Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Google’s first Android security transparency report highlights dangers of third-party app stores

By

Android users who download from Google Play are less likely to install potentially harmful apps than those who download from unofficial third-party stores, according to the inaugural edition of Google’s quarterly Android Ecosystem Security Transparency Report. The data published in the online report last Thursday was collected from users who enabled the Google Play Protect…

A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

Group FaceTime for iOS exposes users’ full contact info

By

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…

Spyware disguised as Spanish banking apps removed from Google Play

By

A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…

Apps submitted to Google Play are now reviewed by 'experts'

29 stealthy banking trojans removed from Google Play store

By

Nearly 30 banking trojans were removed from the Google Play Store but not before being downloaded by nearly 30,000 users. ESET researchers spotted 29 malicious apps masquerading as device boosters, cleaners, battery managers, horoscope-themed apps and after installed, could dynamically impersonate any app installed on the victim’s device and target the user with custom phishing…

Apple tweaks lock screen options in iOS security update

By

Apple yesterday issued its first software update for the iOS 12 operating system, fixing two bugs that both impact lock screen security. It also separately remedied 19 vulnerabilities in iCloud for Windows 7.7. The release of iOS 12.0.1 repairs CVE-2018-4380, a flaw in the VoiceOver feature, which a local attacker could exploit to view photos…

A weakness in Apple’s DEP authentication leaves users open to attack

By

Researchers have noted a lack of authentication in the  Apple Device Enrollment Program that could allow a malicious actor to steal Wi-Fi passwords and VPN configurations. The vulnerability was dug out by Duo Labs who found Apple’s device enrollment program (DEP) has an authentication weakness that can be exploited when organizations use Apple’s mobile device…

Senate building

Wyden warns foreign gov’t cyberattacks aimed at personal accounts of senators, aides

By

The personal email accounts of senators and their aides are in the crosshairs of nation-state hackers, Sen. Ron Wyden, D-Ore., warned Senate leaders in a letter that took the body’s security office to task for failing to safeguard them. Noting that “at least one major technology company” had notified some senators and their aides that…

White House says new Chinese IT equipment rule may disrupt business without helping security

White House further restricts mobile devices in West Wing

By

The proclivity of former White House aide Omarosa Manigault Newman to record conversations with colleagues, including the president and her firing in the Situation Room by Chief of Staff John Kelly, has prompted the administration to further restrict staffers use of mobile devices in the West Wing. An earlier policy enacted 19 months ago called…

Next post in Government/Defense