This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-23T14:39:50+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine The MOVEit hack, OpenAI service targeting and Android spyware top the threat landscape in H2 2023, according to ESET]]> 2023-12-27T10:00:00+00:00 https://www.infosecurity-magazine.com/news/2023-threat-dominated-ai-android/ www.secnews.physaphae.fr/article.php?IdArticle=8429718 False Threat,Hack,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. [...]]]> 2023-12-27T09:14:41+00:00 https://www.bleepingcomputer.com/news/security/iphone-triangulation-attack-abused-undocumented-hardware-feature/ www.secnews.physaphae.fr/article.php?IdArticle=8429834 False Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The McAfee Mobile Research Team has discovered an Android backdoor named Android/Xamalicious that is implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. The malware tries to gain accessibility privileges with social engineering and then communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that\'s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps among other actions financially motivated without user consent. The second stage payload can take full control of the infected device due to the powerful accessibility services that were already granted during the first stage which also contains functions to self-update the main APK which means that it has the potential to perform any type of activity like a spyware or banking trojan without user interaction. The malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server. The malware has been distributed through about 25 different malicious apps that carry this threat. Some variants have been distributed on Google Play since mid-2020. The apps identified in this report were proactively removed by Google from Google Play ahead of the reporting. Based on the number of installations these apps may have compromised at least 327,000 devices from Google Play plus the installations coming from thir]]> 2023-12-26T20:55:57+00:00 https://community.riskiq.com/article/f13288c3 www.secnews.physaphae.fr/article.php?IdArticle=8429475 False Threat,Malware,Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A new Python project called \'Wall of Flippers\' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. [...]]]> 2023-12-23T10:09:18+00:00 https://www.bleepingcomputer.com/news/security/wall-of-flippers-detects-flipper-zero-bluetooth-spam-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8428022 False Spam,Mobile None 2.0000000000000000 TechRepublic - Security News US Risk mitigation tips are provided for each of these cybersecurity threats.]]> 2023-12-22T22:47:44+00:00 https://www.techrepublic.com/article/eset-threat-report-h2-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8427606 False Threat,Malware,Mobile ChatGPT 3.0000000000000000 Bleeping Computer - Magazine Américain Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. [...]]]> 2023-12-22T20:35:18+00:00 https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/ www.secnews.physaphae.fr/article.php?IdArticle=8427668 False Data Breach,Mobile None 3.0000000000000000 McAfee Labs - Editeur Logiciel Rédigé par l'équipe de recherche mobile Fernando Ruiz McAfee a identifié une porte dérobée Android implémentée avec Xamarin, un cadre open source qui permet ...

---

> Authored by Fernando Ruiz  McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows... ]]> 2023-12-22T19:34:18+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8427537 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Le géant du jeu vidéo Ubisoft a déclaré qu'il enquêtait sur les affirmations selon lesquelles les pirates ont infiltré ses systèmes cette semaine et ont tenté de voler des données.Un porte-parole de la société française a déclaré à Future News que les responsables d'Ubisoft étaient «au courant d'un incident présumé de sécurité des données et enquêtaient actuellement».«Nous n'avons pas plus à partager pour le moment», "

---

Video game giant Ubisoft said it is investigating claims that hackers infiltrated its systems this week and attempted to steal data. A spokesperson for the French company told Recorded Future News that Ubisoft officials were “aware of an alleged data security incident and are currently investigating.” “We don\'t have more to share at this time,”]]> 2023-12-22T19:18:00+00:00 https://therecord.media/ubisoft-alleged-data-breach-investigating www.secnews.physaphae.fr/article.php?IdArticle=8427538 False Data Breach,Mobile None 3.0000000000000000 SecurityWeek - Security News Une variante de la banque Android Chameleon présente de nouvelles capacités de dérivation et a élargi sa zone de ciblage.

---

>A variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area. ]]> 2023-12-22T17:21:51+00:00 https://www.securityweek.com/chameleon-android-malware-can-bypass-biometric-security/ www.secnews.physaphae.fr/article.php?IdArticle=8427491 False Malware,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-12-22T09:46:05+00:00 https://www.globalsecuritymag.fr/eset-decortique-le-2eme-semestre-2023-dans-son-rapport-celui-ci-regorge-d.html www.secnews.physaphae.fr/article.php?IdArticle=8427301 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn\'t survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor]]> 2023-12-21T22:18:00+00:00 https://thehackernews.com/2023/12/multi-million-dollar-predator-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=8426908 False Mobile,Commercial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,]]> 2023-12-21T21:51:00+00:00 https://thehackernews.com/2023/12/new-chameleon-android-banking-trojan.html www.secnews.physaphae.fr/article.php?IdArticle=8426909 False Malware,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch A more sophisticated version of a "work in progress" malware is impersonating a Google Chrome app to attack a wider swath of mobile users.]]> 2023-12-21T16:20:00+00:00 https://www.darkreading.com/endpoint-security/chameleon-android-trojan-offers-biometric-bypass www.secnews.physaphae.fr/article.php?IdArticle=8426879 False Malware,Mobile None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite La vague de l'utilisation des appareils mobiles au sein des organisations a inévitablement ouvert les vannes à un nouveau type de logiciel espion cyber-menace-mobile.Comme le terme «logiciel espion» le suggère, ce type de menace peut souvent passer inaperçu jusqu'à ce que les dommages soient causés.La dépendance croissante à l'égard de la technologie mobile a permis aux organisations de reconnaître et d'atténuer les risques associés aux logiciels espions mobiles.Il ne s'agit plus seulement d'améliorer la productivité;Il est également de sauvegarder les passerelles numériques que nos appareils mobiles sont devenus.Comprendre les logiciels espions mobiles La menace subtile mais significative de logiciels spymétrique mobile exige l'attention, car ces logiciels secrètes s'infiltrent [& # 8230;]

