This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T17:01:18+00:00 www.secnews.physaphae.fr Korben - Bloger francais 2024-05-02T18:13:04+00:00 https://korben.info/faille-android-attaque-dirty-stream-met-en-danger-vos-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8492574 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...]]]> 2024-05-02T16:20:51+00:00 https://www.bleepingcomputer.com/news/software/bitwarden-launches-new-mfa-authenticator-app-for-ios-android/ www.secnews.physaphae.fr/article.php?IdArticle=8492599 False Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft illustrated the severity of the issue via a case study involving Xiaomi\'s File Manager]]> 2024-05-02T15:30:00+00:00 https://www.infosecurity-magazine.com/news/android-flaw-apps-4-billion/ www.secnews.physaphae.fr/article.php?IdArticle=8492471 False Studies,Mobile None 2.0000000000000000 Korben - Bloger francais 2024-05-02T14:02:44+00:00 https://korben.info/etude-comparative-securite-android-ios.html www.secnews.physaphae.fr/article.php?IdArticle=8492440 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.]]> 2024-05-02T14:00:00+00:00 https://www.darkreading.com/endpoint-security/safeguarding-your-mobile-workforce www.secnews.physaphae.fr/article.php?IdArticle=8492414 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application\'s home directory, potentially leading to arbitrary code execution and secrets theft. [...]]]> 2024-05-02T12:02:45+00:00 https://www.bleepingcomputer.com/news/security/microsoft-warns-of-dirty-stream-attack-impacting-android-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8492473 False Mobile None 3.0000000000000000 Techworm - News 2024-05-01T20:17:03+00:00 https://www.techworm.net/2024/05/google-bounty-rce-bugs-android-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8491889 False Malware,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T19:46:49+00:00 https://community.riskiq.com/article/ddb0878a www.secnews.physaphae.fr/article.php?IdArticle=8492016 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android]]> 2024-05-01T19:11:00+00:00 https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8491840 False Malware,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Not a great omen if you were hoping to own a future RV smartphone – tho web giant says it hasn\'t totally given up Support for RISC-V was dropped from Android\'s Generic Kernel Image (GKI) thanks to a patch successfully merged today.…]]> 2024-05-01T17:47:45+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/01/riscv_support_android_pulled/ www.secnews.physaphae.fr/article.php?IdArticle=8491942 False Mobile None 2.0000000000000000 TroyHunt - Blog Security It sounds like the company is now blocking access from "bootleg" APKs.]]> 2024-05-01T16:48:29+00:00 https://arstechnica.com/?p=2020955 www.secnews.physaphae.fr/article.php?IdArticle=8491928 False Mobile None 2.0000000000000000 SecurityWeek - Security News Les chercheurs peuvent gagner jusqu'à 450 000 $ pour un rapport de vulnérabilité unique car Google augmente son programme de récompenses de vulnérabilité mobile.

