This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:56:06+00:00 www.secnews.physaphae.fr Korben - Bloger francais une fonctionnalité qui fait actuellement grincer pas mal de dents. Les forces de police américaines sont en effet dans tous leurs états depuis qu’elles ont découvert un comportement pour le moins étrange des iPhone sous iOS 18. Il semblerait que les appareils stockés dans leurs labos d’analyse se mettent à redémarrer de manière autonome, compliquant sérieusement leur travail d’investigation.]]> 2024-11-09T08:45:50+00:00 https://korben.info/ios-18-securite-renforcee-contre-police.html www.secnews.physaphae.fr/article.php?IdArticle=8608465 False Legislation,Mobile None 3.0000000000000000 SecurityWeek - Security News Le CFPB du gouvernement américain \\ a envoyé un e-mail avec une directive simple: «Ne réalisez pas le travail CFPB à l'aide d'appels vocaux mobiles ou de messages texte.»

---

>The US government\'s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.” ]]> 2024-11-08T18:16:17+00:00 https://www.securityweek.com/us-gov-agency-urges-employees-to-limit-phone-use-after-china-salt-typhoon-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8608236 False Hack,Mobile None 3.0000000000000000 Security Intelligence - Site de news Américain Une nouvelle souche malveillante Android connue sous le nom de Spyagent fait le tour & # 8212;et voler des captures d'écran au fur et à mesure.En utilisant la technologie de reconnaissance de caractères optiques (OCR), le malware est après des phrases de récupération de crypto-monnaie souvent stockées dans des captures d'écran sur les appareils utilisateur.Voici comment esquiver la balle.Les attaquants tirant sur leurs attaques (écran) Start & # 8212;comme toujours [& # 8230;]

---

>A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices. Here’s how to dodge the bullet. Attackers shooting their (screen) shot Attacks start — as always […] ]]> 2024-11-08T14:00:00+00:00 https://securityintelligence.com/articles/spyagent-malware-targets-crypto-wallets-stealing-screenshots/ www.secnews.physaphae.fr/article.php?IdArticle=8608166 False Malware,Mobile None 3.0000000000000000 Data Security Breach - Site de news Francais 2024-11-08T13:32:53+00:00 https://www.datasecuritybreach.fr/faille-gpu-soc-nvidia/ www.secnews.physaphae.fr/article.php?IdArticle=8608118 False Mobile None 3.0000000000000000 Data Security Breach - Site de news Francais 2024-11-08T12:21:26+00:00 https://www.datasecuritybreach.fr/cve-2024-43093/ www.secnews.physaphae.fr/article.php?IdArticle=8608086 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain The most recent update to the Google Android app has startled users as they notice the mysterious "search.app" links being generated when sharing content and links from the Google app externally. [...]]]> 2024-11-08T07:56:50+00:00 https://www.bleepingcomputer.com/news/security/googles-mysterious-searchapp-links-leave-android-users-concerned/ www.secnews.physaphae.fr/article.php?IdArticle=8608092 False Mobile None 3.0000000000000000 Korben - Bloger francais Surfshark VPN sur iOS. Oui, je sais ce que certains vont dire : “encore un article sur les VPN…”. Mais celui-là il va vous intéresser si vous en avez marre de vous faire épier sur votre iPhone à longueur de journée. On va voir en détail comment ça fonctionne, pourquoi c’est utile et comment l’installer sur iOS.]]> 2024-11-07T09:41:48+00:00 https://korben.info/surfshark-vpn-sur-iphone.html www.secnews.physaphae.fr/article.php?IdArticle=8607451 False Mobile None 2.0000000000000000 SecurityWeek - Security News Toxicpanda est un troie bancaire Android lié à la Chine ciblant un ciblage sur une douzaine de banques en Europe et en Amérique latine.