---

>The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. As the term “spyware” suggests, this kind of threat can often go unnoticed until the damage is done. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate the risks associated with mobile spyware. It’s no longer just about enhancing productivity; it’s equally about safeguarding the digital gateways that our mobile devices have become. Understanding Mobile Spyware The subtle yet significant threat of mobile spyware demands attention, as these covert software pieces infiltrate […] ]]> 2023-12-21T13:00:50+00:00 https://blog.checkpoint.com/securing-user-and-access/is-your-organization-infected-by-mobile-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=8426783 False Threat,Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti releases updates to fix 22 vulnerabilities in its Avalanche mobile device management product]]> 2023-12-21T10:30:00+00:00 https://www.infosecurity-magazine.com/news/ivanti-customers-patch-13-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8426702 False Mobile,Vulnerability None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-12-21T09:53:52+00:00 https://www.zataz.com/des-pirates-russes-menacent-la-poste-mobile-et-des-entreprises-russes/ www.secnews.physaphae.fr/article.php?IdArticle=8426666 False Mobile None 2.0000000000000000 Korben - Bloger francais 2023-12-21T08:00:00+00:00 https://korben.info/sonic-triple-trouble-16-bit-fan-remake-a-decouvrir.html www.secnews.physaphae.fr/article.php?IdArticle=8426632 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices - disable fingerprint and face unlock to steal device PINs. [...]]]> 2023-12-21T05:00:00+00:00 https://www.bleepingcomputer.com/news/security/android-malware-chameleon-disables-fingerprint-unlock-to-steal-pins/ www.secnews.physaphae.fr/article.php?IdArticle=8426817 False Malware,Mobile None 2.0000000000000000 UnderNews - Site de news "pirate" francais A l'heure où les arnaques à l'investissement deviennent monnaie courante à mesure que les investissements en ligne gagnent en popularité, les investisseurs en herbe doivent faire preuve de prudence. En découvrant une vaste escroquerie à l’investissement dans le domaine du gaz, ciblant à la fois les utilisateurs d’Android et d’iOS, les chercheurs de Kaspersky ont […] The post Arnaques à l'investissement : Kaspersky met au jour des escroqueries dans le domaine du gaz first appeared on UnderNews.]]> 2023-12-20T17:53:01+00:00 https://www.undernews.fr/contrefacon-cracking/arnaques-a-linvestissement-kaspersky-met-au-jour-des-escroqueries-dans-le-domaine-du-gaz.html www.secnews.physaphae.fr/article.php?IdArticle=8426241 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims\' mobile devices through SMS or]]> 2023-12-20T15:50:00+00:00 https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html www.secnews.physaphae.fr/article.php?IdArticle=8426026 False Threat,Mobile None 2.0000000000000000 McAfee Labs - Editeur Logiciel Rédigé par Neil Tyagi et Fernando Ruiz dans un monde en évolution numérique, la commodité de la banque via des applications mobiles a ...

---

> Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has... ]]> 2023-12-20T15:40:59+00:00 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/ www.secnews.physaphae.fr/article.php?IdArticle=8426177 False Mobile None 2.0000000000000000 Korben - Bloger francais 2023-12-20T08:00:00+00:00 https://korben.info/controler-appareil-android-depuis-pc-mac-avec-qtscrcpy.html www.secnews.physaphae.fr/article.php?IdArticle=8425963 False Mobile None 3.0000000000000000 Wired Threat Level - Security News Beeper\'s “Mini” Android app was supposed to be a simple green-bubble-to-blue-bubble messaging solution. It has now fueled a larger conversation about government regulation of the tech industry.]]> 2023-12-19T21:02:57+00:00 https://www.wired.com/story/beeper-apple-imessage-fight/ www.secnews.physaphae.fr/article.php?IdArticle=8425691 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Le plus grand opérateur de télécommunications de l'Ukraine \\, Kievstar, était «l'une des cyberattaques perturbatrices les plus perturbatrices sur les réseaux ukrainiens» depuis que la Russie a envahi le pays l'année dernière, British Defense Intelligence dit .L'attaque, qui a commencé le 12 décembre, a laissé les abonnés de Kievstar sans signal mobile et Internet pendant deux jours.L'entreprise fournit des services à plus de la moitié

