This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-07T15:19:34+00:00 www.secnews.physaphae.fr SecurityWeek - Security News Les récentes attaques de chevaux de Troie d'Android Anatsa sont devenues plus ciblées, montrant une évolution des tactiques.

---

>Recent Anatsa Android banking trojan attacks have become more targeted, showing an evolution in tactics. ]]> 2024-02-20T11:34:54+00:00 https://www.securityweek.com/anatsa-android-banking-trojan-continues-to-spread-via-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8452698 False Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Anyone that utilizes technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so it is necessary that the methods of detecting and preventing these threats do so at an even more rapid pace. However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. The way in which we work has changed not just in where but also in how. Today employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations including on these devices, within corporate data centers, and in the cloud. This means that organizations likely need more than one technology to defend their endpoints against security breach or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine which are ideal for your particular environment. This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences, and explain how they can complement each other. This is not intended to be an exhaustive list and it should be noted that there are some technologies that may fall into more than one category, for example, endpoint and cloud security. Four key endpoint security technologies To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers. Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment.​ But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds. ​Although this may seem trivial, it is important to note because they all represent entry points into the network that can be exploited and opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter: Unified endpoint management (UEM) or mobile device management (MDM): There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once the devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located. A key feature of both UEM and MDM is that they allow an organization to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest O]]> 2024-02-20T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/a-fundamental-guide-to-endpoint-security www.secnews.physaphae.fr/article.php?IdArticle=8452746 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included]]> 2024-02-19T18:44:00+00:00 https://thehackernews.com/2024/02/meta-warns-of-8-spyware-firms-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=8452317 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play\'s enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.]]> 2024-02-19T15:59:00+00:00 https://thehackernews.com/2024/02/anatsa-android-trojan-bypasses-google.html www.secnews.physaphae.fr/article.php?IdArticle=8452280 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch The purveyor of the infamous Pegasus mobile spyware now has a new method for obtaining critical information from target iPhones and other mobile devices.]]> 2024-02-19T14:00:00+00:00 https://www.darkreading.com/application-security/nso-group-adds-mms-fingerprinting-zero-click-attack-spyware-arsenal www.secnews.physaphae.fr/article.php?IdArticle=8452310 False Mobile None 2.0000000000000000 SecurityWeek - Security News Les pirates chinois utilisent des chevaux de Troie Android et iOS pour obtenir les informations nécessaires pour voler de l'argent aux victimes \\ 'comptes bancaires.

---

>Chinese hackers use Android and iOS trojans to obtain information needed to steal money from victims\' bank accounts. ]]> 2024-02-19T10:10:05+00:00 https://www.securityweek.com/ios-trojan-collects-face-and-other-data-for-bank-account-hacking/ www.secnews.physaphae.fr/article.php?IdArticle=8452248 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. [...]]]> 2024-02-19T08:34:08+00:00 https://www.bleepingcomputer.com/news/security/anatsa-android-malware-downloaded-150-000-times-via-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8452306 False Malware,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais Expect it to be stable in June, ready for release sometime after July Google has delivered the first developer preview of Android 15.…]]> 2024-02-19T07:31:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/19/android_15_first_developer_preview/ www.secnews.physaphae.fr/article.php?IdArticle=8452196 False Mobile None 2.0000000000000000 Techworm - News 2024-02-18T00:52:16+00:00 https://www.techworm.net/2024/02/hackers-steal-face-id-scans-rob-bank-account.html www.secnews.physaphae.fr/article.php?IdArticle=8451568 False Malware,Threat,Mobile None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Low-level developer features include fs-verify support, more screen-sharing modes.]]> 2024-02-16T19:00:20+00:00 https://arstechnica.com/?p=2004059 www.secnews.physaphae.fr/article.php?IdArticle=8451050 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed des applications bancaires aux portefeuilles cryptographiques: Spynote Malware évolue pour un gain financier. Ceci est un article de HackRead.com Lire le post original: Spynote Android Spyware pose comme des portefeuilles cryptographiques légitimes, vole des fonds

---

>By Deeba Ahmed From Banking Apps to Crypto Wallets: SpyNote Malware Evolves for Financial Gain. This is a post from HackRead.com Read the original post: SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds]]> 2024-02-16T18:12:15+00:00 https://www.hackread.com/spynote-android-spyware-legit-crypto-wallets/ www.secnews.physaphae.fr/article.php?IdArticle=8451051 False Malware,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan.]]> 2024-02-15T22:03:54+00:00 https://www.darkreading.com/application-security/ios-malware-steals-faces-defeat-biometrics-ai-swaps www.secnews.physaphae.fr/article.php?IdArticle=8450576 False Malware,Mobile None 3.0000000000000000 Fortinet - Fabricant Materiel Securite FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.]]> 2024-02-15T18:24:00+00:00 https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies www.secnews.physaphae.fr/article.php?IdArticle=8450486 False Malware,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that\'s capable of harvesting identity documents, facial recognition data, and intercepting SMS. "The GoldPickaxe family is available for both iOS and Android platforms,"]]> 2024-02-15T15:01:00+00:00 https://thehackernews.com/2024/02/chinese-hackers-using-deepfakes-in.html www.secnews.physaphae.fr/article.php?IdArticle=8450362 False Malware,Threat,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Deepfake-enabled attacks against Android and iOS users are netting criminals serious cash Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts – thought to be a world first.…]]> 2024-02-15T14:00:15+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/15/cybercriminals_stealing_face_id/ www.secnews.physaphae.fr/article.php?IdArticle=8450421 False Malware,Threat,Mobile None 4.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Bittium SafeMove® Mobile VPN Approved for Securing RESTRICTED Level Classified Data in Finland - Business News]]> 2024-02-15T08:22:54+00:00 https://www.globalsecuritymag.fr/bittium-safemove-r-mobile-vpn-approved-for-securing-restricted-level-classified.html www.secnews.physaphae.fr/article.php?IdArticle=8450325 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain A new iOS and Android trojan named \'GoldPickaxe\' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [...]]]> 2024-02-15T03:00:00+00:00 https://www.bleepingcomputer.com/news/security/new-gold-pickaxe-android-ios-malware-steals-your-face-for-fraud/ www.secnews.physaphae.fr/article.php?IdArticle=8450338 False Malware,Mobile None 2.0000000000000000 TechRepublic - Security News US While LogMeOnce comes with a lot of the features we want in a password manager, it\'s held back by an unpolished user interface and a half-baked mobile application.]]> 2024-02-14T13:46:57+00:00 https://www.techrepublic.com/article/logmeonce-review/ www.secnews.physaphae.fr/article.php?IdArticle=8450003 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Une organisation politique pro-vie a obtenu les données de localisation des téléphones portables d'un courtier et l'a utilisée pour cibler les personnes qui avaient visité 600 cliniques d'avortement à travers le pays avec des publicités, a annoncé mardi le sénateur Ron Wyden (D-Or).Wyden demande maintenant à la Federal Trade Commission (FTC) et à la Securities and Exchange Commission (SEC) à agir rapidement