---

>ToxicPanda is a China-linked Android banking trojan spotted targeting over a dozen banks in Europe and Latin America. ]]> 2024-11-07T09:40:16+00:00 https://www.securityweek.com/android-banking-trojan-toxicpanda-targets-europe/ www.secnews.physaphae.fr/article.php?IdArticle=8607454 False Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-07T00:27:22+00:00 https://community.riskiq.com/article/a0d061f0 www.secnews.physaphae.fr/article.php?IdArticle=8607279 True Malware,Threat,Mobile,Prediction None 3.0000000000000000 Dark Reading - Informationweek Branch Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers.]]> 2024-11-06T19:36:35+00:00 https://www.darkreading.com/iot/mobile-device-iot-security-requires-more-industry-attention www.secnews.physaphae.fr/article.php?IdArticle=8607146 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch The mobile device maker continues to investigate IntelBroker\'s claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.]]> 2024-11-06T18:50:50+00:00 https://www.darkreading.com/cyberattacks-data-breaches/nokia-no-evidence-so-far-hackers-breached-company-data www.secnews.physaphae.fr/article.php?IdArticle=8607122 False Data Breach,Mobile None 3.0000000000000000 Korben - Bloger francais Play Store, de la coupler avec l’app Votre Téléphone sur votre PC et le tour est joué ! Vos deux appareils communiquent en Bluetooth ou en WiFi et hop, vous pouvez utiliser les caméras avant ou arrière de votre phone comme sources vidéo. L’application est même préinstallée sur les modèles Samsung Galaxy Note10 et Note10+, pour encore plus de praticité.]]> 2024-11-06T09:00:00+00:00 https://korben.info/link-to-windows-transformez-votre-smartphone-android-en-webcam-ultime.html www.secnews.physaphae.fr/article.php?IdArticle=8606864 False Mobile None 2.0000000000000000 Mandiant - Blog Sécu de Mandiant The Mandiant Red Team recently supported a client to visualize the possible impact of a compromise by an advanced threat actor. During the assessment, Mandiant moved laterally from the customer\'s on-premises environment to their Microsoft Entra ID tenant and obtained privileges to compromise existing Entra ID service principals installed in the tenant.  In this blog post, we will show a novel way of how adversaries can move laterally and elevate privileges within Microsoft Entra ID when organizations use a popular security architecture involving Intune-managed Privileged Access Workstations (PAWs) by abusing Intune permissions (DeviceManagementConfiguration.ReadWrite.All) granted to Entra ID service principals. We also provide remediation steps and recommendations to prevent and detect this type of attack. Pretext The customer had a mature security architecture following Microsoft\'s recommended Enterprise Access model, including: An on-premises environment using Active Directory, following the Tiered Model.  An Entra ID environment, synced to the on-premises environment using Microsoft Entra Connect Sync to synchronize on-premises identities and groups to Entra ID. This environment was administered using PAWs, which were not joined to the on-premises Active Directory environment, but instead were fully cloud-native and managed by Intune Mobile Device Management (MDM). IT administrators used a dedicated, cloud-native (non-synced) administrative account to log in to these systems. Entra ID role assignments (Global Administrator, Privileged Role Administrator, et cetera.) were exclusively assigned to these cloud-native administrative accounts. The separation of administrative accounts, devices and privileges between the on-premises environment and the Entra ID environment provided a strong security boundary: Using separate, cloud-native identities for Entra ID privileged roles ensures a compromise of the on-premises Active Directory cannot be used to compromise the Entra ID environment. This is a Microsoft best practice. Using separate physical workstations for administrative access to on-premises resources and cloud resources effectivel]]> 2024-11-06T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8607043 False Threat,Mobile,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.]]> 2024-11-05T20:51:47+00:00 https://www.darkreading.com/application-security/android-botnet-toxicpanda-bashes-banks-europe-latin-america www.secnews.physaphae.fr/article.php?IdArticle=8606631 False Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-05T19:49:09+00:00 https://community.riskiq.com/article/326a5728 www.secnews.physaphae.fr/article.php?IdArticle=8606603 False Malware,Threat,Mobile None 3.0000000000000000 ZD Net - Magazine Info The November 2024 Android Security Update fixes these actively exploited flaws. Here\'s how to check for the patches.]]> 2024-11-05T19:10:42+00:00 https://www.zdnet.com/article/your-android-device-is-vulnerable-to-attack-and-googles-fix-is-imminent/ www.secnews.physaphae.fr/article.php?IdArticle=8606585 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. "ToxicPanda\'s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino]]> 2024-11-05T17:46:00+00:00 https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html www.secnews.physaphae.fr/article.php?IdArticle=8606414 False Malware,Threat,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ToxicPanda malware targets banking apps on Android, spreading through Italy, Portugal and Spain]]> 2024-11-05T16:30:00+00:00 https://www.infosecurity-magazine.com/news/toxicpanda-malware-banking-android/ www.secnews.physaphae.fr/article.php?IdArticle=8606514 False Malware,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-05T15:34:41+00:00 https://community.riskiq.com/article/44f917c6 www.secnews.physaphae.fr/article.php?IdArticle=8606510 False Spam,Malware,Vulnerability,Threat,Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Vulnérabilités]]> 2024-11-05T13:21:48+00:00 https://www.globalsecuritymag.fr/multiples-vulnerabilites-dans-google-android-05-novembre-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8606471 False Mobile None 3.0000000000000000 Recorded Future - FLux Recorded Future Human rights groups are tracking internet service outages and social media blockages in Mozambique, as opposition politicians call for demonstrations against recent presidential election results.]]> 2024-11-05T13:04:23+00:00 https://therecord.media/election-mozambique-outages-social-media-internet-service www.secnews.physaphae.fr/article.php?IdArticle=8606412 False Mobile None 2.0000000000000000 SecurityWeek - Security News Google met en garde contre l'exploitation limitée et ciblée de deux vulnérabilités résolues avec la dernière mise à jour de la sécurité Android.

---

>Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update. ]]> 2024-11-05T12:03:45+00:00 https://www.securityweek.com/google-patches-two-android-vulnerabilities-exploited-in-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8606383 False Vulnerability,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. [...]]]> 2024-11-05T09:30:58+00:00 https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-used-in-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8606468 False Vulnerability,Threat,Mobile None 2.0000000000000000 ProofPoint - Cyber Firms 2024-11-05T09:27:05+00:00 https://www.proofpoint.com/us/blog/compliance-and-archiving/new-digital-communications-platform-announcement www.secnews.physaphae.fr/article.php?IdArticle=8606437 False Tool,Mobile,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,]]> 2024-11-05T09:00:00+00:00 https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html www.secnews.physaphae.fr/article.php?IdArticle=8606233 False Vulnerability,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Business News

