unlike traditional viruses that require users to open infected files or click on malicious links, worms can propagate autonomously once they find an entry point into a system. Their primary purpose is to replicate themselves, often at an alarming rate, and spread from one computer to another, often exploiting vulnerabilities in network protocols, software, or operating systems. A worm virus is often distinguished by its ability to move freely across networks, infecting computers and servers, consuming resources, and in many cases, causing significant damage in the process. The worst part? Worms often don’t need a host file or a user action to activate; they spread automatically, which makes them far more dangerous and difficult to contain than traditional malware. To better understand what makes worms unique, let\'s define them more clearly: A computer worm is a standalone malicious program that can replicate and propagate across computer systems and networks. Unlike traditional viruses, worms do not attach themselves to files or require users to run them. They spread through network connections, exploiting vulnerabilities in software and hardware. Worms often carry out harmful actions such as data theft, system corruption, or creating backdoors for other types of malware like ransomware or Trojan horses. The main difference between worms and other malware (like viruses or spyware) is that worms focus specifically on self-replication and spreading across networks, whereas viruses typically need to attach themselves to an existing file or program. While all worms share common traits, there are various types based on how they spread or the methods they use to exploit systems: Email Worms: These worms spread through email systems, often by sending malicious attachments or links to everyone in a user’s contact list. The ILOVEYOU worm, one of the most infamous examples, spread via email attachments and wreaked havoc on millions of systems. Network Worms: These worms target security vulnerabilities in network protocols, services, | Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching Mobile Industrial Medical Technical | Wannacry | ★★ |
|
2024-11-26 12:01:41 | What Graykey Can and Can\\'t Unlock (lien direct) | This is from 404 Media:
The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.
More ...
This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28. More ... |
Tool Legislation Mobile | ★★★ | |
 |
2024-11-25 19:52:00 | Google\\'s New Restore Credentials Tool Simplifies App Login After Android Migration (lien direct) | Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device.
Part of Android\'s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement.
"With Restore Credentials, apps can seamlessly onboard
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android\'s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard |
Tool Mobile | ★★ | |
 |
2024-11-25 13:00:06 | SpyLoan: A Global Threat Exploiting Social Engineering (lien direct) | >
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as...
>
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as...
|
Threat Mobile | ★★ | |
 |
2024-11-24 17:40:19 | AI, Data Security, and CISO Shifts: Top Cybersecurity Trends to Watch in 2025 (lien direct) | Looking ahead to 2025, the cybersecurity landscape continues to evolve at a breakneck pace as threat actors continue to perfect their craft. They are using artificial intelligence (AI) to create code and more convincing lures (especially in languages that have traditionally been a barrier for entry), automate attacks, and target people with greater precision. At the same time, they are increasingly turning their attention back to us, as individual consumers, using social media and messaging apps as a testing ground before moving to larger organizations. But it\'s not just the attack vectors that are evolving. Organizations are also faced with navigating the complexities of digital identity management, multicloud environments and new data strategies. As data becomes more decentralized, and with new regulations pushing for tighter control over digital identities and sensitive information, ensuring the right tools are in place to secure data across a sprawl of applications and environments is quickly becoming a priority for security teams. So, what might lie ahead in 2025? Our experts peer into their crystal balls to offer their top cybersecurity predictions for the year ahead, shedding light on the trends and technologies that will define the next wave of security challenges and solutions. Threat Actors Will Exploit AI by Manipulating Private Data We are witnessing a fascinating convergence in the AI realm, as models become increasingly capable and semi-autonomous AI agents integrate into automated workflows. This evolution opens intriguing possibilities for threat actors to serve their own interests, specifically in terms of how they might manipulate private data used by LLMs (Large