---

A pro-life political organization obtained mobile phone location data from a broker and used it to target people who had visited 600 abortion clinics across the country with advertisements, Senator Ron Wyden (D-OR) announced Tuesday. Wyden is now calling on the Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) to quickly take action]]> 2024-02-13T20:17:01+00:00 https://therecord.media/broker-sold-planned-parenthood-data-wyden www.secnews.physaphae.fr/article.php?IdArticle=8449715 False Mobile None 4.0000000000000000 GoogleSec - Firm Security Blog From its founding, Android has been guided by principles of openness, transparency, safety, and choice. Android gives you the freedom to choose which device best fits your needs, while also providing the flexibility to download apps from a variety of sources, including preloaded app stores such as the Google Play Store or the Galaxy Store; third-party app stores; and direct downloads from the Internet.Keeping users safe in an open ecosystem takes sophisticated defenses. That\'s why Android provides multiple layers of protections, powered by AI and backed by a large dedicated security & privacy team, to help to protect our users from security threats while continually making the platform more resilient. We also provide our users with numerous built-in protections like Google Play Protect, the world\'s most widely deployed threat detection service, which actively scans over 125 billion apps on devices every day to monitor for harmful behavior. That said, our data shows that a disproportionate amount of bad actors take advantage of select APIs and distribution channels in this open ecosystem. Elevating app security in an open ecosystem While users have the flexibility to download apps from many sources, the safety of an app can vary depending on the download source. Google Play, for example, carries out rigorous operational reviews to ensure app safety, including proper high-risk API use and permissions handling. Other app stores may also follow established policies and procedures that help reduce risks to users and their data. These protections often include requirements for developers to declare which permissions their apps use and how developers plan to use app data. Conversely, standalone app distribution sources like web browsers, messaging apps or file managers – which we commonly refer to as Internet-sideloading – do not offer the same rigorous requirements and operational reviews. Our data demonstrates that users who download from these sources today face unusually high security risks due to these missing protections. We recently launched enhanced Google Play Protect real-time scanning to help better protect users against novel malicious Internet-sideloaded apps. This enhancement is designed to address malicious apps that leverage various methods, such as AI, to avoid detection. This feature, now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, has already made a significant impact on user safety. As a result of the real-time scanning enhancement, Play Protect has identified 515,000 new malicious apps and issued more than 3.1 million warnings or blocks of those apps. Play Protect is constantly improving its detection capabilities with each identified app, allowing us to strengthen our protections for the entire Android ecosystem. A new pilot to combat financial fraud Cybercriminals continue to invest in advanced financial fraud scams, costing consumers more than $1 trillion in losses. According to the 2023 Global State of Scams Report by the Global Anti-Scam Alliance, 78 percent of mobile users surveyed experienced at least one scam in the last year. Of those surveyed, 45 percent said they\'re experiencing more scams in the last 12 months. The Global Scam Report also found that scams were most often initia]]> 2024-02-13T20:14:39+00:00 http://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from financial-fraud.html www.secnews.physaphae.fr/article.php?IdArticle=8451429 False Malware,Threat,Mobile None 2.0000000000000000 Zimperium - cyber risk firms for mobile MDM and MTD were made for each other. It was love at first byte. Read the love story. Live the romance. Truly better together ]]> 2024-02-13T18:08:03+00:00 https://www.zimperium.com/blog/mobile_device_management_mobile_threat_defense/ www.secnews.physaphae.fr/article.php?IdArticle=8449666 False Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Doubling down on the cloud We have come a long way from the initial cloud use case of test/dev. We’ve since moved to running production-grade applications in the cloud and are now entering the next phase of cloud application development – microservices and containerization. As the cloud becomes increasingly foundational to your organization, it is crucial to prioritize robust security for all cloud workloads. This includes ensuring top-performing endpoint security not only for VMs but a]]> 2024-02-12T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/secure-networking-starts-and-ends-at-the-endpoint www.secnews.physaphae.fr/article.php?IdArticle=8449355 False Mobile,Cloud None 2.0000000000000000 Techworm - News Dans un rapport publié cette semaine . & # 8220; Nous avons déjà signalé cette technique à Google et ils travaillent déjà sur la mise en œuvre d'atténuations pour empêcher ce type d'exécution automatique dans une future version Android. & # 8221; Afin de tromper l'utilisateur, le malware se déguise en application légitime, faisant souvent semblant d'être le navigateur Web Google Chrome.Il utilise des chaînes Unicode dans les noms d'applications pour l'obscurcissement, qui lui permet ensuite de rechercher des autorisations risquées sur l'appareil, comme l'envoi et l'accès au contenu SMS, et pour toujours s'exécuter en arrière. De plus, la fausse application Chrome demande également aux utilisateurs s'ils souhaitent le définir en tant qu'application SMS par défaut sous le prétexte que cela aidera à empêcher le spam. En outre, le malware utilise également des messages de phishing, dont le contenu est extrait du champ bio (ou description) à partir de profils frauduleux Pinterest, qui sont ensuite envoyés aux smartphones infectés pour échapper à la détection par le logiciel antivirus. Si le malware n'est pas en mesure d'accéder à Pinterest, il utilise alors des messages de phishing codés en dur qui informent les victimes potentielles qu'il y a quelque chose de louche avec leur compte bancaire et qu'ils doivent prendre des mesures immédiates. Les chercheurs de McAfee \\ ont noté que certains messages contextuels malveillants demandaient des autorisations en anglais, coréen, français, japonais, allemand et hindi, ce qui indique également des cibles actuelles de Xloader.Ils croient qu'en plus du Japon, le malware cible également les utilisateurs d'Android en Corée du Sud, en France, en Allemagne et en Inde. Pour rester protégé contre les logiciels malveillants Xloader, il est conseillé aux utilisateurs de ne pas lacharger les applications ou d'ouvrir des URL courtes dans les messages texte et d'être très prudents tout en accordant des autorisations aux applications qu'ils installent.Limitez également le nombre d'applications installées sur votre téléphone Android et installez les applications uniquement à partir de développeurs réputés. En outre, activez Google Play Protect sur votre smartphone Android afin]]> 2024-02-10T22:35:42+00:00 https://www.techworm.net/2024/02/android-xloader-malware-automatic.html www.secnews.physaphae.fr/article.php?IdArticle=8448724 False Spam,Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week. "While the app is]]> 2024-02-09T19:04:00+00:00 https://thehackernews.com/2024/02/new-variant-of-moqhao-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8448386 False Malware,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts]]> 2024-02-08T15:47:00+00:00 https://thehackernews.com/2024/02/google-starts-blocking-sideloading-of.html www.secnews.physaphae.fr/article.php?IdArticle=8447969 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...]]]> 2024-02-08T13:34:14+00:00 https://www.bleepingcomputer.com/news/security/android-xloader-malware-can-now-auto-execute-after-installation/ www.secnews.physaphae.fr/article.php?IdArticle=8448120 False Malware,Mobile None 2.0000000000000000 SecurityWeek - Security News Google Play Protect bloquera l'installation de demandes de téléchargement de côté demandant des autorisations fréquemment abusées par des fraudeurs.