---

>Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program. ]]> 2024-05-01T15:06:19+00:00 https://www.securityweek.com/google-boosts-bug-bounty-payouts-tenfold-in-mobile-app-security-push/ www.secnews.physaphae.fr/article.php?IdArticle=8491898 False Vulnerability,Mobile None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-05-01T12:03:00+00:00 https://www.computerweekly.com/news/366583075/Australias-Qantas-apologises-for-mobile-app-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8491929 False Data Breach,Mobile None 2.0000000000000000 SecurityWeek - Security News The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. ]]> 2024-05-01T11:57:52+00:00 https://www.securityweek.com/wpeeper-android-trojan-uses-compromised-wordpress-sites-to-shield-command-and-control-server/ www.secnews.physaphae.fr/article.php?IdArticle=8491811 False Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s National Cyber Security Centre claims its AMS model will protect firms from state-backed mobile threats]]> 2024-05-01T08:45:00+00:00 https://www.infosecurity-magazine.com/news/ncscs-mobile-risk-model-highthreat/ www.secnews.physaphae.fr/article.php?IdArticle=8491709 False Mobile None 2.0000000000000000 Korben - Bloger francais 2024-04-30T23:31:47+00:00 https://korben.info/rabbit-r1-gadget-ia-application-android.html www.secnews.physaphae.fr/article.php?IdArticle=8491526 False Mobile None 2.0000000000000000 Wired Threat Level - Security News Whether you\'re photo-editing or illustrating, the right drawing tablet can transform your workflow. These digital art slates are WIRED-tested and approved.]]> 2024-04-30T15:30:00+00:00 https://www.wired.com/gallery/best-drawing-tablets/ www.secnews.physaphae.fr/article.php?IdArticle=8491335 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [...]]]> 2024-04-30T14:33:51+00:00 https://www.bleepingcomputer.com/news/security/google-now-pays-up-to-450-000-for-rce-bugs-in-some-android-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8491419 False Vulnerability,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A new Android backdoor malware named \'Wpeeper\' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [...]]]> 2024-04-30T12:41:57+00:00 https://www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8491367 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023,]]> 2024-04-29T22:37:00+00:00 https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html www.secnews.physaphae.fr/article.php?IdArticle=8490784 False Malware,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais Third of a million developer accounts kiboshed, too Google says it stopped 2.28 million Android apps from being published in its official Play Store last year because they violated security rules.…]]> 2024-04-29T22:20:16+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/29/google_rejected_apps/ www.secnews.physaphae.fr/article.php?IdArticle=8490907 False Mobile None 3.0000000000000000 Techworm - News said in an analysis published on Thursday. According to ThreatFabric, Brokewell poses a significant threat to the banking industry, providing attackers with remote access to all assets available through mobile banking. The malware was discovered by the researchers while investigating a fake Google Chrome web browser “update” page, commonly used by cybercriminals to lure victims into downloading and installing malware. Looking at prior campaigns, the researchers found that Brokewell was used to target a popular “buy now, pay later” financial service and an Austrian digital authentication application. The malware is said to be in active development, with new commands added almost daily to capture every event on the device, from keystrokes and information displayed on screen to text entries and apps launched by the victim. Once downloaded, Brokewell creates an overlay screen on a targeted application to capture user credentials. It can also steal browser cookies by launching its own WebView, overriding the onPageFinished method, and dumping the session cookies after the user completes the login process. “Brokewell is equipped with “accessibility logging,” capturing every event happening on the device: touches, swipes, information displayed, text input, and applications opened. All actions are logged and sent to the command-and-control server, effectively stealing any confidential data displayed or entered on the compromised device,” the ThreatFabric researchers point out. “It\'s important to highlight that, in this case, any application is at risk of data compromise: Brokewell logs every event, posing a threat to all applications installed on the device. This piece of malware also supports a variety of “spyware” functionalities: it can collect information about the device, call history, geolocation, and record audio.” After stealing the credentials, the attackers can initiate a Device Takeover attack using remote control capabilities to perform screen streaming. It also provides the threat actor with a range of various commands that can be executed on the controlled device, such as touches, swipes, and clicks on specified elements. ThreatFabric discovered that one of the servers used as a command and control (C2) point for Brokewell was also used to host a repository called “Brokewell Cyber Labs,” created by a threat actor called “Baron Samedit.” This repository comprised the source code for the “Brokewell Android Loader,” another tool from the same developer designed to bypass restrictions Google introduced in Android 13 and later to prevent exploitation of Accessibility Service for side-loaded apps (APKs). According to ThreatFabric, Baron Samedit has been active for at least two years, providing tools to other cybercriminals to check stolen accounts from multiple services, which could still be improved to support a malware-as-a-service operation. “We anticipate further evolution of this malware family, as we’ve already observed almost daily updates to the malware. Brokewell will likely be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions,” the researchers conclude. Hence, the only way to effectively identify and prevent potential fraud from malware families like the newly discovered Brokewell is to use a comprehensive]]> 2024-04-29T22:01:20+00:00 https://www.techworm.net/2024/04/android-malware-hack-bank-account-chrome-update.html www.secnews.physaphae.fr/article.php?IdArticle=8490777 False Malware,Tool,Threat,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch Tracking code used for keeping tabs on how members navigated through the healthcare giant\'s online and mobile sites was oversharing a concerning amount of information.]]> 2024-04-29T19:46:08+00:00 https://www.darkreading.com/cyberattacks-data-breaches/13-4m-kaiser-insurance-members-affected-by-data-leak-to-online-advertisers www.secnews.physaphae.fr/article.php?IdArticle=8490831 False Mobile,Medical None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-29T16:05:58+00:00 https://community.riskiq.com/article/aa388c3b www.secnews.physaphae.fr/article.php?IdArticle=8490778 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial None 3.0000000000000000 Fortinet - Fabricant Materiel Securite We\'re pleased to announce several enhancements to FortiXDR, including support for iOS and Android mobile devices and threat hunting for containers. Read more.]]> 2024-04-29T15:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortixdr-capabilities-offer-expanded-coverage-from-pocket-to-cloud www.secnews.physaphae.fr/article.php?IdArticle=8490725 False Threat,Mobile None 2.0000000000000000 Zimperium - cyber risk firms for mobile Il est essentiel de reconnaître que la sécurité n'est pas synonyme de connaître vos menaces.Les logiciels de grande valeur ne peuvent pas être correctement protégés en adoptant arbitrairement l'obscurcissement du code et la protection de l'exécution seule.Pour obtenir une sécurité appropriée des applications, vous devez vous assurer que vos protections agissent contre les menaces actives et pertinentes.Traditionnellement, les entreprises ont protégé des logiciels critiques de [& # 8230;]

---

>It\'s essential to recognize that security is not synonymous with knowing your threats. High-value software cannot be adequately protected by arbitrarily embracing code obfuscation and runtime protection alone. To achieve proper application security, you must ensure your protections act against active and relevant threats. Traditionally, businesses have safeguarded critical software from […] ]]> 2024-04-29T13:00:00+00:00 https://www.zimperium.com/blog/turn-on-the-lights-why-runtime-protection-matters-for-mobile-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8490644 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user\'s security. [...]]]> 2024-04-29T12:00:00+00:00 https://www.bleepingcomputer.com/news/security/google-rejected-228-million-risky-apps-from-play-store-in-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8490728 False Mobile None 1.00000000000000000000 Bleeping Computer - Magazine Américain Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user\'s security. [...]]]> 2024-04-29T12:00:00+00:00 https://www.bleepingcomputer.com/news/security/google-rejected-228-million-risky-android-apps-from-play-store-in-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8490755 False Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog 1 in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes. We have also strengthened our developer onboarding and review processes, requiring more identity information when developers first establish their Play accounts. Together with investments in our review tooling and processes, we identified bad actors and fraud rings more effectively and banned 333K bad accounts from Play for violations like confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were rejected or remediated to ensure proper use of sensitive permissions such as background location or SMS access. To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps. We also significantly expanded the Google Play SDK Index, which now covers the SDKs used in almost 6 million apps across the Android ecosystem. This valuable resource helps developers make better SDK choices, boosts app quality and minimizes integration risks. Protecting the Android Ecosystem Building on our success with the App Defense Alliance (ADA), we partnered with Microsoft and Meta as steering committee members in the newly restructured ADA under the Joint Development Foundation, part of the Linux Foundation family. The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks. Additionally, we announced new Play Store transparency labeling to highlight VPN apps that have completed an independent security review through App Defense Alliance\'s Mobile App Security Assessment (MASA). When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data safety section. This helps users see at-a-glance that a developer has prioritized security and privacy best practices and is committed to user safety. ]]> 2024-04-29T11:59:47+00:00 http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8493536 False Malware,Tool,Threat,Mobile None 3.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Nouvelle alerte de logiciels malveillants Android!Brokewell vole les données, prend en charge les appareils & # 038;cible votre banque.Apprenez comment fonctionne ce malware sournois & # 038;Ce que vous pouvez faire pour vous protéger.Arrêtez Brokewell avant de vous arrêter! Ceci est un article de HackRead.com Lire le post original: Les fausses mises à jour Chrome cachent des logiciels malveillants Android Brokewell ciblant votre banque

