What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-30 11:56:28 | Les logiciels malveillants de Vultur Banking pour Android se présentent comme une application de sécurité McAfee Vultur banking malware for Android poses as McAfee Security app (lien direct) |
Les chercheurs en sécurité ont trouvé une nouvelle version du Troie bancaire Vultur pour Android qui comprend des capacités de télécommande plus avancées et un mécanisme d'évasion amélioré.[...]
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. [...] |
Malware Mobile | ★★ | |
 |
2024-03-29 14:18:29 | Autorisation de paiement et mots de passe unique & # 8211;Jeton mobile Payment authorization and one-time passwords – Mobile Token (lien direct) |
> Par uzair amir
n'est pas choquant que les gens utilisent toujours des mots de passe comme Qwerty12, 1234, ou des noms d'animaux pour leurs comptes en ligne? & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Autorisation de paiement et mots de passe unique & # 8211;Jeton mobile
>By Uzair Amir Isn’t it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile Token |
Mobile | ★★ | |
 |
2024-03-29 10:29:34 | RCS sur iPhone – Apple va enfin adopter le standard de messagerie universel ! (lien direct) | Apple va enfin supporter le standard RCS sur iPhone fin 2024, permettant une messagerie universelle sécurisée entre iOS et Android. Un grand pas pour l'interopérabilité et la protection de la vie privée des utilisateurs, sous la pression des régulateurs européens. | Mobile | ★★ | |
 |
2024-03-28 19:11:03 | Android Malware Vultur étend son envergure Android Malware Vultur Expands Its Wingspan (lien direct) |
#### Description
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.
#### Reference URL(s)
1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
#### Publication Date
March 28, 2024
#### Author(s)
Joshua Kamp
#### Description The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions. #### Reference URL(s) 1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ #### Publication Date March 28, 2024 #### Author(s) Joshua Kamp |
Malware Mobile Technical | ★★★ | |
 |
2024-03-28 18:16:18 | Adressez désinfectant pour le firmware à métal nu Address Sanitizer for Bare-metal Firmware (lien direct) |
Posted by Eugene Rodionov and Ivan Lozano, Android Team With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. This area has traditionally received less scrutiny, but is critical to device security. We have previously discussed how we have been prioritizing firmware security, and how to apply mitigations in a firmware environment to mitigate unknown vulnerabilities. In this post we will show how the Kernel Address Sanitizer (KASan) can be used to proactively discover vulnerabilities earlier in the development lifecycle. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets. Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices. We\'ve already used KASan in some firmware targets to proactively find and fix 40+ memory safety bugs and vulnerabilities, including some of critical severity. Along with this blog post we are releasing a small project which demonstrates an implementation of KASan for bare-metal targets leveraging the QEMU system emulator. Readers can refer to this implementation for technical details while following the blog post. Address Sanitizer (ASan) overview Address sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime. It is capable of detecting the following classes of temporal and spatial memory safety bugs: out-of-bounds memory access use-after-free double/invalid free use-after-return ASan relies on the compiler to instrument code with dynamic checks for virtual addresses used in load/store operations. A separate runtime library defines the instrumentation hooks for the heap memory and error reporting. For most user-space targets (such as aarch64-linux-android) ASan can be enabled as simply as using the -fsanitize=address compiler option for Clang due to existing support of this target both in the toolchain and in the libclang_rt runtime. However, the situation is rather different for bare-metal code which is frequently built with the none system targets, such as arm-none-eabi. Unlike traditional user-space programs, bare-metal code running inside an embedded system often doesn\'t have a common runtime implementation. As such, LLVM can\'t provide a default runtime for these environments. To provide custom implementations for the necessary runtime routines, the Clang toolchain exposes an interface for address sanitization through the -fsanitize=kernel-address compiler option. The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren\'t supported by default with -fsanitize=address. We\'ll demonstrate how to use the version of address sanitizer originally built for the kernel on other bare-metal targets. KASan 101 Let\'s take a look at the KASan major building blocks from a high-level perspective (a thorough explanation of how ASan works under-the-hood is provided in this whitepaper). The main idea behind KASan is that every memory access operation, such as load/store instructions and memory copy functions (for example, memm | Tool Vulnerability Mobile Technical | ★★ | |
 |
2024-03-28 15:03:01 | Les attaques de bombardements MFA suspectées ciblent les utilisateurs d'iPhone Apple Suspected MFA Bombing Attacks Target Apple iPhone Users (lien direct) |
Plusieurs utilisateurs d'appareils Apple ont connu des incidents récents où ils ont reçu des invites de réinitialisation de mot de passe incessantes et des appels de vision à partir d'une ligne de support client légitime d'usurpation de nombre d'Apple \\.