Language Models). As AI agents depend increasingly on private data in emails, SaaS document repositories, and similar sources for context, securing these threat vectors will become even more critical. In 2025, we will start to see initial attempts by threat actors to manipulate private data sources. For example, we may see threat actors purposely trick AI by contaminating private data used by LLMs-such as deliberately manipulating emails or documents with false or misleading information-to confuse AI or make it do something harmful. This development will require heightened vigilance and advanced security measures to ensure that AI isn\'t fooled by bad information. Daniel Rapp, Chief AI and Data Officer 2025: The Age of "Decision-Making Machines” through AI Generative AI will move beyond content generation to become the decision-making engine behind countless business processes, from HR to marketing to DevOps. In 2025, AI will become an indispensable developers\' “apprentice”, doing everything from automating bug fixes, to testing and code optimization. The trend towards using AI-assisted development tools will accelerate in the next year, bridge skill gaps, reduce error rates, and help developers keep pace with the faster release cycles of DevOps. AI will also supercharge DevOps by predicting bottlenecks and preemptively suggesting optimizations. This will transform DevOps pipelines into “predictive production lines” and create workflows that fix issues before they impact production. Ravi Ithal, Group General Manager, DSPM R&D and Product Management Under Scrutiny, AI Will Become an Essential Part of How We Do Business A few years ago, cloud computing, mobile and zero-trust were just the buzzwords of the day, but now they are very much a part of the fabric of how organizations do business. AI technologies, and especially Generative AI, are being scrutinized more from a buyer\'s perspective, with many considering them a third-party risk. CISOs are now in the hot seat and must try to get their hands around both the \'risk vs. reward\' and the materiality of risk when it comes to AI tools. CISOs are asking exactly how employees are using AI to understand where they may be putting sensitive information at risk. As a res | Ransomware Malware Tool Threat Mobile Prediction Cloud | ★★★ | |
 |
2024-11-23 17:00:00 | Why New York is a Prime Location for Leading Mobile Development Agencies (lien direct) | New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business…
New York, the city that never sleeps, is renowned as a global epicentre for innovation, creativity, and business… |
Mobile | ★★★ | |
 |
2024-11-22 13:38:15 | Google seems to have called it quits on making its own Android tablets-again (lien direct) | Reports have the Pixel Tablet 2-or maybe 3?-being canceled over sales concerns.
Reports have the Pixel Tablet 2-or maybe 3?-being canceled over sales concerns. |
Mobile | ★★ | |
 |
2024-11-21 16:43:21 | Android will soon instantly log you in to your apps on new devices (lien direct) | New phone day for Android users should get a whole bunch easier.
New phone day for Android users should get a whole bunch easier. |
Mobile | ★★ | |
 |
2024-11-21 14:00:00 | Privacy-focused mobile phone launches for high-risk individuals (lien direct) | >The mobile company CAPE\'s Android-based phone complies with U.S. law but claims to offer a higher degree of privacy for users.
>The mobile company CAPE\'s Android-based phone complies with U.S. law but claims to offer a higher degree of privacy for users. |
Mobile | ★★ | |
 |
2024-11-21 12:41:36 | DoJ wants Google to sell Chrome and ban it from paying to be search default (lien direct) | Filing also suggests it sells Android, stops scraping content for AI without opt-out The US Department of Justice last night finally filed court documents proposing Google divest itself of Chrome – the most popular browser in the world by a huge margin.…
Filing also suggests it sells Android, stops scraping content for AI without opt-out The US Department of Justice last night finally filed court documents proposing Google divest itself of Chrome – the most popular browser in the world by a huge margin.… |
Mobile | ★★ | |
|
2024-11-21 06:58:03 | Graykey - L\'outil de déblocage iPhone qui inquiète Apple (lien direct) | Les smartphones et leur sécurité, c’est vraiment une histoire sans fin qui ressemble de plus en plus à un épisode de Tom & Jerry version high-tech ! D’un côté, nous avons Apple qui renforce sans cesse la protection de ses iPhones, et de l’autre, des entreprises et des outils spécialisées comme Graykey qui tentent par tous les moyens de percer leurs défenses.
Une fuite récente de documents confidentiels vient de nous offrir un aperçu plutôt intéressant des capacités de cet outil utilisé par les forces de l’ordre du monde entier. Cette fuite est d’autant plus incroyable qu’elle est sans précédent pour Graykey, désormais sous la bannière de Magnet Forensics.