---

The hack of Ukraine\'s largest telecommunications operator, Kyivstar, was “one of the highest-impact disruptive cyberattacks on Ukrainian networks” since Russia invaded the country last year, British defense intelligence said. The attack, which began on December 12, left Kyivstar subscribers without mobile signal and internet for two days. The company provides services to more than half]]> 2023-12-18T14:30:00+00:00 https://therecord.media/ukraine-kyivstar-hack-high-impact www.secnews.physaphae.fr/article.php?IdArticle=8424812 False Hack,Mobile None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes principales attaques et violations de l'opérateur mobile d'Ukraine \\ d'Ukraine, Kyivstar, ont été frappées par «la plus grande cyberattaque sur les infrastructures de télécommunications au monde», rendant des millions sans services mobiles et Internet pendant au moins 48 heures.Il semblerait que l'attaque ait également affecté [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 18th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Ukraine\'s largest mobile operator, Kyivstar, was hit by “largest cyber-attack on telecom infrastructure in the world”, rendering millions without mobile and internet services for at least 48 hours. Reportedly, the attack also affected […] ]]> 2023-12-18T13:32:23+00:00 https://research.checkpoint.com/2023/18th-december-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8424773 False Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2023-12-18T06:00:21+00:00 https://www.proofpoint.com/us/blog/compliance-and-archiving/integrated-risk-approach-breaking-legal-and-compliance-attack-chain www.secnews.physaphae.fr/article.php?IdArticle=8425108 False Threat,Tool,Conference,Prediction,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch If you are in the market for a smartphone but want to break away from the Apple-Google duopoly, look no further: these alternative smartphones are based on various Linux variants and custom hardware.]]> 2023-12-16T01:10:00+00:00 https://www.darkreading.com/endpoint-security/smartphones-avoid-android-ios www.secnews.physaphae.fr/article.php?IdArticle=8423475 False Mobile None 3.0000000000000000 The Register - Site journalistique Anglais You\'d better have 2GB free on that handset and be running Android 14 Google Pixel owners who need to take their devices in for repair now have an option to protect their data from snooping techs in the form of a new "repair mode." …]]> 2023-12-15T17:40:09+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/15/google_pixel_gets_repair_mode/ www.secnews.physaphae.fr/article.php?IdArticle=8423303 False Mobile None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes]]> 2023-12-15T14:27:39+00:00 https://www.welivesecurity.com/en/videos/new-ios-feature-thwart-eavesdropping-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8423571 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. [...]]]> 2023-12-14T14:40:02+00:00 https://www.bleepingcomputer.com/news/security/ten-new-android-banking-trojans-targeted-985-bank-apps-in-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8422815 False Malware,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Zimperium\'s 2023 Mobile Banking Heist Report Finds 29 Malware Families Targeted 1,800 Banking Apps Across 61 Countries in the Last Year Threat landscape shows continued investment by threat actors financially motivated to “follow the money” as banking via a mobile app becomes increasingly ubiquitous - Malware Update]]> 2023-12-14T14:34:52+00:00 https://www.globalsecuritymag.fr/Zimperium-s-2023-Mobile-Banking-Heist-Report-Finds-29-Malware-Families-Targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8422676 False Threat,Malware,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-12-14T14:33:34+00:00 https://www.globalsecuritymag.fr/Mobile-Banking-Heists-2023-de-Zimperium-29-familles-de-malwares-ont-cible-1-800.html www.secnews.physaphae.fr/article.php?IdArticle=8422677 False Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2023-12-14T09:00:56+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/malicious-qr-code-detection-takes-giant-leap-forward www.secnews.physaphae.fr/article.php?IdArticle=8422883 False Threat,Malware,Cloud,Tool,Mobile None 3.0000000000000000 ProofPoint - Cyber Firms 2023-12-14T07:44:10+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/i-broke-my-phone-update-new-developments-conversational-attacks-mobile www.secnews.physaphae.fr/article.php?IdArticle=8422695 False Threat,Spam,Prediction,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of]]> 2023-12-13T18:45:00+00:00 https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html www.secnews.physaphae.fr/article.php?IdArticle=8422108 False Tool,Mobile,Vulnerability None 2.0000000000000000 Wired Threat Level - Security News A hacker group calling itself Solntsepek-previously linked to Russia\'s notorious Sandworm hackers-says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.]]> 2023-12-13T15:56:43+00:00 https://www.wired.com/story/ukraine-kyivstar-solntsepek-sandworm-gru/ www.secnews.physaphae.fr/article.php?IdArticle=8422130 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukraine\'s biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. "The cyberattack on Ukraine\'s #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues]]> 2023-12-13T15:48:00+00:00 https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html www.secnews.physaphae.fr/article.php?IdArticle=8422003 False Mobile None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism This newly discovered vulnerability is real, but it\'s more nuanced than that.]]> 2023-12-13T15:21:27+00:00 https://arstechnica.com/?p=1990601 www.secnews.physaphae.fr/article.php?IdArticle=8422155 False Mobile,Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future kyiv - Le plus grand fournisseur de télécommunications d'Ukraine \\, Kyivstar, a progressivement remonté les opérations mercredi après Une cyberattaque majeure a endommagé certains de ses systèmes un jour plus tôt.Le réseau cellulaire et Internet mobile de la société étaient toujours hors service.Son application mobile et son site Web étaient également en baisse.Cependant, Kyivstar a réussi à restaurer certains de ses services fixes, et

---

KYIV - Ukraine\'s largest telecom provider, Kyivstar, was gradually resuming operations Wednesday after a major cyberattack damaged some of its systems a day earlier. The company\'s cellular network and mobile internet were still out of service. Its mobile app and website were also down. However, Kyivstar managed to restore some of its landline services, and]]> 2023-12-13T14:50:00+00:00 https://therecord.media/hackers-damaged-kyivstar-functions-ukraine-telecom-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8422104 False Mobile None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Millions of customers lost mobile phone and home internet service as a result of what Kyivstar said was a cyber attack. ]]> 2023-12-12T21:46:54+00:00 https://cyberscoop.com/ukraines-largest-mobile-communications-provider-down-after-apparent-cyber-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8421725 False Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch The destructive attack, likely carried out by Russian actors, is the biggest hit on the country\'s basic infrastructure since the beginning of the war.]]> 2023-12-12T21:36:00+00:00 https://www.darkreading.com/ics-ot-security/kyivstar-mobile-attack-ukraine-comms-blackout www.secnews.physaphae.fr/article.php?IdArticle=8421717 False Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Kaspersky researchers have discovered a new Trojan-Proxy that is piggybacking on cracked software for macOS. he infected versions of the software come in the form of .PKG installers, which are handled by the Installer utility in macOS and can run scripts before and after actual installation. The Trojan creates log files and attempts to obtain a C&C server IP address via DNS-over-HTTPS (DoH), thus making the DNS request indistinguishable from a regular HTTPS request and hiding it from traffic monitoring. The Trojan can be used to build a proxy server network or to perform criminal acts on behalf of the victim, such as launching attacks on websites, companies, and individuals, or buying illicit goods. In addition to the macOS application, Kaspersky researchers discovered several specimens for Android and Windows that connected to the same C&C server. These are also Trojan-Proxies that hide inside cracked software. #### Reference URL(s) 1. https://securelist.com/trojan-proxy-for-macos/111325/ #### Publication Date December 6, 2023 #### Author(s) Sergey Puzan ]]> 2023-12-12T20:20:56+00:00 https://community.riskiq.com/article/24b54e8f www.secnews.physaphae.fr/article.php?IdArticle=8421706 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future La Federal Communications Commission avertit les fournisseurs de services de téléphonie mobile pour s'assurer qu'ils protégent les clients des cybercriminels qui utilisent des échanges de SIM frauduleux pour reprendre les comptes de téléphone mobile victimes involontaires.L'avertissement intervient dans les talons de un comité d'examen de la cyber-sécurité (CSRB) Finding annoncé en août.Le conseil a détaillé les opérations du