---

Appdome Wins Four Top InfoSec Innovator Awards for Protecting Consumer & Enterprise Apps Appdome Recognized for Anti-Bot, Anti-Fraud, Mobile Endpoint, and BYOD Innovations at 12th Annual Cyber Defense Magazine\'s InfoSec Awards - Business News]]> 2024-11-05T08:52:35+00:00 https://www.globalsecuritymag.fr/appdome-wins-four-top-infosec-innovator-awards-for-protecting-consumer.html www.secnews.physaphae.fr/article.php?IdArticle=8606323 False Mobile None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The November security bulletin includes two CVE\'s reportedly exploited in the wild. ]]> 2024-11-04T23:34:04+00:00 https://cyberscoop.com/2024-android-security-bulletin-november-qualcomm-fastrpc-driver/ www.secnews.physaphae.fr/article.php?IdArticle=8606165 False Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T19:39:03+00:00 https://community.riskiq.com/article/f01e1d00 www.secnews.physaphae.fr/article.php?IdArticle=8606105 False Ransomware,Malware,Tool,Threat,Mobile,Cloud,Technical APT 36 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction APT36, également connue sous le nom de Tribe Transparent, est un acteur de menace basé au Pakistan notoire pour cibler constamment les organisations gouvernementales indiennes, le personnel diplomatique et les installations militaires.APT36 a mené de nombreuses campagnes de cyber-espionnage contre Windows, Linux et Android Systems.Dans les campagnes récentes, l'APT36 a utilisé un rat Windows particulièrement insidieux connu sous le nom d'Elizarat.Découvert pour la première fois en 2023, Elizarat a significativement [& # 8230;]

---

>Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […] ]]> 2024-11-04T13:33:15+00:00 https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8605953 False Threat,Mobile APT 36 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming]]> 2024-11-04T11:43:00+00:00 https://thehackernews.com/2024/11/new-fakecall-malware-variant-hijacks.html www.secnews.physaphae.fr/article.php?IdArticle=8605811 False Malware,Mobile None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Mobile security company Zimperium\'s zLabs team has uncovered an advanced variant of the FakeCall malware that employs “Vishing” (voice phishing) to deceive mobile users into sharing sensitive information, such as login credentials and banking details. This sophisticated malware campaign highlights an evolving threat landscape where malicious actors exploit mobile-specific features to conduct increasingly deceptive phishing [...]]]> 2024-11-04T06:24:46+00:00 https://informationsecuritybuzz.com/fakecall-malware-targets-mobile-users/ www.secnews.physaphae.fr/article.php?IdArticle=8605813 False Malware,Threat,Mobile None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-11-01T19:39:00+00:00 https://cybersecurity.att.com/blogs/labs-research/ngioweb-remains-active-7-years-later www.secnews.physaphae.fr/article.php?IdArticle=8604836 False Malware,Vulnerability,Threat,Mobile,Technical APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-31T22:29:13+00:00 https://community.riskiq.com/article/d94c18b0 www.secnews.physaphae.fr/article.php?IdArticle=8604398 False Malware,Threat,Mobile,Prediction None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism FakeCall malware can reroute calls intended for banks to attacker-controlled numbers.]]> 2024-10-30T19:59:03+00:00 https://arstechnica.com/information-technology/2024/10/android-trojan-that-intercepts-voice-calls-to-banks-just-got-more-stealthy/ www.secnews.physaphae.fr/article.php?IdArticle=8603890 False Malware,Mobile None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring]]> 2024-10-30T16:30:00+00:00 https://www.infosecurity-magazine.com/news/updated-fakecall-malware-targets/ www.secnews.physaphae.fr/article.php?IdArticle=8603810 False Malware,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.]]> 2024-10-30T16:29:36+00:00 https://www.darkreading.com/cyberattacks-data-breaches/vishing-mishing-fakecall-android-malware www.secnews.physaphae.fr/article.php?IdArticle=8603807 False Malware,Tool,Mobile None 2.0000000000000000 HackRead - Chercher Cyber A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…]]> 2024-10-30T14:58:51+00:00 https://hackread.com/scary-fakecall-malware-captures-photos-otps-android/ www.secnews.physaphae.fr/article.php?IdArticle=8603762 False Malware,Mobile None 2.0000000000000000 SecurityWeek - Security News Le Troie bancaire Android FAKECALL utilise désormais des tactiques d'évasion avancées et des capacités de surveillance élargies, posant des risques accrus pour les banques et les entreprises.

---

>The FakeCall Android banking trojan now employs advanced evasion tactics and expanded surveillance capabilities, posing heightened risks for banks and enterprises. ]]> 2024-10-30T13:00:00+00:00 https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8603709 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker\'s phone number instead. [...]]]> 2024-10-30T10:50:50+00:00 https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/ www.secnews.physaphae.fr/article.php?IdArticle=8603761 False Malware,Mobile None 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-10-29T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-14-44-cyber-attacks-now-shift-to-mobile-are-your-users-prepared www.secnews.physaphae.fr/article.php?IdArticle=8603271 False Mobile None 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux / / cybersecurite_home_gaucche