Les smartphones et leur sécurité, c’est vraiment une histoire sans fin qui ressemble de plus en plus à un épisode de Tom & Jerry version high-tech ! D’un côté, nous avons Apple qui renforce sans cesse la protection de ses iPhones, et de l’autre, des entreprises et des outils spécialisées comme Graykey qui tentent par tous les moyens de percer leurs défenses. Une fuite récente de documents confidentiels vient de nous offrir un aperçu plutôt intéressant des capacités de cet outil utilisé par les forces de l’ordre du monde entier. Cette fuite est d’autant plus incroyable qu’elle est sans précédent pour Graykey, désormais sous la bannière de Magnet Forensics. |
Tool Mobile | ★★★ | |
|
2024-11-20 22:24:05 | AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kit (lien direct) | ## Snapshot TRAC Labs researchers released a report detailing phishing campaigns using a phishing kit, dubbed "Gabagool," targeting corporate and government employees. ## Description The infection chain begins when an attacker compromises a user\'s email account and begins distributing phishing emails to other employees. The phishing emails contain fake document images or QR codes that, when clicked or scanned, redirect the user to a legitimate file-sharing platform such as SharePoint, Box, or SugarSync. Once at the file-sharing platform, users are again prompted to view or download a document and redirected to another landing page, hosted on a Cloudflare R2 bucket. The Gabagool kit uses AES encryption to hide its operations, including communication with its command-and-control server. Credential harvesting occurs on landing pages, with stolen data sent to an encrypted server. The phishing framework targets enterprise and government data as the server performs validations so only organizational domains are accepted while email addresses from domains like outlook\[.\]com and hotmail\[.\]com are rejected. The framework also adapts to user authentication settings, including multifactor authentication, by presenting options like phone app notifications or SMS codes. ## Recommendations - Invest in advanced anti-phishing solutions that monitor incoming emails and visited websites. [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-security-center-mdo) merges incident and alert management across email, devices, and identities, centralizing investigations for email-based threats. Organizations can also leverage web browsers that automatically [identify and block](https://learn.microsoft.com/deployedge/microsoft-edge-security-smartscreen) malicious websites, including those used in this phishing campaign. - [Require multifactor authentication (MFA).](https://learn.microsoft.com/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication)While AiTM phishing attempts to circumvent MFA, implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats. - Leverage more secure implementations such as FIDO Tokens, or [Microsoft Authenticator](https://www.microsoft.com/security/mobile-authenticator-app) with passkey. Avoid telephony-based MFA methods to avoid risks associated with SIM-jacking. - For more granular control, enable conditional access policies. [Conditional access](https://learn.microsoft.com/entra/identity/conditional-access/overview) policies evaluate sign-in requests using additional identity driven signals like user or group membership, IP location information, and device status, among others, and are enforced for suspicious sign-ins. Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices or trusted IP address requirements. - Implement [continuous access evaluation](https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation). - Turn on [Safe Links](https://learn.microsoft.com/defender-office-365/safe-links-about) and [Safe Attachments](https://learn.microsoft.com/defender-office-365/safe-attachments-about) for Office 365. - Enable [Zero-hour auto purge (ZAP)](https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge) in Office 365 to quarantine sent mail in response to newly acquired threat intelligence and retroactively neutralize malicious phishing, spam, or malware messages that have already been delivered to mailboxes. - Run endpoint detection and response [(EDR) in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode wor | Spam Malware Tool Threat Mobile | ★★★ | |
 |
2024-11-20 20:19:02 | SashNext Launches Partner Program and appoints Ned D\\'Antonio as Global Head of MSPs (lien direct) | ashNext Launches Partner Program Designed for MSPs and MSSPs, Providing Partners with Integrated Email, Browser and Mobile Messaging Security Services
SlashNext appoints Ned D\'Antonio as Global Head of MSPs to expand the reach of the company\'s advanced, AI-driven phishing protection platform
-
Business News
ashNext Launches Partner Program Designed for MSPs and MSSPs, Providing Partners with Integrated Email, Browser and Mobile Messaging Security Services SlashNext appoints Ned D\'Antonio as Global Head of MSPs to expand the reach of the company\'s advanced, AI-driven phishing protection platform - Business News |
Mobile | ★★★ | |
|
2024-11-20 19:35:24 | Apple Releases Urgent Updates To Patch Actively Exploited Zero-Day macOS Vulnerabilities (lien direct) | Apple has rolled out urgent security updates to fix two zero-day critical vulnerabilities affecting Mac users that have been actively exploited in the wild.
According to the Cupertino giant, the zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, are only actively exploited on Intel-based Mac systems.
“Apple is aware of a report that this issue may have been exploited,” the company said in an advisory published on Tuesday.
The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content.
On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices.
It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content.
While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management.
These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors.
Apple has not provided any information on how the above vulnerabilities were exploited.
However, it has strongly urged its macOS users to immediately update to macOS Sequoia 15.1.1, which addresses the security flaws.
It has also released the latest versions of iOS and iPadOS and recommends that iPhone and iPad users update promptly to mitigate potential security threats.