---

The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims\' mobile phone accounts. The warning comes on the heels of a Cyber Safety Review Board (CSRB) finding announced in August. The board detailed the operations of the]]> 2023-12-12T16:30:00+00:00 https://therecord.media/fcc-sim-swapping-reminder-telecoms-consumer-protection www.secnews.physaphae.fr/article.php?IdArticle=8421594 False Mobile None 3.0000000000000000 Soc Radar - Blog spécialisé SOC The Cybersecurity and Infrastructure Security Agency (CISA) has released a summary of the most recent... ]]> 2023-12-12T14:24:13+00:00 https://socradar.io/weekly-vulnerability-summary-by-cisa-android-microsoft-cms-software-wordpress-perl-and-more/ www.secnews.physaphae.fr/article.php?IdArticle=8421553 False Mobile,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kyivstar announced its mobile network had temporarily been shut down due to a major cyber-attack on its systems]]> 2023-12-12T14:00:00+00:00 https://www.infosecurity-magazine.com/news/ukraine-kyivstar-hacked-war-russia/ www.secnews.physaphae.fr/article.php?IdArticle=8421572 False Hack,Mobile None 3.0000000000000000 GoogleSec - Firm Security Blog prioritize hardening the cellular baseband given its unique combination of running in an elevated privilege and parsing untrusted inputs that are remotely delivered into the device. This post covers how to use two high-value sanitizers which can prevent specific classes of vulnerabilities found within the baseband. They are architecture agnostic, suitable for bare-metal deployment, and should be enabled in existing C/C++ code bases to mitigate unknown vulnerabilities. Beyond security, addressing the issues uncovered by these sanitizers improves code health and overall stability, reducing resources spent addressing bugs in the future. An increasingly popular attack surface As we outlined previously, security research focused on the baseband has highlighted a consistent lack of exploit mitigations in firmware. Baseband Remote Code Execution (RCE) exploits have their own categorization in well-known third-party marketplaces with a relatively low payout. This suggests baseband bugs may potentially be abundant and/or not too complex to find and exploit, and their prominent inclusion in the marketplace demonstrates that they are useful. Baseband security and exploitation has been a recurring theme in security conferences for the last decade. Researchers have also made a dent in this area in well-known exploitation contests. Most recently, this area has become prominent enough that it is common to find practical baseband exploitation trainings in top security conferences. Acknowledging this trend, combined with the severity and apparent abundance of these vulnerabilities, last year we introduced updates to the severity guidelines of Android\'s Vulnerability Rewards Program (VRP). For example, we consider vulnerabilities allowing Remote Code Execution (RCE) in the cellular baseband to be of CRITICAL severity. Mitigating Vulnerability Root Causes with Sanitizers Common classes of vulnerabilities can be mitigated through the use of sanitizers provided by Clang-based toolchains. These sanitizers insert runtime checks against common classes of vulnerabilities. GCC-based toolchains may also provide some level of support for these flags as well, but will not be considered further in this post. We encourage you to check your toolchain\'s documentation. Two sanitizers included in Undefine]]> 2023-12-12T12:00:09+00:00 http://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html www.secnews.physaphae.fr/article.php?IdArticle=8421613 False Threat,Tool,Conference,Prediction,Mobile,Vulnerability None 3.0000000000000000 The Register - Site journalistique Anglais Dev claims to have fixed \'issue that caused messages not to be sent or received\' The developer behind Beeper Mini just released an updated version of the standalone Android app that users say can sidestep the block Apple put in place over the weekend.…]]> 2023-12-12T10:37:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/12/apple_beeper_update/ www.secnews.physaphae.fr/article.php?IdArticle=8421465 False Tool,Mobile None 3.0000000000000000 TroyHunt - Blog Security Epic Games scores major court win; judge will decide remedies next month.]]> 2023-12-12T03:07:20+00:00 https://arstechnica.com/?p=1990262 www.secnews.physaphae.fr/article.php?IdArticle=8421324 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims\' personal and]]> 2023-12-11T12:39:00+00:00 https://thehackernews.com/2023/12/spyloan-scandal-18-malicious-loan-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8420925 False Mobile None 3.0000000000000000 Incogni - Blog Sécu de la société incogni, spécialisé en protection de la vie privé 2023-12-11T10:27:42+00:00 https://blog.incogni.com/children-android-app-research/ www.secnews.physaphae.fr/article.php?IdArticle=8420986 False Mobile None 2.0000000000000000 TroyHunt - Blog Security Co-founder denies Apple\'s claims of security and privacy concerns for its users.]]> 2023-12-10T17:35:40+00:00 https://arstechnica.com/?p=1989830 www.secnews.physaphae.fr/article.php?IdArticle=8420709 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]]]> 2023-12-09T10:14:24+00:00 https://www.bleepingcomputer.com/news/security/autospill-attack-steals-credentials-from-android-password-managers/ www.secnews.physaphae.fr/article.php?IdArticle=8420469 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three]]> 2023-12-08T22:52:00+00:00 https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html www.secnews.physaphae.fr/article.php?IdArticle=8420246 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Un autre jour, une autre vulnérabilité Bluetooth impactant des milliards d'appareils dans le monde! Ceci est un article de HackRead.com Lire la publication originale: La vulnérabilité Bluetooth permet une injection de frappe sur Android, Linux, MacOS, iOS