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple\'s legitimate customer support line. |
Mobile | ★★★ | |
|
2024-03-28 08:33:12 | La moitié des applis pour enfants sur Android récoltent leurs données (lien direct) | — Article en partenariat avec Incogni — Salut la compagnie. Alors si vous avez l’habitude de me suivre, vous savez que j’ai déjà présenté l’outil Incogni de Surfshark d’un tas de façons différentes. Et mentionné les nombreux services qu’il peut rendre en fonction de votre situation. Mais s’il y a une … Suite | Mobile | ★★★ | |
|
2024-03-27 18:12:20 | Nouveau service de phishing darcula cible les utilisateurs d'iPhone via iMessage New Darcula phishing service targets iPhone users via iMessage (lien direct) |
Un nouveau phishing-as-a-service (phaaS) nommé \\ 'darcula \' utilise 20 000 domaines pour usurper les marques et voler des informations d'identification aux utilisateurs d'Android et d'iPhone dans plus de 100 pays.[...]
A new phishing-as-a-service (PhaaS) named \'Darcula\' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...] |
Mobile | ★★★★ | |
 |
2024-03-27 18:10:10 | "MFA Fatigue" cible les propriétaires d'iPhone avec des invites de réinitialisation de mot de passe sans fin “MFA Fatigue” attack targets iPhone owners with endless password reset prompts (lien direct) |
Des invites à tir rapide suivis parfois avec des appels usurpés de «support Apple».
Rapid-fire prompts sometimes followed with spoofed calls from "Apple support." |
Mobile | ★★★★ | |
 |
2024-03-27 16:54:27 | Reliaquest a annoncé de nouvelles fonctionnalités à son application mobile Greymatter ReliaQuest announced new features to its GreyMatter Mobile App (lien direct) |
L'application mobile de cybersécurité renforce les organisations \\ 'Sécurité tout en offrant une meilleure qualité de vie aux leaders de la sécurité
salué comme un \\ 'changer de jeu \' par les clients, l'application mobile Greymatter permet de remédier aux menaces en un seul clic
-
revues de produits
Cybersecurity mobile app bolsters organizations\' security while providing better quality of life for security leaders Hailed as a \'game-changer\' by customers, GreyMatter mobile app enables threats to be remediated in one click - Product Reviews |
Mobile | ★★ | |
 |
2024-03-27 13:19:18 | Les applications VPN sur Google Play transforment les appareils Android en proxies VPN Apps on Google Play Turn Android Devices Into Proxies (lien direct) |
> La sécurité humaine identifie 28 applications VPN pour Android et un SDK qui transforment les appareils en proxys.
>Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. |
Mobile | ★★★ | |
|
2024-03-27 13:00:17 | BlueDucky – Automatiser l\'exploitation d\'une faille Bluetooth pour exécuter du code à distance (lien direct) | BlueDucky est un outil puissant qui automatise l'exploitation d'une vulnérabilité Bluetooth permettant d'exécuter du code à distance sur des appareils Android et Linux non patchés, en se faisant passer pour un clavier. Il scanne, sauvegarde les cibles et exécute des scripts malveillants. | Mobile | ★★★ | |
 |
2024-03-27 13:00:00 | Les logiciels espions et les exploits zéro-jours vont de plus en plus de pair, les chercheurs trouvent Spyware and zero-day exploits increasingly go hand-in-hand, researchers find (lien direct) |
> Les chercheurs ont trouvé 97 jours zéro exploités dans la nature en 2023;Près des deux tiers des défauts mobiles et du navigateur ont été utilisés par les entreprises spyware.