---

Die Ergebnisse im Überblick: Mobilgeräte bleiben weiterhin ein großer Bedrohungsvektor mit 111 Prozent Wachstum an Spyware und 29 Prozent an Banking-Malware Technologie, Bildungswesen und Produktion sind noch immer am anfälligsten für Angriffe Die USA bleiben das Hauptziel für IoT-, OT- und mobile Cybersecurity-Angriffe SAN JOSE, USA. 29. Oktober 2024 - Zscaler, Inc. (NASDAQ: ZS), führender Anbieter von Cloud-Sicherheit, veröffentlicht seinen jährlichen Zscaler ThreatLabz 2024 Mobile, IoT und OT Threat Report mit dem Überblick über die mobile und IoT-/OT-Cyberbedrohungslandschaft von Juni 2023 bis Mai 2024. - Sonderberichte / cybersecurite_home_gauche]]> 2024-10-29T10:02:17+00:00 https://www.globalsecuritymag.fr/zscaler-identifiziert-mehr-als-200-bosartige-apps-im-google-play-store-mit-uber.html www.secnews.physaphae.fr/article.php?IdArticle=8603202 False Threat,Mobile,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T23:31:21+00:00 https://community.riskiq.com/article/bfdf1409 www.secnews.physaphae.fr/article.php?IdArticle=8603045 True Ransomware,Malware,Tool,Threat,Mobile,Cloud,Technical None 3.0000000000000000 HackRead - Chercher Cyber Apple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a $1 million bug bounty for…]]> 2024-10-28T20:18:45+00:00 https://hackread.com/apple-launches-apple-intelligence-bug-bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8602978 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google\'s Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812. The threat group, which operates a Telegram channel named civildefense_com_ua, was created on]]> 2024-10-28T19:32:00+00:00 https://thehackernews.com/2024/10/russian-espionage-group-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8602880 False Malware,Threat,Mobile None 3.0000000000000000 TroyHunt - Blog Security "Civil Defense" pushes hybrid espionage/influence campaign targeting recruits.]]> 2024-10-28T17:58:54+00:00 https://arstechnica.com/security/2024/10/kremlin-backed-hackers-have-new-windows-and-android-to-foist-on-ukrainian-foes/ www.secnews.physaphae.fr/article.php?IdArticle=8602956 False Malware,Mobile None 3.0000000000000000 SecurityWeek - Security News Google has uncovered a Russian cyberespionage and influence campaign targeting Ukrainian military recruits. ]]> 2024-10-28T15:16:08+00:00 https://www.securityweek.com/google-russia-targeting-ukrainian-military-recruits-with-android-windows-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8602877 True Malware,Mobile None 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Ford EVs can tell Google Maps their battery state of charge via Android Auto.]]> 2024-10-28T15:06:13+00:00 https://arstechnica.com/cars/2024/10/ford-evs-can-now-see-tesla-superchargers-in-android-autos-google-maps/ www.secnews.physaphae.fr/article.php?IdArticle=8602875 False Mobile None 3.0000000000000000 Bleeping Computer - Magazine Américain A hybrid espionage/influence campaign conducted by the Russian threat group \'UNC5812\' has been uncovered, targeting Ukrainian military recruits with Windows and Android malware. [...]]]> 2024-10-28T14:36:32+00:00 https://www.bleepingcomputer.com/news/security/russia-targets-ukrainian-conscripts-with-windows-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8602938 False Malware,Threat,Mobile None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Figure 1: UNC5812\'s "Civil Defense" persona Targeting Users on Telegram UNC5812\'s malware delivery operations are conducted both via an actor-controlled Telegram channel @civildefense_com_ua and website hosted at civildefense[.]com.ua. The associated website was registered in April 2024, but the Telegram channel was not created until early September 2024, which we judge to be when UNC5812\'s campaign became fully operational.  To drive potential victims towards these actor-controlled resources, we assess that UNC5812 is likely purchasing promoted posts in legitimate, established Ukrainian-language Telegram channels.  On September 18th 2024, a legitimate channel with over 80,000 subscribers dedicated to missile alerts was observed promoting the "Civil Defense" Telegram channel and website to its subscribers.  An additional Ukrainian-language news channel promoting Civil Defense\'s posts as recently as October 8th, indicating the campaign is probably still actively seeking new Ukrainian-language communities for targeted engagement. Channels where "Civil Defense" posts have been promoted advertise the ability to reach out to their administrations for sponsorship opportunities. We suspect this is the likely vector that UNC5812 is using to approach the respective legitimate channels to increase the operation\'s reach. ]]> 2024-10-28T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/ www.secnews.physaphae.fr/article.php?IdArticle=8602806 False Malware,Threat,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais HarmonyOS NEXT sounds dissonant until you get the theme Opinion  Launching a new mobile OS is what professional historians of technology refer to as a dumb move. It is so shatteringly stupid that even Microsoft stopped bothering after three or four goes – did we all just imagine the Kin?…]]> 2024-10-28T09:30:14+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/28/opinion_column_huawei_harmony_os/ www.secnews.physaphae.fr/article.php?IdArticle=8602749 False Mobile None 3.0000000000000000 ProofPoint - Cyber Firms 2024-10-28T08:26:44+00:00 https://www.proofpoint.com/us/blog/threat-insight/pig-butchers-join-gig-economy-cryptocurrency-scammers-target-job-seekers www.secnews.physaphae.fr/article.php?IdArticle=8602748 False Threat,Mobile None 3.0000000000000000 Wired Threat Level - Security News These addictive smartphone games are perfect for the small screen in your pocket.]]> 2024-10-27T14:03:00+00:00 https://www.wired.com/gallery/best-mobile-games-iphone-android/ www.secnews.physaphae.fr/article.php?IdArticle=8602430 False Mobile None 2.0000000000000000 The Register - Site journalistique Anglais If only all Android apps were so effortlessly stylish BORK!BORK!BORK!  As large and cheap LCD displays become ever more common, techies on the move can see there is no rest for the IoT signage silage – but this does not seem to be the case if your name is Mr Biz Daemon.…]]> 2024-10-26T00:30:10+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/26/biz_daemon_app_error/ www.secnews.physaphae.fr/article.php?IdArticle=8601839 False Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot *AhnLab Security Intelligence Center (ASEC) has discovered that malware is being distributed under the guise of gambling games such as badugi, 2-player go-stop, and hold\'em.