Mobile Security | SC Media

Mobile Security

iphone

Facebook phishing campaign hitting iOS users

A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials. The report by Myki said the attackers create fake copies of legitimate sites to attract victims. The victim is then asked to login in using his or her social media credentials, like Facebook.…

mobile security

Android officially adopts FIDO2 authentication standard as alternative to passwords

Google’s Android operating system is now certified to employ the FIDO2 open authentication standard, a development that could help owners of more than a billion Android devices phase out the use of passwords when logging in to online services. As an alternative to potentially insecure passwords, FIDO2 instead offers the option of using fingerprints or…

Google Play announces 2019 malicious app crackdown

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…

Adiantum boosts encryption for low-end Android devices

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Report: Apple demands companies obtain consent before recording users’ app sessions

Apple has reportedly issued an ultimatum to companies that rely on “session replay” tools to track the way users interact with their iPhone apps: disclose the practice and seek explicit consent for it, or be removed from the app store. Apple’s mandate comes after a TechCrunch report last Wednesday revealed that Air Canada, Hollister, Expedia,…

Amazon Logo

National Enquirer threat to reveal intimate Bezos pics trains focus on privacy protection

By going public with alleged extortion attempts, Amazon CEO Jeff Bezos may have thwarted the National Enquirer’s attempts to quash the Washington Post’s probe into the tabloid media company’s practices, but the incident also turned a harsh spotlight on unethical, potentially illegal acts and ratcheted up concerns about privacy. In a Thursday blog post, Bezos…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

spyware

Cybercriminals secretly bundle anti-censorship app with spyware framework

A legitimate application that’s supposed to help users access censored or blocked websites was secretly bundled with Android spyware and made available for download on third-party marketplaces last year. The app, known as Psiphon and packaged as com.psiphon3, has been safely downloaded from the official Google Play Store over 50 million times. But users who attained…

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple’s Siri Shortcuts feature vulnerable to abuse, researchers warn

Siri Shortcuts, Apple’s recently introduced native feature for iOS 12, can potentially be abused by threat actors to deliver malware to unsuspecting mobile device users, researchers are warning. The tool allows users to quickly execute and automate multiple-step tasks with just a single tap or voice command. Device owners who download the Siri Shortcuts app…

Next post in Security News