---

>By Waqas Another day, another Bluetooth vulnerability impacting billions of devices worldwide! This is a post from HackRead.com Read the original post: Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS]]> 2023-12-08T13:51:34+00:00 https://www.hackread.com/bluetooth-vulnerability-keystroke-injection-android-linux-mac-ios/ www.secnews.physaphae.fr/article.php?IdArticle=8420185 False Mobile,Vulnerability None 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi]]> 2023-12-08T12:00:00+00:00 https://www.welivesecurity.com/en/videos/increase-deceptive-loan-apps-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8420467 False Mobile None 2.0000000000000000 SecurityWeek - Security News Un pontage d'authentification Bluetooth permet aux attaquants de se connecter aux appareils Android, Linux et Apple vulnérables et injecter des touches.

---

>A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes. ]]> 2023-12-08T11:28:54+00:00 https://www.securityweek.com/android-linux-apple-devices-exposed-to-bluetooth-keystroke-injection-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8420154 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass]]> 2023-12-07T17:16:00+00:00 https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html www.secnews.physaphae.fr/article.php?IdArticle=8419854 False Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users\' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of]]> 2023-12-07T15:54:00+00:00 https://thehackernews.com/2023/12/governments-may-spy-on-you-by.html www.secnews.physaphae.fr/article.php?IdArticle=8419835 False Threat,Mobile None 4.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2023-12-07T13:44:11+00:00 https://www.globalsecuritymag.fr/Proton-annoncela-sauvegarde-photos-dans-Proton-Drive-pour-Android.html www.secnews.physaphae.fr/article.php?IdArticle=8419894 False Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-12-07T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/las-vegas-casinos-targeted-by-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8419832 False Threat,Ransomware,Technical,Mobile,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Secret government requests for Android and iOS push notification data should be made public, argues Ron Wyden]]> 2023-12-07T10:00:00+00:00 https://www.infosecurity-magazine.com/news/governments-spying-apple-google/ www.secnews.physaphae.fr/article.php?IdArticle=8419820 False Mobile None 3.0000000000000000 Techworm - News reddit et forums communautaires d'Apple , qui a d'abord été repéré par macrumors , pour exprimer leur frustration d'être brusquement jeté des messages, des notes et d'autresApplications pour se retrouver sur une autre nouvelle application en raison de l'apparence soudaine du commutateur de l'application. Les utilisateurs affectés notent que le bogue a tendance à s'activer lorsque vous tapez à un rythme rapide sur le clavier virtuel pendant un certain temps.Ce bug étrange affecte toutes les versions iOS 17, c'est-à-dire de l'iOS 17.0 à la mise à jour la plus récente iOS 17.1.2. «Qu'il \ \\ soit iMessage ou Site Web, n'a pas d'importance, chaque fois que je tape sur quoi que ce soit, il active périodiquement le commutateur de l'application comme si j'avais glissé le bas de monécran.Je ne glisse rien, juste des textos normaux ou des clics de clavier à l'écran », a écrit un utilisateur Reddit sur le forum iOS Reddit il y a un mois. Il n'est pas clair si Apple est encore au courant du problème, car il n'y a pas de correctif officiel annoncé par le géant de Cupertino, mais nous pouvons nous attendre à ce qu'il soit inclus dans une future mise à jour. Pendant ce temps, il existe une solution de contournement temporaire qui peut résoudre le problème, qui est en désactivant la «l'accessibilité» jusqu'à ce qu'Apple libère un correctif.Il aurait éteint la réduction de l'accessibilité dans le menu des paramètres a empêché le problème de se reproduire. Ici \\ s comment vous pouvez désactiver la locabilité : La réaction est une fonctionnalité d'accessibilité, que vous pouvez utiliser pour abaisser le haut de votre écran jusqu'au milieu afin qu'il soit à portée de main de votre pouce.Voici comment vous pouvez le faire: Ouvrir Paramètres sur votre iPhone. Appuyez sur accessibilité Choisissez toucher dans la section "physique et moteur" Éliminez l'interrupteur à côté de l'accessibilité

---

iPhone users in the last few weeks are reporting a disruptive bug in iOS 17 that is causing the app switcher to suddenly appear while typing on their device\'s virtual keyboard. Several iPhone users have taken to online communities such as Reddit and Apple Community forums, which was first spotted by MacRumors, to express their frustration about being abruptly thrown out from Messages, Notes, and other applications to find themselves on another new app due to the sudden appearance of the app switcher. Affected users note that the bug tends to activate when are typing at a swift pace on the virtual keyboard for a while. This weird bug is affecting all iOS 17 versions, i.e., from iOS 17.0 to the most recent iOS 17.1.2 update. “Whether it\'s iMessage or website, doesn\'t matter, whenever I\'m typing on anything, periodically it will activate the app switcher as if I\'ve swiped the bottom of]]> 2023-12-06T22:41:08+00:00 https://www.techworm.net/2023/12/ios-17-bug-switches-apps-while-typing-on-keyboard.html www.secnews.physaphae.fr/article.php?IdArticle=8419639 False Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Issue has been around since at least 2012 A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe.…]]> 2023-12-06T20:47:32+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/06/bluetooth_bug_apple_linux/ www.secnews.physaphae.fr/article.php?IdArticle=8419674 False Mobile,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.]]> 2023-12-06T20:25:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/android-vulnerability-leaks-credentials-from-password-managers- www.secnews.physaphae.fr/article.php?IdArticle=8419675 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Le sénateur Ron Wyden (D-Ore.) A averti mercredi dans une lettre au ministère de la Justice que les gouvernements espèrent les utilisateurs d'Apple et Google pour les smartphones via des notifications push mobiles.Le sénateur, qui est depuis longtemps un défenseur de la vie privée, a déclaré que son bureau avait reçu un conseil sur la pratique l'année dernière et a demandé plus d'informations sur le