* The malware itself appears to have been created by the]]> 2024-10-25T19:24:44+00:00 https://community.riskiq.com/article/118a2c8f www.secnews.physaphae.fr/article.php?IdArticle=8601767 False Malware,Tool,Threat,Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-25T16:15:13+00:00 https://community.riskiq.com/article/471a59d3 www.secnews.physaphae.fr/article.php?IdArticle=8601739 True Spam,Malware,Vulnerability,Threat,Studies,Mobile,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Préférences> Paramètres du panneau de configuration> Options de dossier. - Créer des paramètres pour les extensions de fichiers .jse et .js, en les associant à notepad.exe ou à un autre éditeur de texte. - Vérifiez votre pare-feu de périmètre et votre proxy pour empêcher les serveurs de créer des connexions arbitraires à Internet pour parcourir ou télécharger des fichiers.Ces restrictions aident à inhiber les téléchargements de logiciels malveillants et l'activité de commande et de contrôle (C2), y compris les appareils mobiles. - Encouragez les utilisateurs à utiliser Microsoft Edge et d'autres navigateurs Web qui prennent en charge SmartScreen, qui identifie et bloque des sites Web malveillants, y compris des sites de phishing, des sites d'arnaque et des sites contenant des exploits et hébergent des logiciels malveillants.Allumez la protection du réseau pour bloquer les connexions aux domaines malveillants et aux adresses IP. - Installez uniquement les applications à partir de sources de confiance, telles que l'App Store officiel de la plate-forme logicielle \\.Les sources tierces peuvent avoir des normes laxistes pour les applications hébergées, ce qui facilite le téléchargement et la distribuer des logiciels malveillants. - Allumez [Protection en cloud-étirement] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antvirus?ocid=Magicti_TA_LearnDoc) et la soumission automatique de l'échantillon de l'échantillon automatiquesur [Microsoft Defender Antivirus](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus? Ocid = magicti_ta_learndoc).Ces capacités utilisent l'intelligence artificielle et l'apprentissage automatique pour identifier et arrêter rapidement les menaces nouvelles et inconnues. - Exécutez la [dernière version de vos systèmes d'exploitation] (https://support.microsoft.com/windo]]> 2024-10-24T19:05:47+00:00 https://community.riskiq.com/article/055c91ec www.secnews.physaphae.fr/article.php?IdArticle=8601603 False Spam,Malware,Tool,Vulnerability,Threat,Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Don\'t ignore this nasty zero day exploit says TAG A nasty bug in Samsung\'s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researchers.…]]> 2024-10-24T00:16:09+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/24/samsung_phone_eop_attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8601501 False Threat,Mobile None 4.0000000000000000 TroyHunt - Blog Security Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?]]> 2024-10-23T23:03:15+00:00 https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/ www.secnews.physaphae.fr/article.php?IdArticle=8601491 False Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Popular titles on both Google Play and Apple\'s App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.]]> 2024-10-23T15:44:38+00:00 https://www.darkreading.com/cloud-security/mobile-apps-millions-downloads-expose-cloud-credentials www.secnews.physaphae.fr/article.php?IdArticle=8601407 False Threat,Mobile,Cloud None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Appdome ThreatScope™ Mobile XDR Named “XDR Innovation of the Year” 2024 CyberSecurity Breakthrough Awards Recognizes Appdome as part of the Outstanding Information Security Products and Companies Around the World - Business News]]> 2024-10-23T15:20:38+00:00 https://www.globalsecuritymag.fr/appdome-threatscope-tm-mobile-xdr-named-xdr-innovation-of-the-year.html www.secnews.physaphae.fr/article.php?IdArticle=8601420 False Mobile None 2.0000000000000000 HackRead - Chercher Cyber Millions of iOS and Android users are at risk after Symantec discovered that popular apps contain hardcoded, unencrypted…]]> 2024-10-23T11:56:03+00:00 https://hackread.com/ios-android-users-risk-apps-expose-cloud-keys/ www.secnews.physaphae.fr/article.php?IdArticle=8601448 False Mobile,Cloud None 3.0000000000000000 Krebs on Security - Chercheur Américain Not long ago, the ability to remotely track someone\'s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.]]> 2024-10-23T11:30:18+00:00 https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/ www.secnews.physaphae.fr/article.php?IdArticle=8601356 False Tool,Mobile,Commercial None 3.0000000000000000 The Register - Site journalistique Anglais Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.…]]> 2024-10-23T09:22:29+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/23/android_ios_security/ www.secnews.physaphae.fr/article.php?IdArticle=8601363 False Mobile,Cloud None 3.0000000000000000 The Register - Site journalistique Anglais 2024-10-23T06:15:03+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/23/huaweis_harmonyos_next_launch/ www.secnews.physaphae.fr/article.php?IdArticle=8601362 False Mobile None 2.0000000000000000 The Register - Site journalistique Anglais New flagship SoC drops Arm and grows its own legs with Oryon During day one of Qualcomm\'s Snapdragon Summit in Maui, Hawaii, it unveiled its latest flagship SoC, dubbed the Snapdragon 8 Elite. This marks a pivotal swing into harnessing the technical prowess of its acquired Nuvia team.…]]> 2024-10-22T19:15:07+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/22/qualcomm_snapdragon_8_elite/ www.secnews.physaphae.fr/article.php?IdArticle=8601364 False Mobile,Technical None 2.0000000000000000 Bleeping Computer - Magazine Américain Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]]]> 2024-10-22T16:19:12+00:00 https://www.bleepingcomputer.com/news/security/aws-azure-auth-keys-found-in-android-and-ios-apps-used-by-millions/ www.secnews.physaphae.fr/article.php?IdArticle=8601359 False Mobile,Cloud None 2.0000000000000000 GoogleSec - Firm Security Blog Google Messages to communicate. That\'s why we\'ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month. With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users. And we\'re not stopping there. We\'re committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private. As part of cybersecurity awareness month, we\'re sharing five new protections to help keep you safe while using Google Messages on Android: Enhanced detection protects you from package delivery and job scams. Google Messages is adding new protections against scam texts that may seem harmless at first but can eventually lead to fraud. For Google Messages beta users2, we\'re rolling out enhanced scam detection, with improved analysis of scammy texts, starting with a focus on package delivery and job seeking messages. When Google Messages suspects a potential scam text, it will automatically move the message into your spam folder or warn you. Google Messages uses on-device machine learning models to classify these scams, so your conversations stay private and the content is never sent to Google unless you report spam. We\'re rolling this enhancement out now to Google Messages beta users who have spam protection enabled. Intelligent warnings alert you about potentially dangerous links. In the past year, we\'ve been piloting more protections for Google Messages users when they receive text messages with potentially dangerous links. In India, Thailand, Malaysia and Singapore, Google Messages warns users when they get a link from unknown senders and blocks messages with links from suspicious senders. We\'re in the process of expanding this feature globally later this year. Controls to turn off messages from unknown international senders. In some cases, scam text messages come from international numbers. Soon, you will be able to automatically hide messages from international senders who are not existing contacts so you don\'t have to interact with them. If enabled, messages from international non-contacts will automatically be moved to the “Spam & blocked” folder. This feature will roll out first as a pilot in Singapore later this year before we look at expanding to more countries. Sensitive Content Warnings give you control over seeing and sending images that may contain nudity. At Google, we aim to provide users with a variety of ways to protect themselves against unwanted content, while keeping them in control of their data. This is why we\'re introducing Sensitive Content Warnings for Google Messages.Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, ]]> 2024-10-22T12:59:32+00:00 http://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html www.secnews.physaphae.fr/article.php?IdArticle=8601349 False Spam,Mobile None 3.0000000000000000 Global Security Mag - Site de news francais Business News