---

>By Deeba Ahmed New Android malware alert! Brokewell steals data, takes over devices & targets your bank. Learn how this sneaky malware works & what you can do to protect yourself. Stop Brokewell before it stops you! This is a post from HackRead.com Read the original post: Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank]]> 2024-04-29T10:25:22+00:00 https://www.hackread.com/fake-chrome-updates-android-brokewell-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8490594 False Malware,Mobile None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Should sideloading Chrome on an old smart TV really compromise your entire account?]]> 2024-04-26T19:35:47+00:00 https://arstechnica.com/?p=2020252 www.secnews.physaphae.fr/article.php?IdArticle=8489240 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,]]> 2024-04-26T16:12:00+00:00 https://thehackernews.com/2024/04/new-brokewell-android-malware-spread.html www.secnews.physaphae.fr/article.php?IdArticle=8489006 False Malware,Mobile None 2.0000000000000000 SecurityWeek - Security News A new Android trojan named Brokewell can steal user\'s sensitive information and allows attackers to take over devices. ]]> 2024-04-26T14:08:40+00:00 https://www.securityweek.com/powerful-brokewell-android-trojan-allows-attackers-to-takeover-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8489108 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.]]> 2024-04-25T21:59:15+00:00 https://www.darkreading.com/endpoint-security/most-chinese-keyboard-apps-vulnerable-to-eavesdropping www.secnews.physaphae.fr/article.php?IdArticle=8488735 False Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot ThreatFabric analysts have discovered a new mobile malware family called "Brokewell" that poses a significant threat to the banking industry. The malware is equipped with both data-stealing and remote-control capabilities, allowing attackers to gain remote access to all assets available through mobile banking. ## Description Brokewell uses overlay attacks to capture user credentials and can steal cookies by launching its own WebView. The malware also supports a variety of "spyware" functionalities, including collecting information about the device, call history, geolocation, and recording audio. After stealing the credentials, the actors can initiate a Device Takeover attack using remote control capabilities, giving them full control over the infected device. The malware is in active development, with new commands added almost daily.  ThreatFabric analysts discovered a fake browser update page designed to install an Android application that was used to distribute the malware. The malware is believed to be promoted on underground channels as a rental service, attracting the interest of other cybercriminals and sparking new campaigns targeting different regions. ## References [https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware](https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware) [https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/](https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/)]]> 2024-04-25T18:53:33+00:00 https://community.riskiq.com/article/99a5deee www.secnews.physaphae.fr/article.php?IdArticle=8488684 False Malware,Threat,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch Mobile malware-as-a-service operators are upping their game by automatically churning out hundreds of unique samples on a whim.]]> 2024-04-25T18:01:42+00:00 https://www.darkreading.com/endpoint-security/godfather-banking-trojan-spawns-1k-samples-57-countries www.secnews.physaphae.fr/article.php?IdArticle=8488669 False Mobile None 2.0000000000000000 Korben - Bloger francais 2024-04-25T08:19:38+00:00 https://korben.info/openelm-apple-modeles-ia-open-source-appareils.html www.secnews.physaphae.fr/article.php?IdArticle=8488428 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...]]]> 2024-04-25T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/ www.secnews.physaphae.fr/article.php?IdArticle=8488547 False Malware,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-24T13:29:58+00:00 https://www.globalsecuritymag.fr/adm21-et-vecow-lancent-ecs-4700-box-pc-compact-robuste-de-qualite-marine.html www.secnews.physaphae.fr/article.php?IdArticle=8488014 False Mobile,Industrial None 2.0000000000000000 Silicon - Site de News Francais 2024-04-24T11:06:01+00:00 https://www.silicon.fr/apple-lue-serait-prete-a-approuver-son-plan-pour-ouvrir-lacces-nfc-478069.html www.secnews.physaphae.fr/article.php?IdArticle=8487947 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Les applications de clavier populaires divulguent les données utilisateur!Citizen Lab rapporte que 8 Android Imes sur 9 exposent des touches.Changez le vôtre & # 038;protéger les mots de passe! Ceci est un article de HackRead.com Lire le post original: Les applications de clavier populaires divulguent les données des utilisateurs: milliards potentiellement exposés