To download macOS software updates, go to Apple menu > System Settings, click General in the sidebar of the window that opens, then click Software Update on the right.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
Apple has rolled out urgent security updates to fix two zero-day critical vulnerabilities affecting Mac users that have been actively exploited in the wild. According to the Cupertino giant, the zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, are only actively exploited on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory published on Tuesday. The first vulnerability, CVE-2024-44308, is related to JavaScriptCore, which could lead to arbitrary code execution when processing maliciously crafted web content. On the other hand, the second vulnerability, CVE-2024-44309, is related to WebKit, the engine that powers Safari and web content on Apple devices. It could lead to a cross-site scripting (CSS) attack when processing maliciously crafted web content. While the CVE-2024-44308 vulnerability was addressed with improved checks, the CVE-2024-44309 flaw, a cookie management issue, was addressed with improved state management. These vulnerabilities were discovered and reported by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG), which tracks cyberattacks mostly linked to government-backed actors. Apple has not provided any information on how the above vulnerabilities were exploited. |
Vulnerability Threat Mobile | ★★★ | |
|
2024-11-20 18:39:00 | Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (lien direct) | Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim\'s funds at scale.
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.
"Criminals can now misuse Google Pay and Apple
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim\'s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple |
Threat Mobile | ★★ | |
 |
2024-11-20 11:44:42 | New Ghost Tap attack abuses NFC mobile payments to steal money (lien direct) | Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed \'Ghost Tap,\' which relays NFC card data to money mules worldwide. [...]
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed \'Ghost Tap,\' which relays NFC card data to money mules worldwide. [...] |
Mobile | ★★★ | |
 |
2024-11-20 10:25:00 | Zimperium Predicts Data Privacy Emphasis, More Evasive Phishing Attacks and Rise of Sideloading in 2025 (lien direct) | This blog shares Zimperium\'s 2025 mobile security trends and threat predictions.
This blog shares Zimperium\'s 2025 mobile security trends and threat predictions. |
Threat Mobile | ★★ | |
|
2024-11-20 03:30:14 | Google changes Android release cycle so new versions arrive in Q2 (lien direct) | Version 16 developer preview starts the new cycle, with warnings for devs to test sooner rather than later Google on Monday delivered the first developer preview of Android 16 – a release notable for both its status as the first step towards a new version and its release date signalling a change in the release cycle for the OS.…
Version 16 developer preview starts the new cycle, with warnings for devs to test sooner rather than later Google on Monday delivered the first developer preview of Android 16 – a release notable for both its status as the first step towards a new version and its release date signalling a change in the release cycle for the OS.… |
Mobile | ★★ | |
|
2024-11-19 16:12:16 | Report: DOJ wants to force Google Chrome sale, Android de-bundling (lien direct) | Cutting off Google\'s control of the world\'s most popular browser may be necessary.
Cutting off Google\'s control of the world\'s most popular browser may be necessary. |
Mobile | ★★ | |
|
2024-11-19 00:35:14 | Inside Water Barghest\'s Rapid Exploit-to-Market Strategy for IoT Devices (lien direct) | ## Snapshot
Trend Micro released a report detailing the activities of Water Barghest, a cybercriminal group operating a highly automated botnet operation that exploits vulnerabilities in Internet of Things (IoT) devices to monetize them as residential proxies.
## Description
Active for over five years, the group leverages tools like public internet scan databases (e.g., Shodan) to identify vulnerable devices and deploy Ngioweb, which runs in memory to avoid persistence. The infected devices are quickly registered with command-and-control (C2) servers and made available on a residential proxy marketplace, often within 10 minutes of compromise.
The botnet\'s infrastructure is remarkably efficient, automating each stage of operation, from identifying and exploiting IoT vulnerabilities to monetizing devices. While the group primarily uses known vulnerabilities, they have also exploited zero-days, such as the Cisco IOS XE flaw in 2023, which brought significant industry attention. Their reliance on cryptocurrency and careful operational security helped them avoid detection for years.
Water Barghest\'s operations have evolved since 2018, initially targeting Windows machines before shifting to IoT devices in 2020. They now exploit a wide range of devices, including those from Cisco, Netgear, and Synology, and are continuing to update Ngioweb to enhance its capabilities. The botnet infrastructure relies on virtual private servers (VPS) to continuously scan for and compromise devices. Their residential proxy network is tied to a commercial marketplace where users can rent backconnect proxies for anonymity.
The group\'s activities highlight a growing cybersecurity challenge as the demand for anonymization services fuels the proliferation of botnets. Effective IoT security measures and limiting exposure of IoT devices to the open internet are critical to mitigating such threats.
