Android App Update Hijacks Millions of Devices

Philip BaderVulnerabilitiesLeave a Comment

Users of a popular Android app with more than 10 million downloads discovered recently that the previously trustworthy app had become a delivery platform for fraudulent ads. Malwarebytes posted recently about their analysis of forum patron complaints relating to the Barcode Scanner app created by LavaBird LTD and until recently available on Google Play. The Barcode Scanner app billed itself … Read More

Google Patches Active Zero-Day Chrome Exploit

Philip BaderVulnerabilitiesLeave a Comment

If you use the Google Chrome web browser, don’t wait for your next automatic update. Do it manually, and do it now. The new release includes a security patch for what Google described as a heap buffer overflow in V8 in a blog post on February 4. This memory corruption vulnerability, dubbed CVE-2021-21148, was discovered by a researcher late last … Read More

Data Privacy Day Promotes Accountability

Philip BaderCybersecurityLeave a Comment

Data Privacy Day, commemorated each year on January 28, is an important part of ongoing efforts by the National Cyber Security Alliance (NCSA) to promote responsible data privacy practices. This year’s commemoration comes at a time when the global COVID-19 pandemic has dramatically altered the way many of us live and work. And these changes have created new challenges for … Read More

New Malware Strain Found in SolarWinds Hack

Philip BaderCybersecurityLeave a Comment

Cybersecurity analysts continue to assess the potential damage of a massive attack on SolarWinds’ Orion software platform. The attack, first reported in December last year, injected malware into certain version updates of a popular software platform used by thousands of organizations, including top U.S. government agencies. Previous analysis of the supply chain attack, considered to have links to the Russian … Read More

Google Finds New Windows, Android Exploits

Philip BaderVulnerabilitiesLeave a Comment

Google’s Project Zero team this week published the results of an investigation into attacks that targeted Android and Windows devices in the early months of 2020. The team posted its results in a six-part blog post. The team said the attack was conducted by “a highly sophisticated actor.” The Project Zero team described two exploit servers–one targeting Windows users, and … Read More