Analysis shows that the malware, previously a banking trojan focused on Android devices, has rapidly evolved just in the past month.
Link: https://threatpost.com/roaming-mantis-swarms-globally-spawning-ios-phishing-cryptomining/132149/
Tag: Mobile Security
Fake Fortnite Apps for Android Spread Spyware, Cryptominers
An array of malicious Android apps purporting to be popular game Fortnite are instead harvesting call logs and downloading cryptomining malware.
Link: https://threatpost.com/fake-fortnite-apps-for-android-spread-spyware-cryptominers/132062/
Samsung Patches Six Critical Bugs in Flagship Handsets
Samsung updates S9, Note 8 and S8 phones with 27 patches from a RCE bug to a patch that prevents an ancient peek-and-poke attack first identified in 1980s.
Link: https://threatpost.com/samsung-patches-six-critical-bugs-in-flagship-handsets/131940/
Severe Keyboard Flaws in LG Smartphones Allow Remote Code Execution
An attacker can gain man-in-the-middle access to inject a rogue executable file onto the phone.
Link: https://threatpost.com/severe-keyboard-flaws-in-lg-smartphones-allow-remote-code-execution/131829/
Sierra Wireless Patches Critical Vulns in Hundreds of Thousands of Wireless Routers
Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet. The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a […]
Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction
Florida-based phone maker BLU is facing an FTC complaint over allegations it shared detailed personal user data with a third-party firm that included full text messages, call logs and contact lists.
Free Speech Advocates Blast Amazon Over Threats Against Signal
Secure-messaging firm Signal was told by Amazon not to use its AWS servers for domain-fronting, a technique used to enable communications in countries such as Egypt, Oman, Qatar and UAE where the service is banned.
Link: https://threatpost.com/free-speech-advocates-blast-amazon-over-threats-against-signal/131640/
Whapa is an android whatsapp database parser that automates the process.
Whapa is an android whatsapp database parser that automates the process. The main purpose of whapa is to present the data handled by the Sqlite…
Link: http://seclist.us/whapa-is-an-android-whatsapp-database-parser-that-automates-the-process.html
Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018
Threatpost talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement’s use of iPhone passcode cracker called GreyKey.
Millions of Apps Leak Private User Data Via Leaky Ad SDKs
Mobile apps leak personal data via insecure ads that transmit ad-targeting data insecurely.
Link: https://threatpost.com/millions-of-apps-leak-private-user-data-via-leaky-ad-sdks/131251/