## Recommendations
**Microsoft recommends the following mitigations to protect IoT specific devices.**
- Only install applications from trusted sources and official stores.
- If a device is no longer receiving updates, strongly consider replacing it with a new device.
- Use mobile solutions such as [Microsoft Defender for Endpoint on Android](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android?view=o365-worldwide)to detect malicious applications
- Always keep Install unknown apps disabled on the Android device to prevent apps from being installed from unknown sources.
- Evaluate whether [Microsoft Defender for Internet of Things (IoT)](https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/overview) services are applicable to your IoT environment.
## Detections/Hunting Queries
### Microsoft Defender Antivirus
Microsoft Defender Antivirus detects threat components as the following malware:
- [Trojan:Linux/Multiverze](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Multiverze)
- [Trojan:Linux/Ngioweb](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Ngioweb.A!rfn)
## References
[Inside Water Barghest\'s Rapid Exploit-to-Market Strategy for IoT Devices](https://www.trendmicro.com/en_us/research/24/k/water-barghest.html). Trend Micro (accessed 2024-11-18
## Copyright
**© Microsoft 2024**. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.
## Snapshot Trend Micro released a report detailing the activities of Water Barghest, a cybercriminal group operating a highly automated botnet operation that exploits vulnerabilities in Internet of Things (IoT) devices to monetize them as residential proxies. ## Description Active for over five years, the group leverages tools like public internet scan databases (e.g., Shodan) to identify vulne |
Malware Tool Vulnerability Threat Mobile Prediction Commercial | ★★ | |
|
2024-11-18 16:45:00 | Gmail\\'s New Shielded Email Feature Lets Users Create Aliases for Email Privacy (lien direct) | Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam.
The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.
The idea is to create unique, single-use email addresses that forward the messages to
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to |
Spam Mobile | ★★★ | |
 |
2024-11-18 16:30:00 | Swiss Cyber Agency Warns of QR Code Malware in Mail Scam (lien direct) | Switzerland\'s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware
Switzerland\'s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware |
Malware Mobile | ★★ | |
|
2024-11-18 15:58:08 | Windows 95 s\'invite sur iOS avec ce thème rétro bluffant (lien direct) | Ah, les années 90 ! Je m’en souviens comme si c’était hier ! Ma jeunesse, l’époque bénie où le démarrage d’un PC s’accompagnait d’une douce symphonie de ventilateurs ronronnants et de disques durs cliquetants. Si vous aussi cette période vous manque, j’ai trouvé de quoi raviver vos souvenirs directement sur votre iPhone ! Laissez-moi vous présenter i95, un thème qui transforme votre smartphone dernier cri en une véritable machine à remonter le temps.
Ah, les années 90 ! Je m’en souviens comme si c’était hier ! Ma jeunesse, l’époque bénie où le démarrage d’un PC s’accompagnait d’une douce symphonie de ventilateurs ronronnants et de disques durs cliquetants. Si vous aussi cette période vous manque, j’ai trouvé de quoi raviver vos souvenirs directement sur votre iPhone ! Laissez-moi vous présenter i95, un thème qui transforme votre smartphone dernier cri en une véritable machine à remonter le temps. |
Mobile | ★★ | |
|
2024-11-18 11:26:45 | Vigilance Alertes Vulnérabilités - Mozilla Firefox pour Android : usurpation d\'adresse via une redirection, analysé le 18/09/2024 (lien direct) | Un attaquant peut créer des données usurpées sur Mozilla Firefox pour Android, via une redirection, afin de tromper la victime.
-
Vulnérabilités
Un attaquant peut créer des données usurpées sur Mozilla Firefox pour Android, via une redirection, afin de tromper la victime. - Vulnérabilités |
Mobile | ★★ | |
|
2024-11-18 11:26:45 | Vigilance Vulnerability Alerts - Mozilla Firefox for Android: address spoofing via redirection, analyzed on 18/09/2024 (lien direct) | An attacker can create spoofed data on Mozilla Firefox for Android, via redirection, in order to deceive the victim.
-
Security Vulnerability
An attacker can create spoofed data on Mozilla Firefox for Android, via redirection, in order to deceive the victim. - Security Vulnerability |
Vulnerability Mobile | ★★ | |
|
2024-11-17 16:03:03 | HMD Fusion Review: A Cheap Modular Android Phone (lien direct) | The modular phone concept returns and it\'s rather boring.