>Researchers found 97 zero-days exploited in the wild in 2023; nearly two thirds of mobile and browser flaws were used by spyware firms. |
Vulnerability Threat Mobile | ★★ | |
|
2024-03-27 08:21:15 | VLC dévoile les sombres dessous de la signature d\'apps Android (lien direct) | VLC explique les enjeux de sécurité liés à la signature des applications Android et sa position face aux exigences du Google Play Store qui demande l'accès à sa clé privée pour publier des mises à jour. | Mobile | ★★★★★ | |
 |
2024-03-26 22:00:00 | Tendances les jours zéro exploités dans le monde en 2023 Trends on Zero-Days Exploited In-the-Wild in 2023 (lien direct) |
Written by: Maddie Stone, Jared Semrau, James Sadowski
Combined data from Google\'s Threat Analysis Group (TAG) and Mandiant shows 97 zero-day vulnerabilities were exploited in 2023; a big increase over the 62 zero-day vulnerabilities identified in 2022, but still less than 2021\'s peak of 106 zero-days. This finding comes from the first-ever joint zero-day report by TAG and Mandiant. The report highlights 2023 zero-day trends, with focus on two main categories of vulnerabilities. The first is end user platforms and products such as mobile devices, operating systems, browsers, and other applications. The second is enterprise-focused technologies such as security software and appliances. Key zero-day findings from the report include: Vendors\' security investments are working, making certain attacks harder. Attacks increasingly target third-party components, affecting multiple products. Enterprise targeting is rising, with more focus on security software and appliances. Commercial surveillance vendors lead browser and mobile device exploits. People\'s Republic of China (PRC) remains the top state-backed exploiter of zero-days. Financially-motivated attacks proportionally decreased. Threat actors are increasingly leveraging zero-days, often for the purposes of evasion and persistence, and we don\'t expect this activity to decrease anytime soon. Progress is being made on all fronts, but zero-day vulnerabilities remain a major threat. A Look Back - 2023 Zero-Day Activity at a Glance Barracuda ESG: CVE-2023-2868 Barracuda disclosed in May 2023 that a zero-day vulnerability (CVE-2023-2868) in their Email Security Gateway (ESG) had been actively exploited since as early as October 2022. Mandiant investigated and determined that UNC4841, a suspected Chinese cyber espionage actor, was conducting attacks across multiple regions and sectors as part of an espionage campaign in support of the PRC. Mandiant released a blog post with findings from the initial investigation, a follow-up post with more details as the investigation continued |
Vulnerability Threat Mobile Cloud Technical | ★★ | |
|
2024-03-26 20:42:26 | Apple Security Bug ouvre l'iPhone, iPad à RCE Apple Security Bug Opens iPhone, iPad to RCE (lien direct) |
Le CVE-2024-1580 permet aux attaquants distants d'exécuter du code arbitraire sur les appareils affectés.
CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices. |
Mobile | ★★★ | |
 |
2024-03-26 13:00:00 | Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) | > Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
|
2024-03-26 13:00:00 | Défendre votre espace de travail mobile: les risques d'atténuation des applications de téléchargement de touche Defending Your Mobile Workspace: Mitigating Risks of Sideloading Apps (lien direct) |
> Dans le lieu de travail dirigée numérique d'aujourd'hui, les applications mobiles (applications) sont devenues des outils indispensables pour améliorer la productivité et fournir aux équipes une communication transparente.Alors que les employés recherchent des fonctionnalités et des fonctionnalités supplémentaires au-delà de ce que les magasins d'applications officiels offrent, ils se tournent souvent vers des magasins d'applications tiers.Alors que l'idée des magasins d'applications tierces peut sembler innocente, [& # 8230;]
>In today\'s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may seem innocent, […] |
Tool Mobile | ★★ | |
|
2024-03-26 12:33:00 | Les applications VPN gratuites sur Google Play transforment les téléphones Android en proxies Free VPN apps on Google Play turned Android phones into proxies (lien direct) |
Plus de 15 applications VPN gratuites sur Google Play ont été trouvées à l'aide d'un kit de développement logiciel malveillant qui a transformé les appareils Android en proxys résidentiels involontaires, probablement utilisés pour les robots de cybercriminalité et de magasinage.[...]
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. [...] |
Mobile | ★★★ | |
|
2024-03-25 07:32:16 | Les nouveaux résultats de recherche sur l'IA de Google favorisent les sites poussant des logiciels malveillants, des escroqueries Google\\'s new AI search results promotes sites pushing malware, scams (lien direct) |
Les nouveaux algorithmes de la recherche de recherche \\ 'de Google \' de Google recommandent des sites d'arnaque qui redirigent les visiteurs vers des extensions de chrome indésirables, de faux cadeaux iPhone, des abonnements de spam de navigateur et des escroqueries de support technologique.[...]