---

Sen. Ron Wyden (D-Ore.) warned in a letter to the Department of Justice on Wednesday that governments are spying on Apple and Google smartphone users through mobile push notifications. The senator, who has long been a privacy advocate, said his office received a tip about the practice last year, and sought more information on the]]> 2023-12-06T18:30:00+00:00 https://therecord.media/wyden-warns-of-governments-spying-on-apple-google-users-through-push-notifications www.secnews.physaphae.fr/article.php?IdArticle=8419648 False Spam,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.]]> 2023-12-06T17:11:00+00:00 https://www.darkreading.com/vulnerabilities-threats/critical-bluetooth-flaw-exposes-android-apple-and-linux-devices-to-keystroke-injection-attack www.secnews.physaphae.fr/article.php?IdArticle=8419635 False Mobile None 3.0000000000000000 Wired Threat Level - Security News Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.]]> 2023-12-06T17:08:45+00:00 https://www.wired.com/story/apple-google-push-notification-surveillance/ www.secnews.physaphae.fr/article.php?IdArticle=8419630 False Mobile None 2.0000000000000000 Soc Radar - Blog spécialisé SOC Google has released the December 2023 Android Security Bulletin. Despite the bulletin being released, the... ]]> 2023-12-06T16:38:55+00:00 https://socradar.io/december-2023-android-security-bulletin-critical-and-potentially-exploited-vulnerabilities-google-pixel-update/ www.secnews.physaphae.fr/article.php?IdArticle=8419614 False Mobile,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky found multiple variants, but none are being marked as malicious by anti-malware vendors]]> 2023-12-06T16:30:00+00:00 https://www.infosecurity-magazine.com/news/trojan-proxy-expands-macos/ www.secnews.physaphae.fr/article.php?IdArticle=8419612 False Threat,Mobile None 2.0000000000000000 Silicon - Site de News Francais 2023-12-06T16:08:10+00:00 https://www.silicon.fr/chargeur-universel-apple-retarder-deploiement-inde-473973.html www.secnews.physaphae.fr/article.php?IdArticle=8419615 False Mobile None 3.0000000000000000 SecurityWeek - Security News IVERIFY, une startup au stade de graine sorti de la piste de bits, expédie une plate-forme de chasse aux menaces mobiles pour neutraliser iOS et Android Zero-Days.

---

>iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days. ]]> 2023-12-06T15:20:30+00:00 https://www.securityweek.com/trail-of-bits-spinout-iverify-tackles-mercenary-spyware-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8419597 False Threat,Mobile None 2.0000000000000000 Silicon - Site de News Francais 2023-12-06T14:53:45+00:00 https://www.silicon.fr/dailymotion-ia-generative-473978.html www.secnews.physaphae.fr/article.php?IdArticle=8419580 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-12-06T13:17:56+00:00 https://www.globalsecuritymag.fr/ESET-decouvre-une-croissance-alarmante-d-applications-de-prets-bancaires.html www.secnews.physaphae.fr/article.php?IdArticle=8419568 False Mobile None 3.0000000000000000 Global Security Mag - Site de news francais konferenzen und webinare

---

ENBANTEC Cyber Security Conference and Exhibition will be held on 04 June 2024 in Istanbul, Turkey. ENBANTEC is a global conference which is one of the most important and prestigious conferences in EMEA region with its focus on Cyber Security, IT Security, Network Security, Data Security, Cloud Security, Mobile Security, Endpoint Security and Identity and Access Management technologies and solutions. An intensive participation is expected to the ENBANTEC Conference from Turkey and many other countries. ENBANTEC 2024 Conference is an unmissable conference. - Konferenzen und Webinare]]> 2023-12-06T09:06:55+00:00 https://www.globalsecuritymag.fr/04-June-2024-Istanbul-Turkey-ENBANTEC-Cyber-Security-Conference-and-Exhibition.html www.secnews.physaphae.fr/article.php?IdArticle=8419488 False Cloud,Conference,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Even the most severe security protections for mobile phones aren\'t all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows.]]> 2023-12-05T22:46:00+00:00 https://www.darkreading.com/endpoint-security/apple-lockdown-mode-bypass-subverts-iphone-strongest-security-feature www.secnews.physaphae.fr/article.php?IdArticle=8419391 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it\'s actually not and carry out covert attacks. The novel, detailed by Jamf Threat Labs in a report shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause]]> 2023-12-05T20:28:00+00:00 https://thehackernews.com/2023/12/warning-for-iphone-users-experts-warn.html www.secnews.physaphae.fr/article.php?IdArticle=8419295 False Threat,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET said these apps request sensitive user information, exfiltrating it to attackers\' servers]]> 2023-12-05T16:45:00+00:00 https://www.infosecurity-magazine.com/news/spyloan-scams-target-android/ www.secnews.physaphae.fr/article.php?IdArticle=8419325 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Par waqas Flaw de sécurité iOS: le faux mode de verrouillage peut être utilisé pour tromper les utilisateurs, les laissant exposés. Ceci est un article de HackRead.com Lire la publication originale: Le faux mode de verrouillage expose les utilisateurs iOS aux attaques de logiciels malveillants