The modular phone concept returns and it\'s rather boring. |
Mobile | ★★ | |
 |
2024-11-15 20:07:00 | Checklist 400: Reboots, PDFs, and Passwords (lien direct) | >Weak passwords persist as "123456" tops global lists. Mac malware targets crypto users. New iPhone auto-reboot boosts security, challenging law enforcement.
>Weak passwords persist as "123456" tops global lists. Mac malware targets crypto users. New iPhone auto-reboot boosts security, challenging law enforcement. |
Malware Legislation Mobile | ★★ | |
|
2024-11-15 13:05:09 | The Boring Mode - L\'app qui change votre smartphone en téléphone chiant (lien direct) | Comme d’hab, j’arrive après la bataille pour vous parler d’une petite pépite qui devrait en intéresser plus d’un, surtout pour les plus alcooliques d’entre vous, nostalgiques des Nokia 3310 et autres Motorola RAZR. Avec cette application dispo sous iOS et Android, vous allez pouvoir transformer votre précieux smartphone dernier cri en simple téléphone basique, le temps d’une soirée… Non, vous ne rêvez pas !
C’est exactement ce que propose The Boring Mode, une application gratuite qui va ravir tous ceux qui ont parfois besoin de mettre leur cerveau en mode “je déconnecte”. Toutefois, ce n’est pas une énième application de bien-être “digital detox” qui vous culpabilise sur votre temps d’écran. Non non, l’objectif est beaucoup plus festif !
Comme d’hab, j’arrive après la bataille pour vous parler d’une petite pépite qui devrait en intéresser plus d’un, surtout pour les plus alcooliques d’entre vous, nostalgiques des Nokia 3310 et autres Motorola RAZR. Avec cette application dispo sous iOS et Android, vous allez pouvoir transformer votre précieux smartphone dernier cri en simple téléphone basique, le temps d’une soirée… Non, vous ne rêvez pas ! C’est exactement ce que propose The Boring Mode, une application gratuite qui va ravir tous ceux qui ont parfois besoin de mettre leur cerveau en mode “je déconnecte”. Toutefois, ce n’est pas une énième application de bien-être “digital detox” qui vous culpabilise sur votre temps d’écran. Non non, l’objectif est beaucoup plus festif ! |
Mobile | ★★ | |
 |
2024-11-15 12:42:24 | Retrofitting Spatial Safety to hundreds of millions of lines of C++ (lien direct) | Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasada, Core DeveloperAttackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users. Based on an analysis of in-the-wild exploits tracked by Google\'s Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade: Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety. A key element of our strategy focuses on Safe Coding and using memory-safe languages in new code. This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android\'s journey to memory safety.However, this transition will take multiple years as we adapt our development practices and infrastructure. Ensuring the safety of our billions of users therefore requires us to go further: we\'re also retrofitting secure-by-design principles to our existing C++ codebase wherever possible.To that end, we\'re working towards bringing spatial memory safety into as many of our C++ codebases as possible, including Chrome and the monolithic codebase powering our services.We\'ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs. While C++ will not become fully memory-s |
Vulnerability Threat Mobile | ★★★ | |
|
2024-11-14 19:11:42 | These 8 Apps on Google Play Store Contain Android/FakeApp Trojan (lien direct) | Eight Android apps on the Google Play Store, downloaded by millions, contain the Android.FakeApp trojan, stealing user data…
Eight Android apps on the Google Play Store, downloaded by millions, contain the Android.FakeApp trojan, stealing user data… |
Mobile | ★★★ | |
|
2024-11-14 12:05:26 | New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones (lien direct) | >Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.
This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
>Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones. |
Legislation Mobile | ★★ | |
|
2024-11-13 19:23:55 | Portnox announced its new Jamf integration (lien direct) | Portnox and Jamf Integration Delivers Agentless, Risk-Based Authentication for Networks, Applications & Infrastructure
Portnox unveils integration with leading mobile device management (MDM) solution to strengthen passwordless, risk-based authentication and access control offering.
-
Business News
Portnox and Jamf Integration Delivers Agentless, Risk-Based Authentication for Networks, Applications & Infrastructure Portnox unveils integration with leading mobile device management (MDM) solution to strengthen passwordless, risk-based authentication and access control offering. - Business News |
Mobile | ★★★ | |
|
2024-11-13 12:59:56 | Safer with Google: New intelligent, real-time protections on Android to keep you safe (lien direct) | Posted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android
User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. From Gmail\'s defenses that stop more than 99.9% of spam, phishing and malware, to Google Messages\' advanced security that protects users from 2 billion suspicious messages a month and beyond, we\'re constantly developing and expanding protection features that help keep you safe.