---

>By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed]]> 2024-04-24T11:03:04+00:00 https://www.hackread.com/keyboard-apps-leak-user-data-billion-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=8487922 False Mobile None 2.0000000000000000 GoogleSec - Firm Security Blog The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues such as security violations or soon-to-be-deprecated APIs, from users\' browsers from all over the world. Collecting reports is often as simple as specifying an endpoint URL in the HTTP header; the browser will automatically start forwarding reports covering the issues you are interested in to those endpoints. However, processing and analyzing these reports is not that simple. For example, you may receive a massive number of reports on your endpoint, and it is possible that not all of them will be helpful in identifying the underlying problem. In such circumstances, distilling and fixing issues can be quite a challenge. In this blog post, we\'ll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them. We\'ll also introduce an open source solution, so you can easily replicate Google\'s approach to processing reports and acting on them. How does the Reporting API work? Some errors only occur in production, on users\' browsers to which you have no access. You won\'t see these errors locally or during development because there could be unexpected conditions real users, real networks, and real devices are in. With the Reporting API, you directly leverage the browser to monitor these errors: the browser catches these errors for you, generates an error report, and sends this report to an endpoint you\'ve specified. How reports are generated and sent. Errors you can monitor with the Reporting API include: Security violations: Content-Security-Policy (CSP), Cross-Origin-Opener-Policy (COOP), Cross-Origin-Embedder-Policy (COEP) Deprecated and soon-to-be-deprecated API calls Browser interventions Permissions policy And more For a full list of error types you can monitor, see use cases and report types. The Reporting API is activated and configured using HTTP response headers: you need to declare the endpoint(s) you want the browser to send reports to, and which error types you want to monitor. The browser then sends reports to your endpoint in POST requests whose payload is a list of reports. Example setup:#]]> 2024-04-23T13:15:47+00:00 http://security.googleblog.com/2024/04/uncovering-potential-threats-to-your.html www.secnews.physaphae.fr/article.php?IdArticle=8493538 False Malware,Tool,Vulnerability,Mobile,Cloud None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Rivalry with Apple now mirrors the Android/iOS competition more than ever.]]> 2024-04-22T21:19:56+00:00 https://arstechnica.com/?p=2019154 www.secnews.physaphae.fr/article.php?IdArticle=8487058 False Mobile None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les secteurs fédéral, étatique, gouvernemental local et éducation continuent d'être les plus ciblés par les cyberattaques aux États-Unis.Selon les organismes de recherche, d'éducation et de recherche sur les points de contrôle, connaissent 1 248 par semaine, en moyenne & # 8212;la plupart de toute industrie.Le gouvernement et les organisations militaires connaissent 1 034 par semaine, quatrième parmi toutes les industries.De plus, les organisations gouvernementales et militaires ont connu des attaques plus élevées que la moyenne de types de logiciels malveillants notables, notamment l'infostaler, le mobile, le ransomware et le botnet.Dans le secteur de l'éducation, les recherches sur les points de contrôle ont révélé des volumes d'attaque supérieurs à la moyenne d'infostaler, de ransomwares et de malwares de botnet.Pour aider à lutter contre ces menaces, vérifiez [& # 8230;]

---

>The federal, state, local government and education sectors continue to be the most targeted by cyberattacks in the United States. According to Check Point Research, education and research organizations experience 1,248 per week, on average — the most of any industry. The government and military organizations experience 1,034 per week, fourth among all industries. Further, government and military organizations have seen higher than average attacks of notable malware types, including Infostealer, mobile, ransomware and botnet. In the education sector, Check Point research found higher than average attack volumes of Infostealer, ransomware and botnet malwares. To help combat these threats, Check […] ]]> 2024-04-22T13:00:33+00:00 https://blog.checkpoint.com/security/taking-steps-toward-achieving-fedramp/ www.secnews.physaphae.fr/article.php?IdArticle=8486829 False Ransomware,Malware,Mobile None 2.0000000000000000 TroyHunt - Blog Security Google says the new “Platform and Devices” team will let it move faster.]]> 2024-04-18T20:12:55+00:00 https://arstechnica.com/?p=2018279 www.secnews.physaphae.fr/article.php?IdArticle=8484927 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.]]> 2024-04-18T16:01:00+00:00 https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html www.secnews.physaphae.fr/article.php?IdArticle=8484686 False Malware,Mobile,Technical None 2.0000000000000000 Wired Threat Level - Security News The third generation of Nothing\'s clear-plastic AirPod clones is here, and they\'re some of the best wireless earbuds for Android.]]> 2024-04-18T10:45:00+00:00 https://www.wired.com/review/nothing-ear-nothing-ear-a/ www.secnews.physaphae.fr/article.php?IdArticle=8484659 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A new Android banking malware named \'SoumniBot\' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...]]]> 2024-04-17T17:38:28+00:00 https://www.bleepingcomputer.com/news/security/soumnibot-malware-exploits-android-bugs-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8484367 False Malware,Mobile None 2.0000000000000000 Korben - Bloger francais 2024-04-17T15:35:50+00:00 https://korben.info/atlas-robot-humanoide-electrique-boston-dynamics.html www.secnews.physaphae.fr/article.php?IdArticle=8484269 False Mobile None 2.0000000000000000 IT Security Guru - Blog Sécurité Offre un générateur de phrase de passe intégrée pour renforcer la sécurité C'est apparu pour la première fois sur gourou de la sécurité informatique .

