Introducing the New PCI SSC Mobile App

 
The PCI Security Standards Council (PCI SSC) is pleased to announce the release of its new mobile app. The PCI SSC mobile app allows for more direct engagement with payment industry stakeholders, including instant notification of Counc…

September 8, 2022
Read More >>

A new Android malware used to spy on the Uyghur Community

Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […]

The post A new Android malware used to spy on the Uyghur Community appeared first on Security Affairs.

September 6, 2022
Read More >>

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services. The experts pointed out that most of the apps containing hard-coded Amazon Web Services […]

The post 1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials appeared first on Security Affairs.

September 1, 2022
Read More >>

A flaw in TikTok Android app could have allowed the hijacking of users’ accounts

Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. The experts state that the vulnerability would have required the chaining with other […]

The post A flaw in TikTok Android app could have allowed the hijacking of users’ accounts appeared first on Security Affairs.

September 1, 2022
Read More >>

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit

Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement and intelligence agencies. The Vx-undergroud researchers shared some images of several confidential documents that appear to be […]

The post Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit appeared first on Security Affairs.

August 29, 2022
Read More >>

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct […]

The post Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business appeared first on Security Affairs.

August 23, 2022
Read More >>

Apple fixed two new zero-day flaws exploited by threat actors

Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […]

The post Apple fixed two new zero-day flaws exploited by threat actors appeared first on Security Affairs.

August 18, 2022
Read More >>

Bugdrop dropper includes features to circumvent Google’s security Controls

Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of the Google OS. The experts noticed something unusual in the […]

The post Bugdrop dropper includes features to circumvent Google’s security Controls appeared first on Security Affairs.

August 17, 2022
Read More >>