Google\'s new AI-powered \'Search Generative Experience\' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...] |
Spam Malware Mobile | ★★ | |
 |
2024-03-23 21:28:48 | Les pirates peuvent débloquer 3 millions de portes hôtelières dans 131 pays Hackers Can Unlock 3 million Hotel Doors In 131 Countries (lien direct) |
Les chercheurs en sécurité ont découvert des vulnérabilités dans la gamme de serrures électroniques RFID de Dormakaba \\, ce qui pourrait permettre à un attaquant d'accéder aux chambres d'hôtel et aux portes de l'unité de logement multifamilial en quelques secondes en utilisant une seule paire de clés forgés. La série de vulnérabilités, surnommée «DeSaflok», a été découverte par les chercheurs Lennert Wouters, Ian Carroll, RQU, Buscanfly, Sam Curry, Shell et Will Caruana en septembre 2022 et divulgués en mars 2024, comme l'a rapporté pour la première fois par | Tool Vulnerability Mobile Technical | ★★ | |
|
2024-03-23 12:59:46 | Opera voit un grand saut dans les utilisateurs de l'UE sur iOS, Android après la mise à jour DMA Opera sees big jump in EU users on iOS, Android after DMA update (lien direct) |
Opera a signalé une augmentation substantielle de 164% des nouveaux utilisateurs de l'Union européenne sur les appareils iOS après que Apple a introduit une nouvelle fonctionnalité pour se conformer à la loi sur les marchés numériques de l'UE (DMA).[...]
Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU\'s Digital Markets Act (DMA). [...] |
Mobile | ★★★ | |
 |
2024-03-22 11:01:39 | Google paie 10 millions de dollars en primes de bogue en 2023 Google Pays $10M in Bug Bounties in 2023 (lien direct) |
BleepingComputer a le Détails .Il est de 2 millions de dollars de moins qu'en 2022, mais il est encore beaucoup beaucoup.
La récompense la plus élevée pour un rapport de vulnérabilité en 2023 était de 113 337 $, tandis que le décompte total depuis le lancement du programme en 2010 a atteint 59 millions de dollars.
Pour Android, le système d'exploitation mobile le plus populaire et le plus largement utilisé, le programme a accordé plus de 3,4 millions de dollars.
Google a également augmenté le montant maximal de récompense pour les vulnérabilités critiques concernant Android à 15 000 $, ce qui a augmenté les rapports communautaires.
Au cours des conférences de sécurité comme ESCAL8 et Hardwea.io, Google a attribué 70 000 $ pour 20 découvertes critiques dans le système d'exploitation Android et Android Automotive et 116 000 $ pour 50 rapports concernant les problèmes dans Nest, Fitbit et Wearables ...
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables... |
Vulnerability Studies Mobile | ★★★ | |
|
2024-03-21 18:34:13 | Android 15 obtient la messagerie par satellite, commence la prise en charge de l'application de couverture pliable Android 15 gets satellite messaging, starts foldable cover app support (lien direct) |
Google ne laisse toujours pas les applications Play Store utilise des RC.
Google still isn\'t letting Play Store apps use RCS, though. |
Mobile | ★★★ | |
|
2024-03-21 13:00:00 | Securing Your React Native Apps: Top 6 Concerns to Address (lien direct) | > Dans le développement d'applications mobiles, il existe deux approches principales: les applications natives et les applications hybrides.Les applications natives sont développées pour des plates-formes spécifiques à l'aide de langages comme Swift pour iOS et Kotlin pour Android, offrant des performances rapides et une expérience utilisateur fluide.Les applications hybrides, en revanche, sont conçues avec des technologies Web [& # 8230;]
>In mobile app development, there are two primary approaches: native apps and hybrid apps. Native apps are developed for specific platforms using languages like Swift for iOS and Kotlin for Android, offering fast performance and a smooth user experience. Hybrid apps, on the other hand, are built with web technologies […] |
Mobile | ★★ | |
|
2024-03-21 13:00:00 | Sécuriser vos applications natives React: les 6 principales préoccupations à répondre Securing Your React Native Apps: Top 6 Concerns to Address (lien direct) |
> Dans le développement d'applications mobiles, il existe deux approches principales: les applications natives et les applications hybrides.Les applications natives sont développées pour des plates-formes spécifiques à l'aide de langages comme Swift pour iOS et Kotlin pour Android, offrant des performances rapides et une expérience utilisateur fluide.Les applications hybrides, en revanche, sont conçues avec des technologies Web [& # 8230;]
>In mobile app development, there are two primary approaches: native apps and hybrid apps. Native apps are developed for specific platforms using languages like Swift for iOS and Kotlin for Android, offering fast performance and a smooth user experience. Hybrid apps, on the other hand, are built with web technologies […] |
Mobile | ★★★ | |
|
2024-03-20 18:56:01 | Kaspersky identifie trois nouvelles menaces de logiciels malveillants Android Kaspersky Identifies Three New Android Malware Threats (lien direct) |
> Dans le développement d'applications mobiles, il existe deux approches principales: les applications natives et les applications hybrides.Les applications natives sont développées pour des plates-formes spécifiques à l'aide de langages comme Swift pour iOS et Kotlin pour Android, offrant des performances rapides et une expérience utilisateur fluide.Les applications hybrides, en revanche, sont conçues avec des technologies Web [& # 8230;]
>In mobile app development, there are two primary approaches: native apps and hybrid apps. Native apps are developed for specific platforms using languages like Swift for iOS and Kotlin for Android, offering fast performance and a smooth user experience. Hybrid apps, on the other hand, are built with web technologies […] |
Malware Mobile | ★★ | |
|
2024-03-20 18:05:18 | Les utilisateurs d'Android India \\ sont frappés par la campagne de logiciels malveillants en tant que service India\\'s Android Users Hit by Malware-as-a-Service Campaign (lien direct) |
Les pirates recherchent des informations personnelles sensibles sur les appareils utilisateur, y compris les données bancaires et les messages SMS.