---

GardaWorld Enters into Binding Agreement to Acquire Stealth Monitoring, Creating a Champion in AI-Enabled Mobile and Fixed Video Monitoring Security Solutions Share Creates a global champion position for GardaWorld and its businesses in the high-growth, high-margin mobile and fixed video monitoring industry. Industry-leading monitoring and technological capabilities, including R&D and production with a high level of compatibility with GardaWorld\'s ECAMSECURE - Business News]]> 2024-10-22T10:33:37+00:00 https://www.globalsecuritymag.fr/gardaworld-enters-into-binding-agreement-to-acquire-stealth-monitoring.html www.secnews.physaphae.fr/article.php?IdArticle=8601300 False Mobile None 2.0000000000000000 Zataz - Magazine Francais de secu 2024-10-22T08:32:30+00:00 https://www.zataz.com/fuite-de-donnees-pour-free-mobile-et-freebox/ www.secnews.physaphae.fr/article.php?IdArticle=8601283 False Mobile None 2.0000000000000000 Zimperium - cyber risk firms for mobile Les chercheurs de Zimperium analysent Necro.n et se concentrent sur les différences et les éléments.

---

>Zimperium researchers analyze Necro.N and focuses on the differences and elements. ]]> 2024-10-18T10:00:00+00:00 https://www.zimperium.com/blog/the-necro-n-chronicles-volume-101/ www.secnews.physaphae.fr/article.php?IdArticle=8599803 False Malware,Mobile None 2.0000000000000000 HackRead - Chercher Cyber The app market is saturated with over 7 million apps across major stores. Analytics mobile apps have become…]]> 2024-10-17T18:49:47+00:00 https://hackread.com/how-to-choose-best-analytics-tools-for-mobile-apps/ www.secnews.physaphae.fr/article.php?IdArticle=8599364 False Tool,Mobile None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism New tools aim at phone snatchers, snooping kids or partners, and cell hijackers.]]> 2024-10-17T16:57:54+00:00 https://arstechnica.com/gadgets/2024/10/android-15s-security-and-privacy-features-are-the-updates-highlight/ www.secnews.physaphae.fr/article.php?IdArticle=8599338 False Tool,Mobile None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cloud security firm Zscaler published on Tuesday its Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, which... ]]> 2024-10-17T13:16:53+00:00 https://industrialcyber.co/news/zscaler-releases-2024-threat-report-highlighting-need-for-enhanced-security-in-mobile-iot-ot-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8599250 False Threat,Mobile,Industrial None 3.0000000000000000 Zimperium - cyber risk firms for mobile Zimperium identifie et démystifie les cinq principaux mythes sur la sécurité mobile et a expliqué comment protéger votre entreprise avec clarté et confiance.