---

Today Keeper Security have announced the addition of a passphrase generator to Keeper Web Vault, with support on mobile and for the browser extension coming soon. The release also includes an update to the existing password generator which provides users with new options to meet specific password requirements. In addition to being able to include […] The post Keeper Security Offers Built-In Passphrase Generator to Strengthen Security first appeared on IT Security Guru. ]]> 2024-04-17T14:58:18+00:00 https://www.itsecurityguru.org/2024/04/17/keeper-security-offers-built-in-passphrase-generator-to-strengthen-security/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-offers-built-in-passphrase-generator-to-strengthen-security www.secnews.physaphae.fr/article.php?IdArticle=8484179 False Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.]]> 2024-04-17T10:00:28+00:00 https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/ www.secnews.physaphae.fr/article.php?IdArticle=8484029 False Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   With Russia\'s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group\'s operations in support of Moscow\'s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia\'s conventional forces than in any other previous phase of the conflict. To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia\'s military campaign.  Yet the threat posed by Sandworm is far from limited to Ukraine. Mandiant continues to see operations from the group that are global in scope in key political, military, and economic hotspots for Russia. Additionally, with a record number of people participating in national elections in 2024, Sandworm\'s history of attempting to interfere in democratic processes further elevates the severity of the threat the group may pose in the near-term.  Given the active and diffuse nature of the threat posed by Sandworm globally, Mandiant has decided to graduate the group into a named Advanced Persistent Threat: APT44. As part of this process, we are releasing a report, “APT44: Unearthing Sandworm”, that provides additional insights into the group\'s new operations, retrospective insights, and context on how the group is adjusting to support Moscow\'s war aims. Key Findings  Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. While most state-backed threat groups tend to specialize in a specific mission such as collecting intelligence, sabotaging networks, or conducting information operations, APT44 stands apart in how it has honed each of these capabilities and sought to integrate them into a unified playbook over time. Each of these respective components, and APT44\'s efforts to blend them for combined effect, are foundational to Russia\'s guiding “information confrontation” concept for cyber warfare. Figure 1: APT44\'s spectrum of operations APT44 has aggressively pursued a multi-]]> 2024-04-17T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm/ www.secnews.physaphae.fr/article.php?IdArticle=8500396 False Malware,Tool,Threat,Mobile,Cloud NotPetya 2.0000000000000000 Global Security Mag - Site de news francais Malwares

---

ESET Research découvre de fausses applications de messagerie disponibles sur le Web et Google Play • eXotic Visit est une campagne d\'espionnage qui cible l\'Asie du Sud. • Sur Android, les logiciels malveillants imitent des applications de messagerie. • Ces fausses applications sont disponibles sur des sites Web et Google Play. • Les applications contiennent du code d\'Android XploitSPY RAT (open source). • Les auteurs ont adapté leur code en y ajoutant de l\'obfuscation. • ESET Research ne peut attribuer en l\'état cette campagne à un groupe spécifique. - Malwares]]> 2024-04-17T09:34:09+00:00 https://www.globalsecuritymag.fr/eset-research-decouvre-de-fausses-applications-de-messagerie-disponibles-sur-le.html www.secnews.physaphae.fr/article.php?IdArticle=8484022 False Mobile None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-04-17T08:45:30+00:00 https://blog.incogni.com/block-no-caller-id-on-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8483986 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...]]]> 2024-04-16T15:52:14+00:00 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/ www.secnews.physaphae.fr/article.php?IdArticle=8483648 False Vulnerability,Mobile None 2.0000000000000000 Zimperium - cyber risk firms for mobile Les appareils mobiles sont la pierre angulaire des opérations d'entreprise, permettant la flexibilité, la productivité et la connectivité comme jamais auparavant.À une époque où l'agilité et l'accessibilité sont primordiales, les employés et les fonctionnaires comptent fortement sur leurs appareils mobiles pour accéder aux informations critiques, quel que soit le lieu.Cependant, assurer la sécurité de ces appareils est nécessaire [& # 8230;]

---

>Mobile devices are the cornerstone of enterprise operations, enabling flexibility, productivity, and connectivity like never before. In an era where agility and accessibility are paramount, employees and officials rely heavily on their mobile devices to access critical information, regardless of location. However, ensuring the security of these devices is necessary […] ]]> 2024-04-16T15:42:43+00:00 https://www.zimperium.com/blog/securing_mobility_navigating_the_nist_enterprise_mobile_device_lifecycle/ www.secnews.physaphae.fr/article.php?IdArticle=8483558 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Upstream Security Receives Investment from Cisco Investments as the Demand for IoT Cybersecurity Soars Connected vehicles and mobile IoT devices introduce additional layers of cyber risks, posing threats to operational availability and sensitive data security - Business News]]> 2024-04-16T07:54:36+00:00 https://www.globalsecuritymag.fr/upstream-security-receives-investment-from-cisco-investments.html www.secnews.physaphae.fr/article.php?IdArticle=8483284 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2024-04-16T07:42:31+00:00 https://www.globalsecuritymag.fr/hid-smart-spaces-et-cohesion-annoncent-une-nouvelle-fonctionnalite-d.html www.secnews.physaphae.fr/article.php?IdArticle=8483286 False Mobile None 2.0000000000000000 Korben - Bloger francais 2024-04-15T21:32:39+00:00 https://korben.info/youtube-contre-attaque-bloqueurs-pubs-mobile.html www.secnews.physaphae.fr/article.php?IdArticle=8483020 False Mobile None 2.0000000000000000 TroyHunt - Blog Security No one wants to build an Android satellite phone, so Google is going to do it.]]> 2024-04-15T18:25:53+00:00 https://arstechnica.com/?p=2017214 www.secnews.physaphae.fr/article.php?IdArticle=8482959 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed \'F_Warehouse,\' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team said in a report published last]]> 2024-04-15T14:34:00+00:00 https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8482613 False Threat,Mobile None 2.0000000000000000 Wired Threat Level - Security News Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.]]> 2024-04-13T10:30:00+00:00 https://www.wired.com/story/roku-breach-hits-567000-users/ www.secnews.physaphae.fr/article.php?IdArticle=8481339 False Ransomware,Mobile None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Apple a émis des alertes de sécurité iPhone sur 92 pays, déclarant que leurs appareils ont été ciblés par une attaque de logiciels spymétrique mercenaire, exprimant une grande confiance dans l'avertissement. Ceci est un article de HackRead.com Lire le post original: utilisateurs d'iPhoneDans 92 pays ciblés par des attaques de logiciels espions mercenaires