---

>Google Play Protect will block the installation of sideloaded applications requesting permissions frequently abused by fraudsters. ]]> 2024-02-08T12:39:48+00:00 https://www.securityweek.com/google-announces-enhanced-fraud-protection-for-android/ www.secnews.physaphae.fr/article.php?IdArticle=8448020 False Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks they can prevent. Moreover, we’ll review the benefits and drawbacks of built-in and third-party antivirus software. How does antivirus work? Scanning, removing, preventing – these are the 3 main stages of how an antivirus works. Once you install an AV, it scans every email, app, and file. During this process, it compares the results with its database. If something is off, the antivirus marks it as malware. Then, the AV either quarantines the malicious files or entirely obliterates them. And while all that is happening, a reliable antivirus runs smoothly in the background, preventing intruders from harming your devices and stealing your data. According to Datto’s global research, Windows device users should be the most concerned about their safety. Around 91% of gadgets that use this OS have been targeted by ransomware attacks. Nevertheless, none of the OS are entirely immune to various online perils. Whether using a Mac, Windows, or Android device, it’s better to be safe than sorry and use an AV. That way, you won’t put yourself, your devices, or your precious data at risk. What threats can a Windows antivirus prevent? As we briefly mentioned, a reliable antivirus can protect your device from online dangers. There are a few most common ones. Below, you’ll find them and what threat they pose: Viruses: These malicious programs multiply and spread from one computer to another. Viruses can attach themselves to programs and files, damage the system, and let other malware in. ]]> 2024-02-08T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/do-you-still-need-antivirus-protection-for-windows-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8448060 False Ransomware,Malware,Threat,Mobile None 3.0000000000000000 McAfee Labs - Editeur Logiciel Rédigé par Dexter Shin Moqhao est une famille de logiciels malveillants Android bien connue associée au groupe d'actrice de menace Mantis itinérante d'abord ...

---

> Authored by Dexter Shin  MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first... ]]> 2024-02-08T07:29:53+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/ www.secnews.physaphae.fr/article.php?IdArticle=8447922 False Malware,Threat,Mobile None 2.0000000000000000 Techworm - News Google\'s Threat Analysis Group (TAG) on Tuesday revealed that government hackers ta]]> 2024-02-08T00:00:33+00:00 https://www.techworm.net/2024/02/iphone-owners-targeted-by-government-hackers-says-google.html www.secnews.physaphae.fr/article.php?IdArticle=8447764 False Tool,Vulnerability,Threat,Mobile,Commercial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The initiative aim to tackle mobile fraud by auto-blocking apps seeking sensitive permissions]]> 2024-02-07T16:30:00+00:00 https://www.infosecurity-magazine.com/news/google-csa-android-fraud-new-pilot/ www.secnews.physaphae.fr/article.php?IdArticle=8447720 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. [...]]]> 2024-02-07T13:57:34+00:00 https://www.bleepingcomputer.com/news/security/google-tests-blocking-side-loaded-android-apps-with-risky-permissions/ www.secnews.physaphae.fr/article.php?IdArticle=8447757 False Mobile None 2.0000000000000000 Wired Threat Level - Security News Here\'s how to ditch that old alarm clock and use StandBy mode on iPhone and Bedtime mode on Android instead.]]> 2024-02-07T13:00:00+00:00 https://www.wired.com/story/how-to-use-phone-as-bedside-clock/ www.secnews.physaphae.fr/article.php?IdArticle=8447630 False Mobile None 2.0000000000000000 The Register - Site journalistique Anglais Vyommitra, your multitasking, bilingual, female space friend, will fly before the long-delayed Gaganyaan flies in 2025 India\'s Space Research Organisation (ISRO) will send a humanoid robot astronaut into this space this year, then send it back alongside actual humans in 2025 on its long-delayed Gaganyaan orbital mission.…]]> 2024-02-07T05:37:26+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/07/india_humanoid_space/ www.secnews.physaphae.fr/article.php?IdArticle=8447530 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Les fermetures sur Internet au Sénégal se sont poursuivies pour une deuxième journée en tant que gouvernement du pays, dirigé par le président Macky Sall, Officiellement ému Élections prévues ce mois-ci jusqu'à la fin de l'année.Le ministre des Communications libéré Une commande sur Internet mobile en suspension du dimanche et des chiens de surveillance de la connectivité netblocks et Cloudflare CONSUSTIQUE CONSUSSIBLE AVAIT ENCOIRE ENCORE Qêtre étranglé.

---

Internet shutdowns in Senegal continued for a second day as the country\'s government, led by President Macky Sall, officially moved elections scheduled this month to the end of the year. The Minister of Communications released an order on Sunday suspending mobile internet, and connectivity watchdogs NetBlocks and CloudFlare confirmed that access was indeed being throttled.]]> 2024-02-06T22:26:20+00:00 https://therecord.media/senegal-shuts-internet-postpones-elections www.secnews.physaphae.fr/article.php?IdArticle=8447440 False Mobile None 4.0000000000000000 SecurityWeek - Security News Android \'s Février 2024 Patchs de sécurité résoudre 46 vulnérabilités, y compris un bug d'exécution de code distant critique.