---

>Zimperium identifies and debunks the top five myths about mobile security and explained how to safeguard your enterprise with clarity and confidence. ]]> 2024-10-17T13:00:00+00:00 https://www.zimperium.com/blog/debunking-five-myths-about-mobile-security/ www.secnews.physaphae.fr/article.php?IdArticle=8599222 False Mobile None 3.0000000000000000 The Register - Site journalistique Anglais Update for Skyline phone brings selective distraction blocking A couple of months after launch, an OS update has delivered one of the Nokia HMD Skyline\'s headline features.…]]> 2024-10-17T12:39:53+00:00 https://go.theregister.com/feed/www.theregister.com/2024/10/17/hmd_skyline_digital_detox/ www.secnews.physaphae.fr/article.php?IdArticle=8599224 False Mobile None 3.0000000000000000 Korben - Bloger francais 2024-10-17T09:00:00+00:00 https://korben.info/deverrouillez-votre-linux-securite-android-luks.html www.secnews.physaphae.fr/article.php?IdArticle=8599134 False Mobile None 2.0000000000000000 ProofPoint - Cyber Firms Since our July blog, which focused on the increase in mobile political spam volume, unwanted political messaging has continued to grow at a rapid pace. Subscriber reports of these messages increased 67% in September compared with June. We can expect the increases to not only continue, but to accelerate as we approach the November election. As we previously pointed out, most political messaging comes from political action committees, parties and candidates seeking support and donations. Although for many people these messages]]> 2024-10-17T07:31:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spam-text-messages-dos-donts www.secnews.physaphae.fr/article.php?IdArticle=8599221 False Spam,Threat,Mobile,Commercial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-16T19:14:31+00:00 https://community.riskiq.com/article/1f1ea18b www.secnews.physaphae.fr/article.php?IdArticle=8598903 False Ransomware,Malware,Tool,Threat,Mobile,Cloud None 2.0000000000000000 TechRepublic - Security News US A new report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero-trust security.]]> 2024-10-16T19:00:37+00:00 https://www.techrepublic.com/article/zscaler-2024-mobile-iot-ot-cyber-threat-report/ www.secnews.physaphae.fr/article.php?IdArticle=8598859 False Mobile,Industrial None 2.0000000000000000 HackRead - Chercher Cyber Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…]]> 2024-10-16T17:14:33+00:00 https://hackread.com/new-tool-dva-detects-and-removes-android-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8598839 False Malware,Tool,Mobile None 2.0000000000000000 SecurityWeek - Security News Google a publié Android 15 avec de nouvelles fonctionnalités de sécurité pour garder les appareils et les applications sensibles mieux protégées.