---

>By Deeba Ahmed Apple has issued iPhone security alerts to 92 countries, stating that their devices have been targeted by a mercenary spyware attack, expressing high confidence in the warning. This is a post from HackRead.com Read the original post: iPhone Users in 92 Countries Targeted by Mercenary Spyware Attacks]]> 2024-04-12T21:47:54+00:00 https://www.hackread.com/iphone-users-mercenary-spyware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8480995 False Mobile None 2.0000000000000000 Techworm - News 9to5Google rapporte que la société envoie désormais un e-mail à Google One utilisateurs pour les informer de sa fermeture. «En mettant l'accent sur la fourniture des fonctionnalités et des avantages les plus demandés, nous cessons la livraison gratuite pour sélectionner des commandes imprimées de Google Photos (au Canada, au Royaume-Uni, aux États-Unis et à l'UE) à partir du 15 mai etVPN par Google One plus tard cette année », lit l'e-mail envoyé aux utilisateurs. Bien que l'e-mail ne mentionne pas la raison spécifique de la fermeture ou la date de clôture exacte du service VPN Google One, un porte-parole de l'entreprise a déclaré à 9to5Google que la société abandonnait la fonctionnalité VPN en raison de l'équipe & # 8220;Les gens trouvés n'étaient tout simplement pas utilisés. & # 8221; Le porte-parole a également ajouté que la dépréciation permettra à l'équipe de «recentrer» et de «prendre en charge des fonctionnalités plus demandées avec Google One». Cependant, les propriétaires des smartphones de Pixel 7 de Google et au-dessus pourront toujours utiliser la fonction VPN intégrée gratuite par Google One après qu'il n'est pas disponible via l'application Paramètres sur les périphériques Pixel. De plus, la fonction VPN disponible avec Google Fi Wireless Service sera également disponible. Outre ce qui précède, Google a également annoncé la disponibilité de Magic Editor, un outil de retouche photo basé sur l'IA dans Google Photos, à tous les utilisateurs de Pixel, qui était initialement limité aux utilisateurs de Pixel 8 et Pixel 8 Pro.

---

Google has announced that it is shutting down its free add-on service, VPN by Google One, in the coming months after it was launched less than four years ago. For those unaware, in October 2020, Google rolled out a free virtual private network (VPN) service called “VPN by Google One” in select countries to all customers with 2TB or higher subscription plans on Google One, its subscription-based cloud storage service. Further, the free VPN service was advertised as an “extra layer of online protection for your Android phone” and that allows for “peace of mind that your data is safe.” However, 9to5Google reports that the company is now emailing Google One users to notify them of its shutdown. “With a focus on providing the most in-demand features and benefits, we\'re discontinuing free shipping for select print orders from Google Photos (in Canada, the UK, US, and EU) starting on May 15 and VPN by Google One later this year,” reads the email sent to the users. Although the email doesn\'t mention the specific reason for the shutdown or the exact closing date for the Google One VPN service, a company spokesperson told 9to5Google that the company is discontinuing the VPN feature because the team “found people simply weren\'t using it.” The spokesperson also adde]]> 2024-04-12T21:24:21+00:00 https://www.techworm.net/2024/04/vpn-google-one-shut-down-year.html www.secnews.physaphae.fr/article.php?IdArticle=8480831 False Tool,Mobile,Cloud None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Google should be barred from “treating Epic differently,” Epic Games says.]]> 2024-04-12T18:43:24+00:00 https://arstechnica.com/?p=2016966 www.secnews.physaphae.fr/article.php?IdArticle=8480931 False Mobile None 2.0000000000000000 TechRepublic - Security News US Apple recommends that iPhone users install software updates, use strong passwords and 2FA, and don\'t open links or attachments from suspicious emails to keep their device safe from spyware.]]> 2024-04-12T16:54:38+00:00 https://www.techrepublic.com/article/apple-threat-notifications-mercenary-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8480847 False Mobile None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit]]> 2024-04-12T14:05:06+00:00 https://www.welivesecurity.com/en/videos/exotic-visit-exploitspy-malware-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8485908 False Malware,Mobile None 2.0000000000000000 ComputerWeekly - Computer Magazine 2024-04-12T13:29:00+00:00 https://www.computerweekly.com/news/366580752/Apple-iPhone-security-alert-renews-spyware-concerns www.secnews.physaphae.fr/article.php?IdArticle=8480874 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-12T13:18:43+00:00 https://therecord.media/android-mobile-spyware-western-sahara www.secnews.physaphae.fr/article.php?IdArticle=8480750 False Malware,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new cyber espionage campaign, called \'eXotic Visit,\' targeted Android users in South Asia via seemingly legitimate messaging apps]]> 2024-04-11T14:45:00+00:00 https://www.infosecurity-magazine.com/news/android-espionage-campaign-india/ www.secnews.physaphae.fr/article.php?IdArticle=8480062 False Mobile None 2.0000000000000000 Silicon - Site de News Francais 2024-04-11T11:57:29+00:00 https://www.silicon.fr/iphone-apple-accelere-la-fabrication-en-inde-477690.html www.secnews.physaphae.fr/article.php?IdArticle=8479963 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device. [...]]]> 2024-04-11T10:16:44+00:00 https://www.bleepingcomputer.com/news/security/apple-mercenary-spyware-attacks-target-iphone-users-in-92-countries/ www.secnews.physaphae.fr/article.php?IdArticle=8480058 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It\'s tracking the group behind the operation under the]]> 2024-04-10T19:54:00+00:00 https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8479379 False Malware,Threat,Mobile None 3.0000000000000000 Korben - Bloger francais 2024-04-10T13:49:39+00:00 https://korben.info/relief-maps-app-indispensable-aventures-outdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8479373 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with]]> 2024-04-09T19:15:00+00:00 https://thehackernews.com/2024/04/hackers-targeting-human-rights.html www.secnews.physaphae.fr/article.php?IdArticle=8478746 False Threat,Mobile None 3.0000000000000000 Korben - Bloger francais 2024-04-09T04:20:55+00:00 https://korben.info/android-studio-integre-gemini-pro-developpement-android-optimise.html www.secnews.physaphae.fr/article.php?IdArticle=8478474 False Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-08T16:24:08+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/evolving-threat-landscape-deep-dive-multichannel-attacks-targeting www.secnews.physaphae.fr/article.php?IdArticle=8478123 False Tool,Threat,Mobile,Cloud None 2.0000000000000000 Bleeping Computer - Magazine Américain Google is rolling out an upgraded Find My Device network to Android devices in the United States and Canada, almost one year after it was first unveiled during the Google I/O 2023 conference in May. [...]]]> 2024-04-08T14:50:43+00:00 https://www.bleepingcomputer.com/news/google/google-rolls-out-new-find-my-device-network-to-android-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8478263 False Mobile,Conference None 2.0000000000000000 GoogleSec - Firm Security Blog Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they\'re offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered protections across three main areas: data safeguards, safety-first protections, and user controls. This approach provides defense-in-depth for Find My Device users. How location crowdsourcing works on the Find My Device network The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. When the owner realizes they have lost their keys and logs into the Find My Device mobile app, they will be able to see the aggregated location contributed by nearby Android devices and locate their keys. Find My Device network protections Let\'s dive into key details of the multi-layered protections for the Find My Device network: Data Safeguards: We\'ve implemented protections that help ensure the privacy of everyone participating in the network and the crowdsourced location data that powers it. Location data is end-to-end encrypted. When Android devices participating in the network report the location of a Bluetooth tag, the location is end-to-end encrypted using a key that is only a]]> 2024-04-08T14:12:48+00:00 http://security.googleblog.com/2024/04/find-my-device-network-security-privacy-protections.html www.secnews.physaphae.fr/article.php?IdArticle=8486086 False Vulnerability,Threat,Mobile None 2.0000000000000000 SecurityWeek - Security News Crowdfense a annoncé un programme d'acquisition d'exploit de 30 millions de dollars couvrant Android, iOS, Chrome et Safari Zero-Days.

