The Android banking trojan, SpyNote, has been thoroughly examined to uncover its multifaceted data-gathering capabilities. Typically distributed through SMS phishing campaigns, this spyware tricks potential victims into installing it by luring them to click on embedded links. Once installed, SpyNote seeks invasive permissions to access call logs, the camera, SMS messages, and external storage. It excels at concealing its presence on the Android...

Google has made a significant stride in user security by implementing default passkeys for all its users. This move comes five months after the company initially rolled out support for the passwordless standard for Google Accounts, as advocated by the FIDO Alliance, across all platforms.

What this means is that the next time users log into their Google accounts, they will encounter prompts to...

There have been reports of dual ransomware attacks on US companies since July 2023. These attacks involve the use of two different ransomware strains, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, in various combinations. It is unclear how widespread these attacks are, but they are believed to occur within a short timeframe, ranging from 48 hours to 10 days apart. It's important to be vigilant and take necessary...

Apple has taken swift action by releasing security patches to counter three zero-day vulnerabilities that were actively exploited across iOS, iPadOS, macOS, watchOS, and Safari. These patches bring the tally of zero-day vulnerabilities discovered in Apple's software this year to a staggering 16. 

The vulnerabilities include issues with certificate validation, a kernel security flaw, and a...

Microsoft has issued a warning about a new phishing campaign called Storm-0324 (also known as TA543 and Sagrid) orchestrated by an initial access broker. This campaign diverges from traditional email-based methods by using Microsoft Teams messages as bait to infiltrate corporate networks.

Storm-0324 operates as a payload distributor in the cybercriminal realm, facilitating the spread of various...

Fake Telegram apps with spyware capabilities have been discovered on the Google Play Store, aiming to steal sensitive information from Android devices. These malicious apps, dubbed "Evil Telegram" by cybersecurity firm Kaspersky, were responsible for collecting user data, including names, user IDs, contacts, phone numbers, and chat messages, and sending it to a server controlled by threat actors. These counterfeit apps had been downloaded millions...

Meta recently announced that it successfully disrupted two of the world's largest covert influence operations that originated from China and Russia. As a result, numerous accounts and pages were blocked across its platform. Guy Rosen, Meta's Chief Information Security Officer, reported that these operations targeted more than 50 applications, including popular platforms like Facebook, Instagram, X (formerly Twitter), YouTube, TikTok, Reddit,...

Kroll, a provider of financial advisory solutions, recently revealed an incident where one of its employees was targeted in an intricate SIM-swapping attack. On August 19, 2023, the episode focused on the employee's T-Mobile account. Unauthorized by Kroll or the employee, T-Mobile transferred the employee's phone number to the attacker's device as per their request. This breach enabled the assailant to access specific files containing personal...

A recent study by Zimperium has uncovered a worrisome trend among threat actors. They are using obscure and unsupported compression methods in Android Package (APK) files to avoid being detected by malware analysis. These methods were found in 3,300 artifacts found in the wild. Out of these artifacts, 71 samples can be easily integrated into an operating system without any issues.

It's important to note that these apps were never available on the Google Play Store. This suggests that...

Google has unveiled its strategic initiative to bolster the security landscape of its Chrome browser by integrating support for quantum-resistant encryption algorithms. Commencing with version 116, this endeavor marks a significant step towards fortifying the protection of online communication.

In a recent announcement, Devon O'Brien detailed the forthcoming inclusion of the X25519Kyber768...