Users of a popular Android app with more than 10 million downloads discovered recently that the previously trustworthy app had become a delivery platform for fraudulent ads. Malwarebytes posted recently about their analysis of forum patron complaints relating to the Barcode Scanner app created by LavaBird LTD and until recently available on Google Play. The Barcode Scanner app billed itself … Read More
Google Patches Active Zero-Day Chrome Exploit
If you use the Google Chrome web browser, don’t wait for your next automatic update. Do it manually, and do it now. The new release includes a security patch for what Google described as a heap buffer overflow in V8 in a blog post on February 4. This memory corruption vulnerability, dubbed CVE-2021-21148, was discovered by a researcher late last … Read More
Data Privacy Day Promotes Accountability
Data Privacy Day, commemorated each year on January 28, is an important part of ongoing efforts by the National Cyber Security Alliance (NCSA) to promote responsible data privacy practices. This year’s commemoration comes at a time when the global COVID-19 pandemic has dramatically altered the way many of us live and work. And these changes have created new challenges for … Read More
New Malware Strain Found in SolarWinds Hack
Cybersecurity analysts continue to assess the potential damage of a massive attack on SolarWinds’ Orion software platform. The attack, first reported in December last year, injected malware into certain version updates of a popular software platform used by thousands of organizations, including top U.S. government agencies. Previous analysis of the supply chain attack, considered to have links to the Russian … Read More
Google Finds New Windows, Android Exploits
Google’s Project Zero team this week published the results of an investigation into attacks that targeted Android and Windows devices in the early months of 2020. The team posted its results in a six-part blog post. The team said the attack was conducted by “a highly sophisticated actor.” The Project Zero team described two exploit servers–one targeting Windows users, and … Read More