Hackers are seeking sensitive personal information on user devices, including banking data and SMS messages. |
Mobile | ★★★ | |
 |
2024-03-20 11:00:34 | Malware Android, logiciels malveillants Android et plus de logiciels malveillants Android Android malware, Android malware and more Android malware (lien direct) |
Dans ce rapport, nous partageons nos dernières découvertes de logiciels malveillants Android: The Tambir Spyware, Dwphon Downloader et Gigabud Banking Trojan.
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan. |
Malware Mobile | ★★ | |
|
2024-03-20 10:06:41 | Attention aux liens sur X ! (lien direct) | Les liens partagés sur X (ex-Twitter) peuvent parfois rediriger les utilisateurs vers des sites inattendus et potentiellement dangereux, en exploitant une faille dans la génération des aperçus de liens. Soyez vigilants en cliquant sur les liens, surtout sur mobile. | Mobile | ★★ | |
 |
2024-03-19 16:15:13 | Firefox 124 apporte plus de mouvements lisses pour Mac et Android Firefox 124 brings more slick moves for Mac and Android (lien direct) |
et vous obtenez maintenant une navigation par clavier dans le lecteur PDF intégré La dernière version de Firefox s'améliore dans les zones qui devraient l'aider à mieux s'adapter à plusieurs catégories de matériel.…
And you now get keyboard navigation in the built-in PDF reader The latest version of Firefox improves in areas that should help it fit in better on several categories of hardware.… |
Mobile | ★★ | |
 |
2024-03-19 16:14:54 | Apple discute avec Google pour intégrer Gemini dans les iPhone (lien direct) | Apple serait en pourparlers avec Google pour utiliser Gemini pour des tâches d'IA générative sur les iPhone. | Mobile | ★★ | |
|
2024-03-19 13:00:00 | The Growing Risks of On-Device Fraud (lien direct) | > L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]
>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023. JuniperResearch puts the number at $91billion by 2028 and […] |
Studies Mobile Prediction | ★★★★ | |
|
2024-03-19 13:00:00 | Les risques croissants de fraude à disposition The Growing Risks of On-Device Fraud (lien direct) |
> L'image est douloureusement claire...Les organisations ne voient pas de ralentissement de la fraude financière ciblant les appareils mobiles.MasterCard a récemment partagé que leurs données montrent une tendance de 41 milliards de dollars de perte liée à la fraude en 2022, atteignant 48 milliards de dollars d'ici 2023. JuniperResearch met le nombre à 91 milliards de dollars d'ici 2028 et [& # 8230;]
>The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting mobile devices. Mastercard recently shared that their data shows a trend of $41billion in fraud-related loss in 2022, growing to $48billion by 2023. JuniperResearch puts the number at $91billion by 2028 and […] |
Mobile Prediction | ★★ | |
 |
2024-03-19 10:30:00 | Une prescription pour la protection de la confidentialité: exerce une prudence lors de l'utilisation d'une application de santé mobile A prescription for privacy protection: Exercise caution when using a mobile health app (lien direct) |
Compte tenu des habitudes de collecte de données malsaines de certaines applications MHEALTH, vous êtes bien conseillé de marcher soigneusement lorsque vous choisissez avec qui vous partagez certaines de vos données les plus sensibles
Given the unhealthy data-collection habits of some mHealth apps, you\'re well advised to tread carefully when choosing with whom you share some of your most sensitive data |
Mobile | ★★ | |
|
2024-03-16 07:00:00 | Top 50 des IA génératives à découvrir absolument en 2024 (lien direct) | Découvrez le top 50 des applications IA génératives les plus innovantes et populaires en 2024, classées selon leur trafic web et mobile. Des assistants généraux aux outils de productivité en passant par les compagnons IA, explorez les tendances clés et les entreprises émergentes dans le domaine de l'IA générative grand public. | Tool Mobile | ★★★ | |