---

>By Waqas iOS Security Flaw: Fake Lockdown Mode Can Be Used to Trick Users, Leaving Them Exposed. This is a post from HackRead.com Read the original post: Fake Lockdown Mode Exposes iOS Users to Malware Attacks]]> 2023-12-05T16:10:45+00:00 https://www.hackread.com/fake-lockdown-mode-exposes-ios-malware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8419322 False Malware,Mobile None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Co-founder says it\'s a security improvement for everyone and should be legal.]]> 2023-12-05T15:00:47+00:00 https://arstechnica.com/?p=1988361 www.secnews.physaphae.fr/article.php?IdArticle=8419306 False Mobile None 2.0000000000000000 Wired Threat Level - Security News The new app Beeper Mini lets Android users send texts that show up as blue bubbles on iPhones. We talked to the 16-year-old high school student who wrote the code to make it possible.]]> 2023-12-05T15:00:00+00:00 https://www.wired.com/story/beeper-android-iphone-texting-blue-bubbles/ www.secnews.physaphae.fr/article.php?IdArticle=8419289 False Mobile None 3.0000000000000000 SecurityWeek - Security News Les mises à jour de sécurité en décembre 2023 d'Android \\ résolvent 94 vulnérabilités, y compris plusieurs bogues de sévérité critique.

---

>Android\'s December 2023 security updates resolve 94 vulnerabilities, including several critical-severity bugs. ]]> 2023-12-05T12:11:09+00:00 https://www.securityweek.com/94-vulnerabilities-patched-in-android-with-december-2023-security-updates/ www.secnews.physaphae.fr/article.php?IdArticle=8419265 False Mobile,Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC social engineering techniques through acts of intimidation. One prevalent scam involves fraudsters posing as bank security officials to deceive unsuspecting individuals. Another concerning trend is the rise of legitimate channels that drive people to scam schemes via mainstream advertising platforms like Google and Facebook. Furthermore, the economic hardships some people face have led them to seek alternative income sources, driving them to engage in various forms of online criminal activities. Some individuals become involved in schemes where they act as money mules or work in illegal call centers. It is challenging for financial institutions to guarantee absolute safety. Malicious individuals can present counterfeit identification to authorize transactions that were initially denied by the anti-fraud system. While financial institutions strive to know as much as possible about their clients and run transactions carefully, they are constrained by data retention limitations (typically several months) and the need to respond within seconds, as stipulated by Service Level Agreements. So, again, achieving complete certainty about every transaction remains a huge problem. Detecting suspicious activities becomes even more challenging when malicious employees request details about a specific client or transaction, as this falls within their routine work tasks. Some fraud detection systems use computer webcams or video surveillance cameras to monitor employee behavior. Modern surveillance systems have become more intelligent, leveraging artificial intelligence and historical data to perform comprehensive risk assessments and take action when unusual employee behavior is detected. However, these cameras may not always be effective in identifying deceitful behavior when employees remain almost motionless. Understanding fraud detection systems Fraud detection systems are designed to detect and prevent various forms of fraudulent activities, ranging from account hijacking and ]]> 2023-12-05T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/insights-into-modern-fraud-detection-systems www.secnews.physaphae.fr/article.php?IdArticle=8419246 False Threat,Tool,Technical,Prediction,Mobile None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play]]> 2023-12-05T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/ www.secnews.physaphae.fr/article.php?IdArticle=8419462 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. [...]]]> 2023-12-05T09:27:23+00:00 https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-downloaded-12-million-times/ www.secnews.physaphae.fr/article.php?IdArticle=8419290 False Malware,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [...]]]> 2023-12-04T14:37:38+00:00 https://www.bleepingcomputer.com/news/security/december-android-updates-fix-critical-zero-click-rce-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8419096 False Mobile,Vulnerability None 3.0000000000000000 NIST Security - NIST cybersecurity insights 5G will eventually impact every single industry-from healthcare to financial to even agriculture and transportation...and its impact is only increasing over time. Despite its benefits, it comes with privacy and security risks. An increasing number of interconnected devices increases the attack surface. In addition, there are also increased supply chain vulnerabilities and network visibility issues (companies may have issues identifying attacks since there may be a lot of new web traffic from mobile devices and/or more sophistication when it comes to attacks). The goal of the NCCoE 5G]]> 2023-12-04T12:00:00+00:00 https://www.nist.gov/blogs/cybersecurity-insights/nccoe-5g-cybersecurity-connecting-dots-between-it-and-teleco www.secnews.physaphae.fr/article.php?IdArticle=8419077 False Mobile,Vulnerability None 2.0000000000000000 The State of Security - Magazine Américain As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile payments, whether conducted online or through contactless systems. The global mobile payment revenue is expected to reach $12.06 trillion by 2027 , and smartphone users are anticipated to surpass 7.7 billion by 2028 . As these figures soar, the importance of conducting secure transactions online becomes increasingly evident. Mobile payments encompass all...]]> 2023-12-04T03:36:35+00:00 https://www.tripwire.com/state-of-security/understanding-mobile-payment-security www.secnews.physaphae.fr/article.php?IdArticle=8418957 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Apple a averti les clients des dernières vulnérabilités zéro-jours affectant plusieurs de ses produits, libération Une mise à jour de sécurité d'urgence jeudi.Les vulnérabilités - CVE-2023-42916 et CVE-2023-42917 - ont été découvertes par Cl & eacute; ment Lecigne du groupe d'analyse des menaces de Google et affectent l'iPhone XS et plus tard;plusieurs modèles d'iPads;et Mac exécutant MacOS Monterey, Ventura ou Sonoma.

