In an increasingly digital world, the importance of mobile security cannot be overstated. With millions of apps available on Google’s Play Store and Apple’s App Store, users trust developers to safeguard their personal information. Unfortunately, this trust is often misplaced.
A key step in preventing unauthorized access to user data is encryption, especially when it comes to moving data from device to server and back again. If implemented incorrectly by app developers, it can expose users to a host of potential attack scenarios, including data theft, eavesdropping, and man-in-the-middle (MitM) attacks, just to name a few.
Read more…
Source: Symantec
Related:
- How secret rise of zero-day brokers is causing worldwide security risks
April 18, 2024
Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about. Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it ...
- Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
April 17, 2024
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, ...
- CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
April 17, 2024
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges ...
- CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
April 17, 2024
An integer overflow vulnerability exists in the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into ...
- Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
April 16, 2024
Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800). FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, their researchers observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and ...
- Trust Wallet Issues Warning to Apple Users About Zero-Day Exploit in iMessage
April 16, 2024
Trust Wallet, a popular web3 wallet, has issued a warning to Apple users, urging them to disable iMessage due to “credible intel” regarding a zero-day exploit. The company shared the alert on X, stating that the exploit, which is being sold on the Dark Web, could potentially allow hackers to take control of users’ iPhones without ...