|
2024-03-15 08:00:00 | Adeus – L\'assistant IA DIY qui vous accompagne partout (lien direct) | Adeus est un dispositif portable d'intelligence artificielle personnelle open-source, respectueux de la vie privée, comprenant une application mobile ou web, un dispositif matériel et Supabase pour la gestion des données. Il offre une expérience utilisateur unique et personnalisée, soutenant le développement de l'open-source et d'un internet plus respectueux des libertés individuelles. | Mobile | ★★★ | |
|
2024-03-14 17:58:09 | Google Gooses Safe Protection avec une protection en temps réel qui ne fuit pas au géant publicitaire Google gooses Safe Browsing with real-time protection that doesn\\'t leak to ad giant (lien direct) |
Rare occasion lorsque vous voulez que Big Tech en fasse un hachage Google a amélioré son service de navigation en toute sécurité pour permettre une protection en temps réel dans Chrome pour le bureau, iOS et bientôt Android contre les sites Web risqués, sans envoyer de données d'historique de navigation au biz.…
Rare occasion when you do want Big Tech to make a hash of it Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.… |
Mobile | ★★★ | |
 |
2024-03-14 16:42:32 | Android Phishing Scam utilisant des logiciels malveillants en tant que service en Inde Android Phishing Scam Using Malware-as-a-Service on the Rise in India (lien direct) |
> 
Rédigé par Zepeng Chen et Wenfeng Yu McAfee Research Mobile Research a observé une campagne de logiciels malveillants à escroquerie active ciblant Android ...
> 
Authored by ZePeng Chen and Wenfeng Yu McAfee Mobile Research Team has observed an active scam malware campaign targeting Android...
|
Malware Mobile | ★★★ | |
|
2024-03-14 13:12:07 | Proton Mail lance une application de bureau pour Windows et macOS (lien direct) | Proton Mail lance une application de bureau pour Windows et macOS pour tous les utilisateurs payants, ainsi qu'une application Linux en version bêta • Une application de bureau pour Proton Mail et Proton Calendar est désormais disponible pour tous les utilisateurs Windows et macOS disposant d'un abonnement payant. • Avec l'application Linux disponible en version bêta, Proton Mail propose désormais des applications dédiées pour toutes les principales plateformes desktop et mobile, offrant une alternative privée et sécurisée aux Big Techs. • L'application Proton Mail sur Windows et macOS fait suite au succès de la version bêta, testée par une dizaine de milliers d'utilisateurs. • L'application de bureau est disponible pour tous les utilisateurs disposant d'un abonnement payant à Proton Mail. Les titulaires d'un compte gratuit peuvent en faire l'expérience à tout moment grâce au nouvel essai gratuit de 14 jours. • Les applications de bureau Proton Mail offrent aux utilisateurs le chiffrement robuste que les utilisateurs attendent de Proton, quelque chose que même Gmail ne propose pas. - Produits | Mobile | ★★ | |
|
2024-03-14 12:01:32 | Protection d'URL en temps réel et préservant la confidentialité Real-time, privacy-preserving URL protection (lien direct) |
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing
For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world. As attackers grow more sophisticated, we\'ve seen the need for protections that can adapt as quickly as the threats they defend against. That\'s why we\'re excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.
Current landscape
Chrome automatically protects you by flagging potentially dangerous sites and files, hand in hand with Safe Browsing which discovers thousands of unsafe sites every day and adds them to its lists of harmful sites and files.
So far, for privacy and performance reasons, Chrome has first checked sites you visit against a locally-stored list of known unsafe sites which is updated every 30 to 60 minutes – this is done using hash-based checks.