---

>Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. ]]> 2024-04-08T11:30:59+00:00 https://www.securityweek.com/company-offering-30-million-for-android-ios-browser-zero-day-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8478101 False Vulnerability,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam Cheung (aka]]> 2024-04-08T10:55:00+00:00 https://thehackernews.com/2024/04/google-sues-app-developers-over-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8477927 False Mobile None 2.0000000000000000 Korben - Bloger francais Suite]]> 2024-04-08T08:30:32+00:00 https://korben.info/incogni-applications-shopping.html www.secnews.physaphae.fr/article.php?IdArticle=8478028 False Mobile None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325.  This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied.  Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide]]> 2024-04-04T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement/ www.secnews.physaphae.fr/article.php?IdArticle=8500398 False Malware,Tool,Vulnerability,Threat,Studies,Mobile,Cloud Guam 3.0000000000000000 McAfee Labs - Editeur Logiciel Les smartphones ont activé un tout nouveau monde numérique, où les applications sont des passerelles à presque n'importe quel service imaginable.Cependant, comme ...

---

> Smartphones have enabled a whole new digital world, where apps are gateways to just about any service imaginable. However, like... ]]> 2024-04-04T13:54:50+00:00 https://www.mcafee.com/blogs/mobile-security/the-four-rs-of-personal-mobile-security/ www.secnews.physaphae.fr/article.php?IdArticle=8475893 False Mobile None 2.0000000000000000 Zimperium - cyber risk firms for mobile Dans le monde du commerce rapide, les menaces mobiles présentent des défis continus pour les détaillants mondiaux, ce qui a un impact sur les opérations orientées consommateurs et les tâches en coulisses.Avec la technologie de plus en plus intégrée dans tous les aspects des opérations de vente au détail, de la gestion des stocks à l'engagement des clients, les appareils mobiles sont devenus des outils indispensables.Cependant, cette dépendance à l'égard de la technologie mobile expose [& # 8230;]

---

>In the fast-paced world of commerce, mobile threats present ongoing challenges for global retailers, impacting both consumer-facing operations and behind-the-scenes tasks. With technology increasingly integrated into every aspect of retail operations, from inventory management to customer engagement, mobile devices have become indispensable tools. However, this reliance on mobile technology exposes […] ]]> 2024-04-04T12:00:00+00:00 https://www.zimperium.com/blog/navigating-the-digital-maze-secure-your-retail-business-from-mobile-cyberthreats/ www.secnews.physaphae.fr/article.php?IdArticle=8475833 False Tool,Mobile None 2.0000000000000000 TechRepublic - Security News US Explore the best password managers for Android devices that offer secure storage and easy access to your passwords. Find out which one suits your needs best.]]> 2024-04-04T11:28:13+00:00 https://www.techrepublic.com/article/best-android-password-manager/ www.secnews.physaphae.fr/article.php?IdArticle=8475834 False Mobile None 3.0000000000000000 The State of Security - Magazine Américain Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping. That\'s the opinion of researchers at GrapheneOS, who tweeted a thread about their findings on the vulnerabilities known as CVE-2024-29745 and CVE-2024-29748. The team at GrapheneOS...]]> 2024-04-04T09:49:51+00:00 https://www.tripwire.com/state-of-security/google-patches-pixel-phone-zero-days-after-exploitation-forensic-companies www.secnews.physaphae.fr/article.php?IdArticle=8475934 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the []]> 2024-04-03T21:40:00+00:00 https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8475338 False Vulnerability,Threat,Mobile None 3.0000000000000000 knowbe4 - cybersecurity services Une version trojanisée de l'application McAfee Security installe le Trojan Android Banking «Vultur», selon les chercheurs de Fox-It.Les attaquants diffusent des liens vers l'application malveillante via des SMS et des appels téléphoniques.

