ANDROID – Cybersecurity News Everyday

Hackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025

January 25, 2025 Cyware

Summary: The Pwn2Own Automotive 2025 competition saw security researchers exploit 16 unique zero-day vulnerabilities, earning a total of $382,750 in cash awards. Fuzzware.io led the event by hacking electric vehicle chargers, while other teams also showcased their skills against various automotive technologies. The competition emphasizes the importance of securing automotive systems as vendors are given 90 days to patch the reported vulnerabilities.…

Cyber Security News

Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

January 24, 2025 CybersecurityNews

Summary: The Pwn2Own Automotive 2025 hacking contest concluded with researchers earning $886,250 by exploiting 49 zero-day vulnerabilities in various automotive software and products. The event highlighted security flaws in electric vehicle chargers, car operating systems, and in-vehicle infotainment systems. Summoning Team’s Sina Kheirkhah emerged as the winner, showcasing significant exploits against EV chargers and IVI systems.…

Cyber Security News

Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations

January 24, 2025January 25, 2025 CybersecurityNews

Summary: Google has introduced a new feature called Identity Check for Android devices, requiring biometric authentication for accessing sensitive settings outside of trusted locations. This feature aims to enhance security for Google Accounts and prevent unauthorized access. It is currently available on select Pixel and Samsung Galaxy devices running the latest software updates.…

Cyber Security News

Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers

January 24, 2025January 25, 2025 CybersecurityNews

Summary: A recent survey by Omdia reveals that phishing scams are the primary security threat for smartphone users, with 24% of respondents reporting they have fallen victim to such attacks. The survey highlights the inadequacies of current smartphone protections against phishing, despite advancements in device security.…

Threat Research

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog

January 23, 2025January 23, 2025 Securonix

Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…

Threat Research

Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4

January 22, 2025January 22, 2025 admin

The 20th edition of the Cloudflare DDoS Threat Report highlights significant increases in DDoS attacks in 2024, with a record-breaking 5.6 Tbps attack detected. Cloudflare’s DDoS defense systems blocked over 21 million attacks this year, showcasing the growing threat landscape and the importance of robust cybersecurity measures.…

Cyber Security News

Murdoc Botnet Ensnaring Avtech, Huawei Devices

January 22, 2025 CybersecurityNews

Summary: A new variant of the Mirai malware, named Murdoc Botnet, has been identified exploiting vulnerabilities in Avtech cameras and Huawei routers to create a botnet. This malware has been actively targeting these devices for approximately six months, with over 1,300 IPs involved in the campaign.…

Cyber Security News

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users

January 22, 2025January 22, 2025 iocOne

Mozilla Firefox and Thunderbird users are facing critical vulnerabilities that could result in arbitrary code execution and system instability. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory urging immediate software updates to mitigate these risks. Affected: Mozilla Firefox, Mozilla Thunderbird

Keypoints :

High-severity vulnerabilities found in Mozilla Firefox and Thunderbird.…

Cyber Attack

DONOT Group Deploys Malicious Android Apps in India

January 22, 2025January 25, 2025 LeakNews

Summary: The DONOT Team, an advanced persistent threat (APT) group, is utilizing two deceptive Android applications, “Tanzeem” and “Tanzeem Update,” to conduct intelligence-gathering operations against individuals and organizations in India. These apps masquerade as chat applications but are designed to exploit device permissions for data harvesting.…

Cyber Security News

Researchers Found New Android Malware Linked to DoNot Team APT Group

January 21, 2025 Cyware

Summary: CYFIRMA researchers have linked a newly discovered Android malware named “Tanzeem” to the Indian APT group DoNot Team, which has been active since 2016. This malware targets government and military organizations in South Asia and utilizes the OneSignal platform to deliver phishing links. The evolving tactics of the DoNot APT group signify a persistent threat to regional cybersecurity.…

Cyber Security News

Phishing Attacks Are the Most Common Smartphone Security Issue for Consumers

January 21, 2025January 25, 2025 CybersecurityNews

Summary: A recent consumer survey highlights that phishing attacks are the most prevalent security concern among smartphone users, followed by malware and physical theft. Testing reveals that while Samsung S24 excels in anti-phishing protection, other premium devices, including the iPhone 16 Pro, lack adequate security features.…

Cyber Security News

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

January 20, 2025 CybersecurityNews

Summary: The DoNot Team has developed a new Android malware named Tanzeem, designed for targeted cyber attacks against specific individuals or groups. The malware masquerades as a chat application but fails to function, instead facilitating intelligence gathering through various malicious activities. This development highlights the group’s evolving tactics, including the abuse of push notifications to deploy additional malware.…

Cyber Security News

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

January 20, 2025 CybersecurityNews

Summary: Russian nation-state actor Star Blizzard has initiated a spear-phishing campaign targeting WhatsApp accounts of individuals in government, diplomacy, and organizations related to Ukraine aid. This campaign marks a tactical shift following the exposure of their previous methods, utilizing social engineering techniques to compromise accounts without malware.…

Cyber Attack

AWS Patches Vulnerabilities in WorkSpaces, AppStream 2.0, and DCV Clients

January 18, 2025January 25, 2025 Cyware

Summary: Amazon has issued a security advisory for two critical vulnerabilities (CVE-2025-0500 and CVE-2025-0501) affecting its native clients for Amazon WorkSpaces, AppStream 2.0, and DCV, with a CVSSv4 score of 7.7. These vulnerabilities could enable attackers to execute man-in-the-middle (MITM) attacks, potentially granting unauthorized access to remote sessions.…

Threat Research

New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog

January 17, 2025January 17, 2025 Securonix

In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…

Threat Research

ANDROID MALWARE IN DONOT APT OPERATIONS

January 17, 2025 Cyfirma

The CYFIRMA research team has identified a new Android malware attributed to the Indian APT group ‘DONOT’, utilizing a seemingly benign application named “Tanzeem” to gather intelligence against internal threats. The app misuses the OneSignal platform to send phishing notifications, and its permissions allow extensive access to user data.…

Trash

Windows 10 KB5049981, Windows 11 KB5050009 & KB5050021 Security Updates

January 16, 2025January 16, 2025 iocOne

Microsoft has released security updates for Windows 10 and Windows 11, which include new features and address various vulnerabilities. Notably, the updates introduce a blocklist for vulnerable kernel drivers and highlight known issues affecting SSH connections and Citrix configurations. Affected: Windows 10, Windows 11, Citrix

Keypoints :

Microsoft has provided security updates for Windows 10 (KB5049981) and Windows 11 (KB5050009, KB5050021).…

Cyber Security News

Chrome 132 Patches 16 Vulnerabilities

January 15, 2025 SecurityWeek

Summary: Google has released Chrome 132, addressing 16 security vulnerabilities, including 13 reported by external researchers. Among these, five high-severity flaws were identified, leading to significant bug bounty rewards for the researchers involved. Users are encouraged to update their browsers promptly to mitigate potential risks.

Threat Actor: N/A | N/A Victim: Google Chrome Users | Google Chrome Users

Keypoints :

Chrome 132 includes 16 security fixes, with five high-severity vulnerabilities addressed.…

Threat Research

Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT

January 15, 2025January 15, 2025 iocOne

January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…

Tag: ANDROID