Hash-based check overview
But unsafe sites have adapted - today, the majority of them exist for less than 10 minutes, meaning that by the time the locally-stored list of known unsafe sites is updated, many have slipped through and had the chance to do damage if users happened to visit them during this window of opportunity. Further, Safe Browsing\'s list of harmful websites continues to grow at a rapid pace. Not all devices have the resources necessary to maintain this growing list, nor are they always able to receive and apply updates to the list at the frequency necessary to benefit from full protection.
Safe Browsing\'s Enhanced protection mode already stays ahead of such threats with technologies such as real-time list checks and AI-based classification of malicious URLs and web pages. We built this mode as an opt-in to give users the choice of sharing more security-related data in order to get stronger security. This mode has shown that checking lists in real time brings significant value, so we decided to bring that to the default Standard protection mode through a new API – one that doesn\'t share the URLs of sites you visit with Google.
Introducing real-time, privacy-preserving Safe Browsing
How it works
In order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server. The server-side list can include unsafe sites as soon as they are discovered, so it is able to capture sites that switch quickly. It can also grow as large as needed because the |
Malware Mobile Cloud | ★★ | |
 |
2024-03-14 10:00:00 | Spyware commercial: la menace furtive Commercial spyware: The stealthy threat (lien direct) |
It can be difficult to over-estimate the benefits that we accrue from the use of technology in our day to day lives. But these benefits have come at a price which has redefined what we expect in terms of privacy. As a member of Generation X, which came of age at the dawn of the Internet era and witnessed the rise of an entire industry built on consumer information analytics, I have on occasion struck my own Faustian bargains, offering up my personal data in exchange for convenience. As have we all. In doing so we are implicitly trusting the organization that runs the website or app in question to safeguard our information effectively. Spyware, as the name suggests, is software designed to covertly gather data about a victim without their consent. Spyware can infect both computers and mobile devices, infiltrating them through malicious or hacked websites, phishing emails, and software downloads. Unlike other forms of malware that may seek to disrupt or damage systems, spyware operates discreetly, often evading detection while silently siphoning off sensitive information. When deployed against individuals this data can range from browsing habits and keystrokes to login credentials and financial information. Spyware can access microphones and cameras for purposes of gathering intelligence or evidence when deployed by government agencies, or capturing content for purposes of sale, blackmail, or other monetization schemes if deployed by threat actors. The effects of which can be devastating. The proliferation of commercial spyware poses significant risks to companies as well. Commercial spyware is a niche industry which develops and markets software for the purpose of data collection. Their products use many of the same methods as other kinds of malware. Often, commercial spyware leverages zero-day exploits that were either developed by the vendor in question or purchased from independent researchers. For example, in a recent report, Google researchers concluded that approximately half of the zero-day vulnerabilities targeting their products over the past decade were the work of “Commercial Surveillance Vendors” (https://www.scmagazine.com/news/spyware-behind-nearly-50-of-zeros-days-targeting-google-products). | Ransomware Malware Tool Vulnerability Threat Legislation Mobile Commercial | ★★ | |
|
2024-03-14 00:38:40 | Arnaque en ligne: fraude par téléphone Online Scam: Fraud Through My Phone (lien direct) |
l'appareil numérique que nous utilisons le plus dans notre vie quotidienne est le téléphone portable.Il est utilisé dans un large éventail d'activités quotidiennes telles que la communication, la recherche, le shopping, la paiement, la vérification de l'identité et l'investissement.Certaines personnes ne possèdent pas d'ordinateurs personnels, mais presque tout le monde de nos jours a des téléphones portables.Les escrocs visent les téléphones mobiles car ils sont les appareils les plus répandus et les plus utilisés.Ils utilisent un subterfuge et des escroqueries pour voler notre argent, nos informations et nos autorisations.Contenu ce texte ...
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, making payment, verifying identity, and investing. Some people do not own personal computers, but almost everyone these days have mobile phones. Scammers aim for mobile phones because they are the most widespread, most utilized devices. They use subterfuge and scams to steal our money, information, and permissions. Contents These Text... |
Mobile | ★★ | |
 |
2024-03-13 19:25:00 | Pixpirate Android Banking Trojan utilisant une nouvelle tactique d'évasion pour cibler les utilisateurs brésiliens PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (lien direct) |
Les acteurs de la menace derrière le Troie bancaire Android Pixpirate tirent parti d'une nouvelle astuce pour échapper à la détection sur des appareils compromis et récoltent des informations sensibles auprès des utilisateurs du Brésil.