---

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls.]]> 2024-04-03T16:36:29+00:00 https://blog.knowbe4.com/malicious-app-impersonates-mcafee-to-distribute-malware www.secnews.physaphae.fr/article.php?IdArticle=8475327 False Malware,Mobile None 2.0000000000000000 SecurityWeek - Security News Google Patches 28 vulnérabilités dans Android et 25 bogues dans des appareils de pixels, y compris deux défauts exploités dans la nature.

---

>Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. ]]> 2024-04-03T09:43:20+00:00 https://www.securityweek.com/google-patches-exploited-pixel-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8475153 False Vulnerability,Mobile None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Non-profit organization MITRE announced Monday that its Engage team has introduced new mappings for techniques from the ATT&CK... ]]> 2024-04-02T11:26:02+00:00 https://industrialcyber.co/ics-security-framework/new-mitre-engage-mappings-released-for-attck-for-ics-attck-for-mobile/ www.secnews.physaphae.fr/article.php?IdArticle=8474585 False Mobile,Industrial None 2.0000000000000000 IT Security Guru - Blog Sécurité La sécurité du gardien annonce le soutien du clé de passe sur le soutien du clé de pass sur laLes appareils mobiles sont apparus pour la première fois sur gourou de la sécurité informatique .

---

Today, password management leaders Keeper Security have announced support for passkey management on iOS and Android mobile devices. With Keeper, passkeys are created, stored and managed in the Keeper Vault, and can be used to log in to websites and applications across all browsers and operating systems with ease. As long as you have access […] The post Keeper Security Announces Passkey Support on Mobile Devices first appeared on IT Security Guru. ]]> 2024-04-02T10:07:32+00:00 https://www.itsecurityguru.org/2024/04/02/keeper-security-announces-passkey-support-on-mobile-devices/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-announces-passkey-support-on-mobile-devices www.secnews.physaphae.fr/article.php?IdArticle=8474552 False Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-02T09:34:09+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-leader-kuppingercole-leadership-compass-email-security www.secnews.physaphae.fr/article.php?IdArticle=8474609 False Data Breach,Malware,Threat,Mobile,Commercial None 3.0000000000000000 Global Security Mag - Site de news francais calendrier

---

3 - 5 mars - Sydney ( Australie) Gartner Security & Risk Management Summit www.gartner.com/en/conferences/apac/security-risk-management-australia 5 - 6 mars - Barcelone (Espagne) Mobile World Congress www.mobileworldcongress.com 11 - 13 mars - Baton Rouge - Louisiane (USA) Critical Infrastructure Protection & Resilience North America www.ciprna-expo.com 12 - 13 mars - Londres (UK) Cloud Expo Europe & Data Centre World & Smart IOT Lieu : Centre d\'exposition d\'ExCel (...) - Calendrier ]]> 2024-04-01T19:30:00+00:00 https://www.globalsecuritymag.fr/mars-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8472639 False Mobile,Cloud,Conference None 3.0000000000000000 Global Security Mag - Site de news francais intime

---

3 - 5 March - Sydney ( Australia) Gartner Security & Risk Management Summit www.gartner.com/en/conferences/apac/security-risk-management-australia 5 - 6 March - Barcelona (Spain) Mobile World Congress www.mobileworldcongress.com 11 - 13 mars - Baton Rouge - Louisiane (USA) Critical Infrastructure Protection & Resilience North America www.ciprna-expo.com 12 - 13 March - London (UK) Cloud Expo Europe & Data Centre World & Smart IOT Place: Centre d\'exposition d\'ExCel (...) - Diary]]> 2024-04-01T19:15:00+00:00 https://www.globalsecuritymag.fr/march-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8472822 False Mobile,Cloud,Conference None 3.0000000000000000 SecurityWeek - Security News NCC Group researchers warn that the Android banking malware \'Vultur\' has been updated with device interaction and file tampering capabilities. ]]> 2024-04-01T15:52:06+00:00 https://www.securityweek.com/vultur-android-malware-gets-extensive-device-interaction-capabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8474121 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN\'s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user\'s device into a proxy node without their knowledge.]]> 2024-04-01T15:40:00+00:00 https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html www.secnews.physaphae.fr/article.php?IdArticle=8473977 False Threat,Mobile Satori 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-01T13:51:22+00:00 https://community.riskiq.com/article/0bb98406 www.secnews.physaphae.fr/article.php?IdArticle=8474062 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted]]> 2024-04-01T11:34:00+00:00 https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html www.secnews.physaphae.fr/article.php?IdArticle=8473892 False Mobile None 2.0000000000000000 Korben - Bloger francais 2024-04-01T05:00:00+00:00 https://korben.info/smartphone-xiaomi-dites-adieu-a-cette-option-que-vous-adorez.html www.secnews.physaphae.fr/article.php?IdArticle=8473872 False Mobile None 2.0000000000000000