We\'re introducing two new real-time protection features that enhance your safety, all while safeguarding your privacy: Scam Detection in Phone by Google to protect you from scams and fraud, and Google Play Protect live threat detection with real-time alerts to protect you from malware and dangerous apps.
These new security features are available first on Pixel, and are coming soon to more Android devices.
More intelligent AI-powered protection against scams
Scammers steal over $1 trillion dollars a year from people, and phone calls are their favorite way to do it. Even more alarming, scam calls are evolving, becoming increasingly more sophisticated, damaging and harder to identify. That\'s why we\'re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.
Real-time protection, built with your privacy in mind.
Real-time defense, right on your device: Scam Detection uses powerful on-device AI to notify you of a potential scam call happening in real-time by detecting conversation patterns commonly associated with scams. For example, if a caller claims to be from your bank and asks you to urgently transfer funds due to an alleged account breach, Scam Detection will process the call to determine whether the call is likely spam and, if so, can provide an audio and haptic alert and visual warning that the call may be a scam.
Private by design, you\'re always in control: We\'ve built Scam Detection to protect your privacy and ensure you\'re always in control of your data. Scam Detection is off by default, and you can decide whether you want to activate it for future calls. At any time, you can turn it off for all calls in the Phone app Settings, or during a particular call. The AI detection model and processing are fully on-device, which means that no conversation audio or transcription is stored on the device, sent to Google servers or anywhere else, or retrievable after the call.
Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices. As part of our co |
Spam Malware Threat Mobile | ★★ | |
|
2024-11-13 12:06:21 | Mapping License Plate Scanners in the US (lien direct) | >DeFlock is a crowd-sourced project to map license plate scanners.
It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
>DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped. |
Mobile | ★★★ | |
|
2024-11-13 12:00:00 | Mishing: The Rising Mobile Attack Vector Facing Every Organization (lien direct) | >This blog shares the definition of mishing, common tactics used, and the growing threat for organizations.
>This blog shares the definition of mishing, common tactics used, and the growing threat for organizations. |
Threat Mobile | ★★ | |
|
2024-11-11 13:03:03 | Octobre 2024 \\\\\\\\\\\\\'s MALWWare: InfostEllers Monte alors que les cybercriminels exploitent les vecteurs d\\\\\\\\\\'attaque innovants (lien direct) | > Vérifier les logiciels de point de point \\\\\\\\\\\\\ \ \ \ index des menaces de l'as Tactiques utilisées par les cybercriminels à travers le monde. Le point de vérification \\\\\\\\\\\\\’s Global Menage Index pour octobre 2024 révèle une tendance préoccupante dans le paysage de la cybersécurité: la montée des infostelleurs et la sophistication croissante des méthodes d’attaque employées par les cybercriminels. Le mois dernier, les chercheurs ont découvert une chaîne d'infection où de fausses pages CAPTCHA sont utilisées pour distribuer du malware Lumma Stealer, qui a atteint la 4e place dans le classement des logiciels malveillants mensuels. […]
>Check Point Software\\\\\\\\\\\\'s latest threat index reveals a significant rise in infostealers like Lumma Stealer, while mobile malware like Necro continues to pose a significant threat, highlighting the evolving tactics used by cyber criminals across the globe. Check Point\\\\\\\\\\\\'s Global Threat Index for October 2024 reveals a concerning trend in the cyber security landscape: the rise of infostealers and the increasing sophistication of attack methods employed by cyber criminals. Last month researchers discovered an infection chain where fake CAPTCHA pages are being utilized to distribute Lumma Stealer malware, which has climbed to 4th place in the Monthly Top Malware rankings. […] |
Malware Threat Mobile Prediction | ★★ | |
|