---

>Google has released Android 15 with new security features to keep devices and sensitive applications better protected. ]]> 2024-10-16T16:30:00+00:00 https://www.securityweek.com/android-15-rolling-out-with-new-theft-application-protection-features/ www.secnews.physaphae.fr/article.php?IdArticle=8598817 False Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device\'s unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for]]> 2024-10-15T21:17:00+00:00 https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html www.secnews.physaphae.fr/article.php?IdArticle=8598262 False Threat,Mobile None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cyble Research and Intelligence Labs (CRIL) has identified a new cyber campaign, “ErrorFather,” which utilizes a variant of the Cerberus Android Banking Trojan. ## Description Originally discovered in 2019, Cerberus is known for targeting financial and social media apps with keylogging, overlay attacks, and remote control features via VNC. The ErrorFather campaign incorporates multiple layers of infection, including session-based droppers and encrypted payloads, making detection and removal more difficult. The campaign, which saw increased activity in September and October 2024, deploys malware capable of stealing sensitive information like login credentials and payment details through sophisticated phishing techniques. A unique feature of ErrorFather is its use of a Domain Generation Algorithm (DGA), which enables dynamic updates to Command and Control (C&C) servers, keeping the malware functional even if primary servers are disabled. Despite bein]]> 2024-10-15T16:24:37+00:00 https://community.riskiq.com/article/d73f02ab www.secnews.physaphae.fr/article.php?IdArticle=8598281 False Malware,Threat,Mobile None 2.0000000000000000 ZD Net - Magazine Info Your Android phone is about to be a lot less attractive to thieves.]]> 2024-10-15T16:00:23+00:00 https://www.zdnet.com/article/android-15-is-here-and-you-should-update-your-phone-asap-heres-why/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8598231 False Mobile None 1.00000000000000000000 ZD Net - Magazine Info With Android 15 dropping today, Google\'s phones are getting smarter, more secure, and a whole lot more useful in so many ways.]]> 2024-10-15T16:00:00+00:00 https://www.zdnet.com/article/your-pixel-phone-is-getting-a-big-update-look-for-these-10-useful-features/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8598232 False Mobile None 1.00000000000000000000 ZD Net - Magazine Info The Oukitel C50 isn\'t from a well-known brand, but it has great battery life and a big 90Hz display, making it feel like it should be twice the price.]]> 2024-10-15T15:57:00+00:00 https://www.zdnet.com/article/one-of-the-best-cheap-android-phones-ive-tested-is-not-a-samsung-or-oneplus/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8598233 False Mobile None 1.00000000000000000000 ZD Net - Magazine Info Want an AI voice assistant that can naturally converse with you in 6 different languages - for free? If you\'re on Android, you\'re in luck.]]> 2024-10-15T15:21:00+00:00 https://www.zdnet.com/article/gemini-live-is-available-to-all-android-phones-for-free-heres-why-you-should-try-it/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8598234 False Mobile None 2.0000000000000000 GoogleSec - Firm Security Blog 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google\'s threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild. Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities. At Google, we have been mindful of these issues for over two decades, and are on a journey to continue advancing the state of memory safety in the software we consume and produce. Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle. This proactive approach fosters a safer and more trustworthy digital environment for everyone. This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety. Our journey so far Google\'s journey with memory safety is deeply intertwined with the evolution of the software industry itself. In our early days, we recognized the importance of balancing performance with safety. This led to the early adoption of memory-safe languages like Java and Python, and the creation of Go. Today these languages comprise a large portion of our code, providing memory safety among other benefits. Meanwhile, the rest of our code is predominantly written in C++, previously the optimal choice for high-performance demands. We recognized the inherent risks associated with memory-unsafe languages and developed tools like sanitizers, which detect memory safety bugs dynamically, and fuzzers like AFL and libfuzzer, which proactively test the robustness and security of a software application by repeatedly feeding unexpected inputs. By open-sourcing these tools, we\'ve empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases. Taking this commitment a step further, we provide continuous fuzzing to open-source projects through OSS-Fuzz, which helped get over 8800 vulnerabilities identified and subsequently fixed across 850 projects. Today, with the emergence of high-performance memory-safe languages like Rust, coupled with a deeper understanding of the limitations of purely detection-based approaches, we are focused primarily on preventing the introduction of security vulnerabilities at scale. Going forward: Google\'s two-pronged approach Google\'s long-term strategy for tackling memory safety challenges is multifaceted, recognizing the need to address both existing codebases and future development, while maintaining the pace of business.]]> 2024-10-15T13:44:17+00:00 http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html www.secnews.physaphae.fr/article.php?IdArticle=8598282 False Tool,Vulnerability,Threat,Studies,Mobile,Technical None 3.0000000000000000 GoogleSec - Firm Security Blog Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off. The incident left her deeply shaken. Not only was she saddened at the loss of precious data, like pictures of her nephew, but she also felt vulnerable knowing her banking information was on her phone that was just stolen by a thief. Situations like Janine\'s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform. Phone theft is a widespread concern in many countries – 97 phones are robbed or stolen every hour in Brazil. The GSM Association reports millions of devices stolen every year, and the numbers continue to grow. With our phones becoming increasingly central to storing sensitive data, like payment information and personal details, losing one can be an unsettling experience. That\'s why we developed and thoroughly beta tested, a full suite of features designed to protect you and your data at every stage – before, during, and after device theft. These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices). AI-powered protection for your device the moment it is stolen Theft Detection Lock uses powerful AI to proactively protect you at the moment of a theft attempt. By using on-device machine learning, Theft Detection Lock is able to analyze various device signals to detect potential theft attempts. If the algorithm detects a potential theft attempt on your unlocked device, it locks your screen to keep thieves out. To protect your sensitive data if your phone is stolen, Theft Detection Lock uses device sensors to identify theft attempts. We\'re working hard to bring this feature to as many devices as possible. This feature is rolling out gradually to ensure compatibility with various devices, starting today with Android devices that cover 90% of active users worldwide. Check your theft protection settings page periodically to see if your device is currently supported. In addition to Theft Detection Lock, Offline Device Lock protects you if a thief tries to take your device offline to extract da]]> 2024-10-15T12:40:16+00:00 http://security.googleblog.com/2024/10/android-theft-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8598283 False Tool,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The sophisticate campaign, ErrorFather, employs keylogging, virtual networks and a domain generation algorithm to target Android users]]> 2024-10-15T11:30:00+00:00 https://www.infosecurity-magazine.com/news/cerberus-android-banking-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=8598123 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. [...]]]> 2024-10-15T10:26:27+00:00 https://www.bleepingcomputer.com/news/security/over-200-malicious-apps-on-google-play-downloaded-millions-of-times/ www.secnews.physaphae.fr/article.php?IdArticle=8598205 False Mobile None 2.0000000000000000 WatchGuard - Fabricant Matériel et Logiciels 2024-10-15T00:00:00+00:00 https://www.watchguard.com/fr/wgrd-news/press-releases/rapport-cybersecurite-watchguard-les-cybercriminels-tentent-de-transformer www.secnews.physaphae.fr/article.php?IdArticle=8599648 False Tool,Threat,Mobile None 4.0000000000000000 Korben - Bloger francais 2024-10-14T18:00:46+00:00 https://korben.info/le-quishing-lescroquerie-au-qr-code-qui-pourrait-vous-couter-cher.html www.secnews.physaphae.fr/article.php?IdArticle=8597742 False Mobile None 2.0000000000000000 ZD Net - Magazine Info Apple\'s streaming service will be available later this month as an add-on to Amazon\'s Prime Video content.]]> 2024-10-14T16:39:51+00:00 https://www.zdnet.com/home-and-office/home-entertainment/prime-video-subscribers-can-soon-watch-apple-tv-shows-android-users-rejoice/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8597718 False Mobile None 2.0000000000000000 ZD Net - Magazine Info Blackview\'s Mega 1 is an 11.5-inch Android 13 tablet with a brilliant 120Hz display and 24GB of RAM at a surprisingly low price point.]]> 2024-10-14T15:34:33+00:00 https://www.zdnet.com/article/the-budget-android-tablet-i-recommend-has-a-dazzling-display-that-looks-twice-the-price/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8597693 False Mobile None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-14T14:58:48+00:00 https://community.riskiq.com/article/f3797403 www.secnews.physaphae.fr/article.php?IdArticle=8597687 False Ransomware,Malware,Tool,Threat,Mobile None 3.0000000000000000 ZD Net - Magazine Info Chipolo\'s latest One and Card trackers are perfect for keys and wallets that can go missing.]]> 2024-10-14T14:44:51+00:00 https://www.zdnet.com/article/i-found-the-best-airtags-for-android-users-and-theyre-highly-accurate/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=8597666 False Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. [...]]]> 2024-10-14T13:34:35+00:00 https://www.bleepingcomputer.com/news/security/trickmo-malware-steals-android-pins-using-fake-lock-screen/ www.secnews.physaphae.fr/article.php?IdArticle=8597739 False Malware,Mobile None 2.0000000000000000 Wired Threat Level - Security News This hybrid Windows/Android 2-in-1 mashup is cool, expensive, and confusing.]]> 2024-10-12T12:30:00+00:00 https://www.wired.com/review/lenovo-thinkbook-plus-gen-5/ www.secnews.physaphae.fr/article.php?IdArticle=8596591 False Mobile None 2.0000000000000000