Security
Headlines
HeadlinesLatestCVEs

Tag

#android

North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

The Hacker News
#android#The Hacker News
Sungrow iSolarCloud Android App WiNet Firmware

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment: iSolarCloud Android App, WiNet Firmware Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sungrow software products are affected: iSolarCloud Android App: Version 2.1.6 and prior WiNet Firmware: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks. This may allow an attacker to impersonate the iSolarCloud server and communicate with the And...

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”

Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.

Android devices track you before you even sign in

Google spies on Android device users, starting from even before they have logged in to their Google account.

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)

This week on the Lock and Code podcast, we speak with Tim Shott about his attempt to find his location data following a major data breach.

Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets

Plus: The world’s “largest illicit online marketplace” gets hit by regulators, police seize the Garantex crypto exchange, and scammers trick targets by making up ransomware attacks.

Android botnet BadBox largely disrupted

Removing 24 malicious apps from the Google Play store and silencing some servers has almost halved the BadBox botnet.

Unmasking the new persistent attacks on Japan

Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.

I spoke to a task scammer. Here’s how it went

Task scams are increasing in volume. We followed up on an invitation by a task scammer to get a first hand look on how they work.

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real