---

>Android\'s February 2024 security patches resolve 46 vulnerabilities, including a critical remote code execution bug. ]]> 2024-02-06T12:22:10+00:00 https://www.securityweek.com/critical-remote-code-execution-vulnerability-patched-in-android/ www.secnews.physaphae.fr/article.php?IdArticle=8447259 False Vulnerability,Mobile None 3.0000000000000000 SecurityWeek - Security News Plus de 60 des Adobe, Google, Android, Microsoft, Mozilla et Apple Zero-Days qui ont été révélés depuis 2016 attribués à des fournisseurs de logiciels espions.

---

>More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors.  ]]> 2024-02-06T10:49:32+00:00 https://www.securityweek.com/google-links-over-60-zero-days-to-commercial-spyware-vendors/ www.secnews.physaphae.fr/article.php?IdArticle=8447244 False Studies,Mobile,Commercial None 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description ESET researchers have discovered a new cyber espionage campaign that uses twelve Android apps carrying VajraSpy, a remote access trojan (RAT) used by the Patchwork APT group. Six of the apps were available on Google Play, and six were found on VirusTotal. The apps were advertised as messaging tools, and one posed as a news app. VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code. It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera. The campaign targeted users mostly in Pakistan, and the threat actors likely used targeted honey-trap romance scams to lure their victims into installing the malware. #### Reference URL(s) 1. https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ #### Publication Date February 1, 2024 #### Author(s) Lukas Stefanko ]]> 2024-02-05T21:31:30+00:00 https://community.riskiq.com/article/b8134bfa www.secnews.physaphae.fr/article.php?IdArticle=8447349 False Malware,Tool,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between]]> 2024-02-05T18:48:00+00:00 https://thehackernews.com/2024/02/patchwork-using-romance-scam-lures-to.html www.secnews.physaphae.fr/article.php?IdArticle=8446926 False Malware,Threat,Mobile None 3.0000000000000000 SecurityWeek - Security News Google announces $1 million investment in improving Rust\'s interoperability with legacy C++ codebases. ]]> 2024-02-05T17:01:00+00:00 https://www.securityweek.com/google-contributes-1-million-to-rust-says-it-prevented-hundreds-of-android-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8446994 False Vulnerability,Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog annoncé que Google rejoignait la Fondation Rust.À l'époque, Rust était déjà largement utilisée sur Android et d'autres produits Google.Notre annonce a souligné notre engagement à améliorer les examens de sécurité du code de la rouille et son interopérabilité avec le code C ++.La rouille est l'un des outils les plus forts que nous avons pour résoudre les problèmes de sécurité de la sécurité mémoire.Depuis cette annonce, les leaders de l'industrie et agences gouvernementales sentiment. Nous sommes ravis d'annoncer que Google a fourni une subvention de 1 million de dollars à la Rust Foundation pour soutenir les efforts qui amélioreront la capacité de Rust Code à interopérer avec les bases de code C ++ héritées existantes.Nous réapparaisons également notre engagement existant envers la communauté de la rouille open source en agrégant et en publiant Audits pour les caisses de rouille que nous utilisons dans les projets Google open-source.Ces contributions, ainsi que notre contributions précédentes à l'interopérabilité , ont-ellesenthousiasmé par l'avenir de la rouille. "Sur la base des statistiques historiques de la densité de la densité de vulnérabilité, Rust a empêché de manière proactive des centaines de vulnérabilités d'avoir un impact sur l'écosystème Android.Cet investissement vise à étendre l'adoption de la rouille sur divers composants de la plate-forme. » & # 8211;Dave Kleidermacher, vice-président de l'ingénierie, Android Security & AMP;Confidentialité Bien que Google ait connu la croissance la plus importante de l'utilisation de la rouille dans Android, nous continuons à augmenter son utilisation sur plus d'applications, y compris les clients et le matériel de serveur. «Bien que la rouille ne soit pas adaptée à toutes les applications de produits, la priorisation de l'interopérabilité transparente avec C ++ accélérera l'adoption de la communauté plus large, s'alignant ainsi sur les objectifs de l'industrie d'améliorer la sécurité mémoire.» & # 8211;Royal Hansen, vice-président de Google de la sécurité et de l'AMP;Sécurité L'outillage de rouille et l'écosystème prennent déjà en charge interopérabilité avec Android et avec un investissement continuDans des outils comme cxx , autocxx , bindgen , cbindgen , diplomate , et crubit, nous constatons des améliorations régulières de l'état d'interopérabilité de la rouille avec C ++.Au fur et à mesure que ces améliorations se sont poursuivies, nous avons constaté une réduction des obstacles à l'adoption et à l'adoption accélérée de la rouille.Bien que ces progrès à travers les nombreux outils se poursuivent, il ne se fait souvent que développer progressivement pour répondre aux besoins particuliers d'un projet ou d'une entreprise donnée. Afin d'accélérer à la fois l'adoption de la rouill]]> 2024-02-05T11:59:31+00:00 http://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html www.secnews.physaphae.fr/article.php?IdArticle=8446993 False Tool,Vulnerability,Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates suspects parrainés par l'État indien ont utilisé des escroqueries romantiques pour attirer les victimes du Pakistan pour installer des applications malveillantes, infectant leurs appareils par des logiciels malveillants d'espionnage, selon de nouvelles recherches.Le groupe, connu sous le nom de patchwork, a créé au moins 12 applications Android malveillantes, y compris MeetMe, le chat de Let \\, le chat rapide et le rafaqat, et les a distribués via Google Play et autres