2024-11-11 12:45:44 | Faits saillants hebdomadaires, 11 novembre 2024 (lien direct) | ## Instantané La semaine dernière, le rapport \\\\\\\\\\\\\ \ \ ait le rapport a mis en évidence un paysage à multiples facettes de cybermenaces motivé par diverses tactiques, vecteurs et cibles. L'analyse a souligné l'utilisation persistante du phishing comme vecteur dominant, allant de la lance sophistiquée ciblant les entités sud-coréennes par APT37 à des campagnes à grande échelle en Ukraine par l'UAC-0050. Des groupes avancés de menace persistante (APT) comme Sapphire Sleet, APT-36 et TA866 ont utilisé des méthodes furtives, y compris des logiciels malveillants modulaires et des outils RMM, pour atteindre l'espionnage et le gain financier. Les vulnérabilités d'infrastructures critiques, comme celles des systèmes Synology NAS et Palo Alto, ont en outre souligné les risques pour les dispositifs d'entreprise et de consommation. Les acteurs de la menace, notamment des groupes parrainés par l'État et des cybercriminels, des outils à effet de levier comme les logiciels malveillants de cryptomine, les botnets sophistiqués et les nouveaux rats pour étendre leur contrôle sur les systèmes, tandis que les élections influencent les opérations par des entités russes et iraniennes ont mis en lumière les dimensions géopolitiques des cyber-activités. Dans l'ensemble, la semaine a révélé un paysage de menaces en évolution marqué par des méthodes d'attaque adaptatives ciblant les institutions financières, les agences gouvernementales et les utilisateurs de tous les jours. ## Description 1. [Attaque silencieuse de l'écumeur] (https://sip.security.microsoft.com/intel-explorer/articles/2f001d21): l'unité 42 a suivi un compromis de serveur Web ciblant une organisation multinationale nord-américaine, liée à la campagne silencieuse de la campagne Skimmer Volet données de paiement en ligne. Les attaquants ont utilisé des vulnérabilités de Telerik UI, établi la persistance via des coquilles Web et des données exfiltrées à l'aide d'outils de tunneling. 1. [Bundle Steelfox Crimeware] (https://sip.security.microsoft.com/intel-explorer/articles/0661f634): une nouvelle étendue de paquet de logiciels malveillants via de faux activateurs de logiciels effectue une attaque multi-étages impliquant un theft de données et une cryptominage. Il cible principalement les utilisateurs du monde entier en exploitant les vulnérabilités de Windows pour élever les privilèges et maintenir la persistance. 1. [CloudComptation \\\\\\\\\\\\\\ ’scolatics d’espionnage évolutif] (https://sip.security.microsoft.com/intel-explorer/articles/792a6266): SecureList de Kaspersky a rapporté que CloudComputation (backdoordiplomacy) est passé à l'utilisation du framework QSC, un malware multi-plugine Outil conçu pour l'exécution des modules en mémoire, améliorant la furtivité et la persistance. Les attaques du groupe \\\\\\\\\\\\\ \\\ \ \\\\\\\\\ \ \ \ \ opérations système. 1. [Remcos Rat Phishing Campaign] (https://sip.security.microsoft.com/intel-explorer/articles/d36e3ff1): Fortiguard Labs a découvert une campagne de phishing déploiement des rat remcos via des documents Ole Excel ole excel qui exploitent les vulnérabilités de Microsoft. Cette attaque tire parti des techniques d'anti-analyse, de la livraison de charge utile sans fil et de la manipulation du système pour la persistance, permettant aux attaquants de contrôler les appareils de victime, de collecter des données et de communiquer avec un serveur de commandement et de contrôle à l'aide de canaux cryptés. 1. [Wish Stealer Malware] (https://sip.security.microsoft.com/intel-explorer/articles/a11d08f6): Cyfirma a découvert un voleur d'informations Windows ciblant la discorde, les navigateurs Web et les portefeuilles de crypto-monnaie. Il utilise le détournement de presse-papiers, les fonctionnalités anti-détection et la discorde pour l'exfiltration des données, posant des risques à la sécurité des utilisateurs. 1. [Apt37 ciblant la Corée du Sud] (https://sip.security.microsoft.com/in | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | APT 37 | ★★★ |
|
2024-11-09 08:45:50 | La nouvelle fonction secrète d\'iOS 18 qui donne des sueurs froides aux enquêteurs de police (lien direct) | Sans prévenir, Apple vient de pousser encore un peu plus la sécurité de ses appareils avec iOS 18, au grand dam des forces de l’ordre. Et oui, figurez-vous que la dernière mise à jour de leur OS mobile cache une fonctionnalité qui fait actuellement grincer pas mal de dents. Les forces de police américaines sont en effet dans tous leurs états depuis qu’elles ont découvert un comportement pour le moins étrange des iPhone sous iOS 18. Il semblerait que les appareils stockés dans leurs labos d’analyse se mettent à redémarrer de manière autonome, compliquant sérieusement leur travail d’investigation. | Legislation Mobile | ★★★ |
To see everything:
Our RSS (filtrered)
