Security
Headlines
HeadlinesLatestCVEs

Tag

#android

SMS scammers use toll fees as a lure

Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims' personal details and credit card information.

Malwarebytes
Open in Source
#web#ios#android#git
New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has

No, not every Social Security number in the U.S. was stolen

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.

CVE-2024-38208: Microsoft Edge for Android Spoofing Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?** Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials. The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank, according to Slovak cybersecurity company ESET. "The phishing

Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

Plus: US regulators fine T-Mobile $60 million for mishap with sensitive data, New Zealand approves Kim Dotcom’s US extradition, and San Francisco takes on deepfake porn.

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as