---

Suspected Indian state-sponsored hackers have used romance scams to lure victims in Pakistan into installing malicious apps, infecting their devices with spying malware, according to new research. The group, known as Patchwork, created at least 12 malicious Android apps, including MeetMe, Let\'s Chat, Quick Chat, and Rafaqat, and distributed them through Google Play and other]]> 2024-02-01T15:21:36+00:00 https://therecord.media/india-linked-hackers-target-pakistan-with-spyware www.secnews.physaphae.fr/article.php?IdArticle=8445611 False Malware,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. [...]]]> 2024-02-01T13:19:38+00:00 https://www.bleepingcomputer.com/news/security/more-android-apps-riddled-with-malware-spotted-on-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8445687 False Malware,Mobile None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group]]> 2024-02-01T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8445802 False Mobile None 3.0000000000000000 Korben - Bloger francais 2024-02-01T08:00:00+00:00 https://korben.info/retournez-au-twitter-2015-extension-old-twitter-layout-2023-fonctionnalites.html www.secnews.physaphae.fr/article.php?IdArticle=8445475 False Mobile None 3.0000000000000000 Techworm - News a déclaré Général James dans un communiqué de presse. «De nombreux New-Yorkais comptent sur les services bancaires en ligne pour payer les factures ou pour économiser pour de grandes jalons, et si une banque ne peut pas sécuriser ses comptes de clients, ils échouent dans leur devoir le plus élémentaire.Il n'y a aucune excuse pour l'échec de Citi \\ à protéger et à empêcher des millions de dollars d'être volés des comptes des clients et mon bureau ne radrera pas le comportement illégal de grandes banques. » Le procureur général a également donné des exemples de victimes de New York perdant des dizaines de milliers de dollars en raison d'une fraude.Dans un exemple, une victime a cliqué sur un lien malveillant dans le message reçu qui semblait provenir de Citi, qui lui a demandé de se connecter à un site Web ou d'appeler sa branche locale.Lorsque le client a appelé sa succursale locale pour signaler l'activité suspecte, il aurait dit à la victime de ne pas s'en soucier. Trois jours plus tard, le client a découvert qu'un escroc a changé son mot de passe bancaire, inscrit à des virements métalliques en ligne, transféré 70 000 $ de ses économies à son compte courant, puis exécuté électroniquement un transfert métallique de 40 000 $.Le client a continué à contacter la banque pendant des semaines et a également soumis des affidavits, mais finalement, on lui a dit que sa demande de fraude avait été refusée. Dans un communiqué, Citibank a déclaré que la société "travaillait extrêmement dur" pour prévenir les menaces pour ses clients et les aide à récupérer les pertes lorsque cela est possible. «Les banques ne sont pas tenues de rendre les clients entiers lorsque ces clients suivent les instructions des criminels et les banques ne peuvent voir aucune indication que les clients sont trompés.Cependant, compte tenu de la poussée à l'échelle de l'industrie de la fraude par fil au cours des dernières années, nous avons pris des mesures proactives pour protéger nos clients avec des comptes de sécurité, des outils de prévention de la fraude intuitifs, des idées claires sur les dernières escroqueries,et stimuler la sensibilisation et l'éducation des clients », a ajouté l'entreprise. «Nos actions ont considérablement réduit les pertes de fraude par fil du client, et nous restons déterminés à investir dans des mesures de]]> 2024-02-01T00:00:20+00:00 https://www.techworm.net/2024/02/citibank-sued-for-failing-to-protect-customers-against-hacks.html www.secnews.physaphae.fr/article.php?IdArticle=8445482 False Tool,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers. [...]]]> 2024-01-31T14:15:23+00:00 https://www.bleepingcomputer.com/news/security/exploit-released-for-android-local-elevation-flaw-impacting-7-oems/ www.secnews.physaphae.fr/article.php?IdArticle=8445295 False Threat,Mobile None 3.0000000000000000 Wired Threat Level - Security News Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.]]> 2024-01-31T12:00:00+00:00 https://www.wired.com/story/apple-google-zero-day-flaws-critical-update-january-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8445149 False Vulnerability,Threat,Mobile None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes]]> 2024-01-31T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/eset-research-podcast-chatgpt-moveit-hack-pandora/ www.secnews.physaphae.fr/article.php?IdArticle=8445436 False Ransomware,Hack,Mobile ChatGPT 3.0000000000000000 Zataz - Magazine Francais de secu 2024-01-30T23:43:17+00:00 https://www.zataz.com/fuite-de-donnees-pour-les-objets-connectes-passant-par-things-mobile/ www.secnews.physaphae.fr/article.php?IdArticle=8444981 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch The tech giant says that being more open to comply with EU regulations brings risks such as malware, fraud, and scams.]]> 2024-01-30T21:55:00+00:00 https://www.darkreading.com/endpoint-security/apple-warns-iphone-sideloading-increase-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8444945 False Malware,Mobile None 3.0000000000000000 Zimperium - cyber risk firms for mobile IBM Security s'associe à Zimperium pour offrir aux organisations une solution complète pour gérer et protéger leur écosystème mobile.

---

>IBM Security joins forces with Zimperium to offer organizations a comprehensive solution to manage and protect their mobile ecosystem. ]]> 2024-01-30T15:15:27+00:00 https://zimpstage.wpengine.com/blog/ibm-security-maas360-announces-partnership-with-zimperium/ www.secnews.physaphae.fr/article.php?IdArticle=8447469 False Mobile None 1.00000000000000000000 Zimperium - cyber risk firms for mobile IBM Security s'associe à Zimperium pour offrir aux organisations une solution complète pour gérer et protéger leur écosystème mobile.

---

>IBM Security joins forces with Zimperium to offer organizations a comprehensive solution to manage and protect their mobile ecosystem. ]]> 2024-01-30T15:15:27+00:00 https://www.zimperium.com/blog/ibm-security-maas360-announces-partnership-with-zimperium/ www.secnews.physaphae.fr/article.php?IdArticle=8444840 False Mobile None 1.00000000000000000000 Global Security Mag - Site de news francais Points de Vue]]> 2024-01-30T14:18:18+00:00 https://www.globalsecuritymag.fr/nis2-pourquoi-faut-il-s-y-preparer-sans-attendre.html www.secnews.physaphae.fr/article.php?IdArticle=8444817 False Mobile None 2.0000000000000000 ZoneAlarm - Security Firm Blog Des enquêtes récentes ont révélé que plusieurs applications iPhone ont exploité des notifications système pour accéder illicitement aux utilisateurs & # 8217;Informations privées, incitant Apple à appliquer des directives de surveillance plus strictes et à mettre à jour les directives dans l'App Store pour empêcher de telles violations de confidentialité.Les notifications, conçues pour fournir aux utilisateurs des informations et des rappels en temps opportun, ont été manipulées par certaines applications pour recueillir des données personnelles & # 8230;