L'approche lui permet de masquer l'icône de l'application malveillante à l'écran d'accueil de l'appareil de la victime, a déclaré IBM dans un rapport technique publié aujourd'hui.
«Merci à cette nouvelle technique, pendant la reconnaissance de Pixpirate
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app\'s icon from the home screen of the victim\'s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance |
Threat Mobile Technical | ★★ | |
 |
2024-03-13 16:31:19 | Correctifs importants pour Android (lien direct) | Google a publié de nouveaux correctifs pour Android, éliminant un total de 38 failles. | Mobile | ★★ | |
|
2024-03-13 14:13:05 | Pixpirate Android Malware utilise une nouvelle tactique pour se cacher sur les téléphones PixPirate Android malware uses new tactic to hide on phones (lien direct) |
La dernière version du Troie bancaire Pixpirate pour Android utilise une méthode auparavant invisible pour se cacher de la victime tout en restant actif sur l'appareil infecté même si son application compte-gouttes a été supprimée.[...]
The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [...] |
Malware Mobile | ★★★ | |
|
2024-03-13 10:00:00 | 25 conseils essentiels de cybersécurité et meilleures pratiques pour votre entreprise 25 Essential Cybersecurity tips and best practices for your business (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercrime is quickly becoming one of the biggest threats worldwide, impacting businesses across all sectors. To avoid the risk of a damaging security breach, it\'s crucial to stay updated on the latest cybersecurity tips and practices. Protecting yourself or your business from cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1. Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. | Ransomware Malware Tool Vulnerability Mobile Cloud | LastPass | ★★ |
|
2024-03-13 10:00:00 | \\ 'pixpirate \\' rat déclenche invisiblement les transferts de câbles des appareils Android \\'PixPirate\\' RAT Invisibly Triggers Wire Transfers From Android Devices (lien direct) |
Un Troie multitoué coupe l'application de transfert de fil du Brésil \\ du Brésil.Les logiciels malveillants similaires pourraient-ils faire de même à Venmo, Zelle ou PayPal?
A multitooled Trojan cuts apart Brazil\'s premier wire transfer app. Could similar malware do the same to Venmo, Zelle, or PayPal? |
Malware Mobile | ★★★ | |
|
2024-03-12 12:00:00 | Banque mobile et Bonnie et Clyde modernes: votre application est-elle sûre? Mobile Banking and The Modern Day Bonnie and Clyde: Is Your App Safe? (lien direct) |
> Nous vivons à une époque où nos vies sont liées à nos appareils.Avec la majorité des transactions bancaires passant des environnements physiques aux environnements numériques, la question de savoir à quel point ces forteresses financières sont impénétrables pour le numérique moderne Bonnie et Clyde sont plus urgents que jamais.Cyber-menaces sophistiquées, [& # 8230;]
>We live in an era where our lives are intertwined with our devices. With the majority of banking transactions moving from physical to digital environments, the question of just how impenetrable these financial fortresses are to the modern-day digital Bonnie and Clyde is more pressing than ever. Sophisticated cyber threats, […] |
Mobile | ★★ | |
|
2024-03-12 11:59:14 | Programme de récompense de vulnérabilité: 2023 Année en revue Vulnerability Reward Program: 2023 Year in Review (lien direct) |
Posted by Sarah Jacobus, Vulnerability Rewards Team
Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.
New Resources and Improvements
Just like every year, 2023 brought a series of changes and improvements to our vulnerability reward programs:
Through our new Bonus Awards program, we now periodically offer time-limited, extra rewards for reports to specific VRP targets.
We expanded our exploit reward program to Chrome and Cloud through the launch of v8CTF, a CTF focused on V8, the JavaScript engine that powers Chrome.
We launched Mobile VRP which focuses on first-party Android applications.
Our new Bughunters blog shared ways in which we make the internet, as a whole, safer, and what that journey entails. Take a look at our ever-growing repository of posts!
To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo. It included live hacking events and competitions, student training with our init.g workshops, and talks from researchers and Googlers. Stay tuned for details on ESCAL8 2024.
As in past years, we are sharing our 2023 Year in Review statistics across all of our programs. We would like to give a special thank you to all of our dedicated researchers for their continued work with our programs - we look forward to more collaboration in the future!
Android and Google Devices
In 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem. We awarded over $3.4 million in rewards to researchers who uncovered remarkable vulnerabilities within Android |
Vulnerability Threat Mobile Cloud Conference | ★★★ |
To see everything:
Our RSS (filtrered)