---

Apple warned customers of the latest zero-day vulnerabilities affecting several of its products, releasing an emergency security update on Thursday. The vulnerabilities - CVE-2023-42916 and CVE-2023-42917 - were discovered by Clément Lecigne of Google\'s Threat Analysis Group and affect iPhone XS and later; several models of iPads; and Macs running macOS Monterey, Ventura or Sonoma.]]> 2023-12-01T18:59:00+00:00 https://therecord.media/iphones-macs-vulnerabilities-apple-webkit www.secnews.physaphae.fr/article.php?IdArticle=8418406 False Threat,Mobile,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app]]> 2023-12-01T18:10:00+00:00 https://thehackernews.com/2023/12/new-fjordphantom-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8418322 False Malware,Mobile None 2.0000000000000000 Kaspersky - Kaspersky Research blog Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices.]]> 2023-12-01T10:00:31+00:00 https://securelist.com/it-threat-evolution-q3-2023-mobile-statistics/111224/ www.secnews.physaphae.fr/article.php?IdArticle=8418266 False Threat,Ransomware,Malware,Mobile,Mobile None 3.0000000000000000 Korben - Bloger francais 2023-12-01T08:00:00+00:00 https://korben.info/decouvrez-artful-bibliotheque-android-native-optimiser-android-13-14-securiser-code.html www.secnews.physaphae.fr/article.php?IdArticle=8418255 False Mobile None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Jusqu'à présent, le malware Fjordphantom a fraudé les victimes d'environ 280 000 $ (et 225 000). Ceci est un article de HackRead.com Lire le post original: Android Banking Malware Fjordphantom vole des fonds via la virtualisation

---

>By Waqas Thus far, the FjordPhantom malware has defrauded victims of around $280,000 (£225,000). This is a post from HackRead.com Read the original post: Android Banking Malware FjordPhantom Steals Funds Via Virtualization]]> 2023-11-30T18:58:27+00:00 https://www.hackread.com/fjordphantom-android-malware-targeting-banking-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8418132 False Malware,Mobile,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch No Iranian bank customers are safe from financially motivated cybercriminals wielding convincing but fake mobile apps.]]> 2023-11-30T15:40:00+00:00 https://www.darkreading.com/endpoint-security/deluge-of-nearly-300-fake-apps-floods-iranian-banking-sector www.secnews.physaphae.fr/article.php?IdArticle=8418100 False Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Promon said one FjordPhantom attack resulted in a substantial loss of approximately $280,000]]> 2023-11-30T14:30:00+00:00 https://www.infosecurity-magazine.com/news/fjordphantom-malware-targets-banks/ www.secnews.physaphae.fr/article.php?IdArticle=8418085 False Malware,Mobile,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais revues de produits

---

Reduced Friction for Administrators and Business Users When Accessing Vaulted Credentials Can Help Increase Privileged Access Management Adoption Delinea announced new features for Secret Server to improve usability and increase PAM adoption across organisations. These enhancements optimise how privileged users interact with the vault through Web Password Filler and Connection Manager, while new capabilities within the Delinea Mobile app reduce friction and improve workflows for users (...) - Product Reviews]]> 2023-11-30T13:17:25+00:00 https://www.globalsecuritymag.fr/The-Latest-Delinea-Secret-Server-Release-Boosts-Usability-with-New-Features.html www.secnews.physaphae.fr/article.php?IdArticle=8418070 False Mobile None 2.0000000000000000 SecurityWeek - Security News Zimperium a identifié plus de 200 applications Android de vol d'informations ciblant les utilisateurs des banques mobiles en Iran.

---

>Zimperium has identified over 200 information-stealing Android applications targeting mobile banking users in Iran. ]]> 2023-11-30T09:53:00+00:00 https://www.securityweek.com/hundreds-of-malicious-android-apps-target-iranian-mobile-banking-users/ www.secnews.physaphae.fr/article.php?IdArticle=8418029 False Mobile,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. [...]]]> 2023-11-30T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/fjordphantom-android-malware-uses-virtualization-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8418099 False Malware,Mobile,Mobile,Vulnerability None 3.0000000000000000 Korben - Bloger francais 2023-11-30T08:46:34+00:00 https://korben.info/transformez-iphone-en-camera-pro-avec-blackmagic-camera.html www.secnews.physaphae.fr/article.php?IdArticle=8418013 False Cloud,Mobile None 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-11-29T22:51:00+00:00 https://www.darkreading.com/application-security/1kosmos-unifies-identity-verification-user-journeys-across-web-and-mobile-platforms www.secnews.physaphae.fr/article.php?IdArticle=8417918 False Mobile None 2.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs ont découvert plus de 200 fausses applications mobiles qui imitent les grandes banques iraniennes pour voler des informations à leurs clients.La campagne était découvert pour la première fois en juilletde cette année, mais depuis lors, les cybercriminels ont a élargi leurs capacités , selon la société de cybersécurité basée aux États-Unis Zimperium.Initialement, l'acteur de menace derrière la campagne a créé 40 personnes accueillantes

---

Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their capabilities, according to U.S.-based cybersecurity firm Zimperium. Initially, the threat actor behind the campaign created 40 credential-harvesting]]> 2023-11-29T17:53:00+00:00 https://therecord.media/iran-banking-apps-mobile-malware-campaign-expands www.secnews.physaphae.fr/article.php?IdArticle=8417857 False Threat,Malware,Mobile,Mobile None 3.0000000000000000