---

>Recent investigations have revealed that several iPhone applications have exploited system notifications to illicitly access users’ private information, prompting Apple to enforce stricter oversight and update guidelines within the App Store to prevent such privacy violations. Notifications, designed to provide users with timely information and reminders, were manipulated by certain applications to gather personal data … ]]> 2024-01-30T13:51:14+00:00 https://blog.zonealarm.com/2024/01/iphone-apps-exploit-notifications-for-data-collection/ www.secnews.physaphae.fr/article.php?IdArticle=8444787 False Threat,Mobile None 2.0000000000000000 GoogleSec - Firm Security Blog passkeys-the easier, safer alternative to passwords. Passkeys are safer because they\'re unique to each account, and are more resistant against online attacks such as phishing. They\'re easier to use because there\'s nothing for you to remember: when it\'s time to sign in, using a passkey is as simple as unlocking your device with your face or fingerprint, or your PIN/pattern/password. Google is working to accelerate passkey adoption. We\'ve launched support for passkeys on Google platforms such as Android and Chrome, and recently we announced that we\'re making passkeys a default option across personal Google Accounts. We\'re also working with our partners across the industry to make passkeys available on more websites and apps. Recently, we took things a step further. As part of last December\'s Pixel Feature Drop, we introduced a new feature to Google Password Manager: passkey upgrades. With this new feature, Google Password Manager will let you discover which of your accounts support passkeys, and help you upgrade with just a few taps. This new passkey upgrade experience is now available on Pixel phones (starting from Pixel 5a) as well as Pixel Tablet. Google Password manager will incorporate these updates for other platforms in the future. Best of all, today we\'re happy to announce that we\'ve teamed up with Adobe, Best Buy, DocuSign, eBay, Kayak, Money Forward, Nintendo, PayPal, Uber, Yahoo! Japan-and soon, TikTok as well, to help bring you this easy passkey upgrade experience and usher you into the passwordless future. If you have an account with one of these early launch partners, Google Password Manager on Pixel will helpfully guide you to the exact location on the partner\'s website or app where you can upgrade to a passkey. There\'s no need to manually hunt for the option in acc]]> 2024-01-30T12:00:18+00:00 http://security.googleblog.com/2024/01/upgrade-to-passkeys-on-pixel-with-google-password-manager.html www.secnews.physaphae.fr/article.php?IdArticle=8444905 False Mobile Uber 3.0000000000000000 The Register - Site journalistique Anglais 2024-01-30T10:15:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/30/fairberry_fairphone_hardware_qwerty/ www.secnews.physaphae.fr/article.php?IdArticle=8444736 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Deux groupes d'acteurs de menace, à savoir Cybo Crew et Unit8200, vendent apparemment la même base de données avec un prix de 3 000 $ Ceci est un article de HackRead.com Lire le post original: Acteurs de menace vendant une base de données de 1,8 To des utilisateurs mobiles indiens

---

>By Deeba Ahmed Two groups of threat actors, namely CYBO CREW and UNIT8200, are apparently selling the same database with a price tag of $3,000. This is a post from HackRead.com Read the original post: Threat Actors Selling 1.8TB Database of Indian Mobile Users]]> 2024-01-29T20:41:30+00:00 https://www.hackread.com/hacker-selling-1-8tb-database-india-mobile-users/ www.secnews.physaphae.fr/article.php?IdArticle=8444540 False Threat,Mobile None 2.0000000000000000 Soc Radar - Blog spécialisé SOC The SOCRadar Dark Web Team identified critical incidents in the cyber threat landscape over the... ]]> 2024-01-29T10:57:54+00:00 https://socradar.io/eu-amp-us-credit-cards-750m-indian-mobile-data-at-risk-subway-hit-by-lockbit/ www.secnews.physaphae.fr/article.php?IdArticle=8444370 False Threat,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais It takes more than open source, it takes open standards and consensus Opinion  Today, thanks to Android and ChromeOS, Linux is an important end-user operating system. But, before Linux, there were important Unix desktops, although most of them never made it.…]]> 2024-01-27T12:33:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/27/opinion_column/ www.secnews.physaphae.fr/article.php?IdArticle=8443774 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch An investigation into 2021 intrusions uncovered multiple infections on the phones of journalists in the African country.]]> 2024-01-26T14:00:00+00:00 https://www.darkreading.com/endpoint-security/pegasus-spyware-togolese-journalists-mobile-devices www.secnews.physaphae.fr/article.php?IdArticle=8443428 False Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Work in progress, approach with caution Google has added a fresh round of features to Project IDX, its cloud-based development environment.…]]> 2024-01-26T01:37:35+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/26/google_project_idx_cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8443209 False Mobile None 3.0000000000000000 Wired Threat Level - Security News Anyone hoping to save all of their WhatsApp chats on their Android phone may need to snag a Google One subscription soon.]]> 2024-01-24T12:00:00+00:00 https://www.wired.com/story/whatsapp-android-google-drive-backup/ www.secnews.physaphae.fr/article.php?IdArticle=8442507 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch The new iOS update includes Stolen Device Protection which limits what users can do on their iPhones when away from known locations (such as home or work), to prevent criminals from making unauthorized changes.]]> 2024-01-23T21:00:00+00:00 https://www.darkreading.com/endpoint-security/apple-adds-device-security-to-protect-from-thieves- www.secnews.physaphae.fr/article.php?IdArticle=8442301 False Mobile None 3.0000000000000000 Wired Threat Level - Security News OnePlus\' new $800 Android phone has all the specs you\'d want, and looks very polished to boot.]]> 2024-01-23T15:00:00+00:00 https://www.wired.com/review/oneplus-12/ www.secnews.physaphae.fr/article.php?IdArticle=8442141 False Mobile None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-01-23T14:54:56+00:00 https://blog.incogni.com/call-privately-on-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8442147 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Appdome Extends Mobile Bot Defense Leadership Announces Fully Portable Bot Defense for Any Web Application Firewall and New Bot Defense Data in ThreatScope™ Mobile XDR - Product Reviews]]> 2024-01-23T13:00:32+00:00 https://www.globalsecuritymag.fr/appdome-extends-mobile-bot-defense.html www.secnews.physaphae.fr/article.php?IdArticle=8442105 False Mobile None 2.0000000000000000 Korben - Bloger francais 2024-01-23T08:00:00+00:00 https://korben.info/decouverte-jeux-videos-avec-radion.html www.secnews.physaphae.fr/article.php?IdArticle=8442033 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed]]> 2024-01-22T22:05:00+00:00 https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html www.secnews.physaphae.fr/article.php?IdArticle=8441737 False Mobile None 3.0000000000000000 Zimperium - cyber risk firms for mobile Alors que nous accueillons la nouvelle année, les entreprises du monde entier se préparent à la croissance et à l'expansion.Plongez \\ dans certains des menaces que les appareils mobiles peuvent faire face et explorer comment la défense des menaces mobiles de Zimperium (MTD) peut aider les entreprises à protéger votre entreprise.

---

>As we welcome the new year, businesses around the world are gearing up for growth and expansion. Let\'s dive into some of the threats mobile devices can face and explore how Zimperium Mobile Threat Defense (MTD) can help enterprises protect your enterprise.  ]]> 2024-01-22T21:03:51+00:00 https://www.zimperium.com/blog/new-year-new-hires-new-devices-kick-start-the-year-with-endpoint-security/ www.secnews.physaphae.fr/article.php?IdArticle=8441838 False Threat,Mobile None 2.0000000000000000 UnderNews - Site de news "pirate" francais Cloner un téléphone est si simple que même un enfant peut comprendre ce qu’il faut faire. Il suffit de prendre l’appareil, de le connecter à l’ordinateur, de cliquer sur quelques boutons et c’est tout. Nous l’avons tous fait à un moment ou à un autre de notre vie. C’est tellement pratique pour la sauvegarde des […] The post Comment cloner un téléphone Android en secret : 3 méthodes simples first appeared on UnderNews.]]> 2024-01-22T18:27:55+00:00 https://www.undernews.fr/telephonie-phreaking-voip/comment-cloner-un-telephone-android-en-secret-3-methodes-simples.html www.secnews.physaphae.fr/article.php?IdArticle=8442232 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future L'une des banques en ligne les plus populaires d'Ukraine \\, Monobank, a été ciblée par une attaque de déni de service distribué (DDOS) - la dernière d'une vague continue d'incidents contre les institutions financières ukrainiennes.Selon le PDG de la société \\, Oleh Horokhovskyi, la banque a dû faire face à ses La plus grande attaque de tous les temps , avec 580 millions de demandes de service sur troisjours.Pendant

---

One of Ukraine\'s most popular online banks, Monobank, was targeted by a distributed denial-of-service (DDoS) attack over the weekend - the latest in an ongoing wave of incidents against Ukrainian financial institutions. According to the company\'s CEO, Oleh Horokhovskyi, the bank faced its largest attack ever, with 580 million service requests over three days. During]]> 2024-01-22T17:07:00+00:00 https://therecord.media/monobank-ukraine-ddos www.secnews.physaphae.fr/article.php?IdArticle=8441757 False Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Touts custom kernel that creams Linux, coming soon for devs and later for punters Huawei last week detailed a major release of its HarmonyOS that will see the Chinese giant break with the Linux ecosystem.…]]> 2024-01-22T06:28:10+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/22/huawei_harmony_os_next/ www.secnews.physaphae.fr/article.php?IdArticle=8441540 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Ambient light sensors on smart-device screens can effectively be turned into a camera, opening up yet another path to snooping on unwitting victims.]]> 2024-01-19T16:36:00+00:00 https://www.darkreading.com/endpoint-security/iphone-android-ambient-light-sensors-stealthy-spying www.secnews.physaphae.fr/article.php?IdArticle=8440704 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it\'s being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass]]> 2024-01-19T10:25:00+00:00 https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html www.secnews.physaphae.fr/article.php?IdArticle=8440517 False Vulnerability,Mobile None 3.0000000000000000 Zimperium - cyber risk firms for mobile L'année dernière a connu des progrès technologiques importants dans la gestion bancaire et financière qui ont considérablement amélioré la commodité pour les clients tout en augmentant les risques de sécurité qui ne devraient pas être pris à la légère.Le secteur financier a transformé les appareils mobiles en un guichet automatique personnel pour les clients, offrant des services allant des paiements [& # 8230;]

---

>The past year has witnessed significant technological advancements in the banking and financial management which have greatly improved convenience for customers while also increasing security risks that should not be taken lightly. The financial industry has transformed mobile devices into a personal ATM for customers, offering services ranging from payments […] ]]> 2024-01-19T02:05:00+00:00 https://www.zimperium.com/blog/mobile-banking-heists-emerging-threats-and-how-to-respond/ www.secnews.physaphae.fr/article.php?IdArticle=8440760 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft plans to provide Windows 11 users with almost instant access to photos and screenshots they\'ve taken on their Android smartphones. [...]]]> 2024-01-18T14:42:53+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-instant-access-to-android-photos-in-windows-11/ www.secnews.physaphae.fr/article.php?IdArticle=8440396 False Mobile None 2.0000000000000000 Wired Threat Level - Security News Preorders are live for Samsung\'s newest Android phones. We break down the key specs to help you choose the right one.]]> 2024-01-18T12:00:00+00:00 https://www.wired.com/story/which-samsung-galaxy-s24-model-to-buy/ www.secnews.physaphae.fr/article.php?IdArticle=8440238 False Mobile None 1.00000000000000000000 TechRepublic - Security News US Explore the best VPNs for Android devices. Find out which VPN offers the best security, speed and features for your Android device.]]> 2024-01-17T18:41:15+00:00 https://www.techrepublic.com/article/best-vpn-for-android/ www.secnews.physaphae.fr/article.php?IdArticle=8439985 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group\'s Pegasus, QuaDream\'s Reign, and Intellexa\'s Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file]]> 2024-01-17T15:52:00+00:00 https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8439832 False Mobile,Technical None 3.0000000000000000 Bleeping Computer - Magazine Américain A previously unknown cybercrime syndicate named \'Bigpanzi\' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [...]]]> 2024-01-17T13:54:47+00:00 https://www.bleepingcomputer.com/news/security/bigpanzi-botnet-infects-170-000-android-tv-boxes-with-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8439994 False Malware,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. [...]]]> 2024-01-17T13:03:47+00:00 https://www.bleepingcomputer.com/news/security/ishutdown-scripts-can-help-detect-ios-spyware-on-your-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8439972 False Mobile None 3.0000000000000000 Silicon - Site de News Francais 2024-01-17T09:49:06+00:00 https://www.silicon.fr/iphone-apple-devient-le-numero-un-mondial-des-smartphones-475039.html www.secnews.physaphae.fr/article.php?IdArticle=8439816 False Mobile None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Apple beat all the Android OEMs while selling dramatically more expensive phones.]]> 2024-01-16T18:04:00+00:00 https://arstechnica.com/?p=1996271 www.secnews.physaphae.fr/article.php?IdArticle=8439636 False Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog. Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster. And just like that, off we went - to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago. With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead? Maturing the industry: It’s the business that matters. Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls. Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction. Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams. Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating. The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider. Cybersecurity budgets are changing, creating an approach to get funding differently. This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing - in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem. The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different. As computing moves closer to the data source, every deployment should contribute to the b]]> 2024-01-16T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/unusual-thought-provoking-predictions-for-cybersecurity-in-2024 www.secnews.physaphae.fr/article.php?IdArticle=8439503 False Tool,Mobile,Prediction,Cloud,Technical None 3.0000000000000000 Bleeping Computer - Magazine Américain GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [...]]]> 2024-01-14T10:32:54+00:00 https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8438993 False Threat,Mobile None 3.0000000000000000 TroyHunt - Blog Security After iOS 16 reintroduced lock screen widgets, Google is dusting off its old code.]]> 2024-01-12T19:14:35+00:00 https://arstechnica.com/?p=1995664 www.secnews.physaphae.fr/article.php?IdArticle=8438369 False Mobile None 3.0000000000000000 Korben - Bloger francais 2024-01-12T08:00:00+00:00 https://korben.info/nearby-share-guide-android-windows-file-sharing.html www.secnews.physaphae.fr/article.php?IdArticle=8438182 False Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog previous blog post detailing MiraclePtr and its objectives. More platforms We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes: In June 2022, we enabled MiraclePtr for the browser process on Windows and Android. In September 2022, we expanded its coverage to include all processes except renderer processes. In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux. Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level! Evaluating Security Impact First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness. Bug reports Chrome vulnerability reports come from various sources, such as: Chrome Vulnerability Reward Program participants, our fuzzing infrastructure, internal and external teams investigating security incidents. For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria. What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues. Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever]]> 2024-01-11T14:18:14+00:00 http://security.googleblog.com/2024/01/miracleptr-protecting-users-from-use.html www.secnews.physaphae.fr/article.php?IdArticle=8440961 False Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 Techworm - News bloomberg report , Le Pékin Wangshendongjian, le Pékin de Chine, l'institut d'évaluation judiciaire de Wangshendongjian a développé une méthode pour faire un journal des appareils cryptés d'un iPhone \\ pour identifier les chiffres et les e-mails des expéditeurs qui partagent le contenu Airdrop. «Le cas des informations incorrectes diffusées via« Airdrop »sur les téléphones mobiles a permis les difficultés techniques de la traçabilité anonyme par Airdrop, a amélioré l'efficacité et la précision de la détection de cas, et a empêché la propagation des remarques inappropriées et une mauvaise influence potentielle,"Le Bureau municipal de la justice de Pékin a déclaré dans un ]]> 2024-01-10T23:15:50+00:00 https://www.techworm.net/2024/01/china-cracked-apple-airdrop-feature.html www.secnews.physaphae.fr/article.php?IdArticle=8437593 False Tool,Mobile,Technical None 4.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism The Lenovo ThinkBook Plus Gen 5 Hybrid combines the best (?) of both worlds.]]> 2024-01-10T20:43:43+00:00 https://arstechnica.com/?p=1995067 www.secnews.physaphae.fr/article.php?IdArticle=8437651 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A pro-Ukraine hacktivist group named \'Blackjack\' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [...]]]> 2024-01-10T14:43:52+00:00 https://www.bleepingcomputer.com/news/security/pro-ukraine-hackers-breach-russian-isp-in-revenge-for-kyivstar-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8437615 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Reports say M9 Telecom servers were destroyed in retaliation for Russia-backed cyberattack against Kyivstar mobile phone operator.]]> 2024-01-10T03:00:00+00:00 https://www.darkreading.com/ics-ot-security/ukraine-claims-revenge-hack-against-moscow-internet-provider www.secnews.physaphae.fr/article.php?IdArticle=8437299 False Hack,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Nothing under exploit… Is this the calm before the storm? Patch Tuesday  Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.…]]> 2024-01-09T22:37:34+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/ www.secnews.physaphae.fr/article.php?IdArticle=8437325 False Mobile None 2.0000000000000000 The Register - Site journalistique Anglais 2024-01-09T15:04:14+00:00 https://go.theregister.com/feed/www.theregister.com/2024/01/09/ces_new_tech/ www.secnews.physaphae.fr/article.php?IdArticle=8437160 False Mobile None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain voler la broche : La deuxième nouvelle fonctionnalité notable est la possibilité d'interrompre les opérations biométriques sur l'appareil, comme les empreintes digitales et le déverrouillage du visage, en utilisant le service d'accessibilité pour forcer une reproche à la broche ou l'authentification du mot de passe. Le malware capture toutes les épingles et les mots de passe entre que la victime entre pour déverrouiller leur appareil et peut les utiliser plus tard pour déverrouiller l'appareil à volonté pour effectuer des activités malveillantes cachées. ...

---

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication. The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view. ...]]> 2024-01-09T12:03:11+00:00 https://www.schneier.com/blog/archives/2024/01/pin-stealing-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8437103 False Malware,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. [...]]]> 2024-01-09T09:48:59+00:00 https://www.bleepingcomputer.com/news/security/google-search-bug-shows-blank-page-in-firefox-for-android/ www.secnews.physaphae.fr/article.php?IdArticle=8437161 False Mobile None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2024-01-08T16:01:35+00:00 https://blog.incogni.com/how-to-delete-google-search-history/ www.secnews.physaphae.fr/article.php?IdArticle=8436675 False Mobile None 1.00000000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Comment activer la navigation privée sur & # 038;et aller incognito & # 124;iPhone & # 038;iPad Lire la suite "

---

… How to turn Private Browsing on & and go Incognito | iPhone & iPad Read More "]]> 2024-01-08T15:32:58+00:00 https://blog.incogni.com/turn-private-browsing-iphone-on-off/ www.secnews.physaphae.fr/article.php?IdArticle=8439920 False Mobile None 2.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé Comment arrêter les textes de spam sur Android & # 038;iPhone Lire la suite "

---

… How to stop spam texts on Android & iPhone Read More "]]> 2024-01-08T13:44:29+00:00 https://blog.incogni.com/stop-spam-texts/ www.secnews.physaphae.fr/article.php?IdArticle=8436612 False Spam,Mobile None 2.0000000000000000