Hi!Welcome to the week's mobile security news that matters -- the NowSecure #MobSec5. This edition i
| |
| June 9 · Issue #60 · View online |
|
|
Hi!
Welcome to the week’s mobile security news that matters – the NowSecure #MobSec5.
This edition includes:
- Android security update
- Apple WWDC 2017 videos and slides published
- First Android malware with code injection capabilities
Thanks for reading. Have a great weekend, be good, and stay safe.
|
|
Android Security Bulletin—June 2017 | Android Open Source Project
“The most severe of these issues is a critical security vulnerability in Media Framework that could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing.”
|
WWDC 2017: iOS 11, New Macs, HomePod and More | MacRumors
“The 2017 Worldwide Developers Conference keynote was Apple’s biggest event in years, with the company introducing both new software platforms and a range of new hardware products.”
|
Google Removes Rooting Trojan Dvmap From Play Store | Threatpost
“Google removed a nasty Trojan from Google Play earlier this week that could have rooted Android devices and injected malicious code into an infected device’s system library.” According to a write-up from Senior Malware Analyst Roman Unuchek, people downloaded the Dvmap malware more than 50,000 times before Google removed it from the Google Play store. Dvmap can achieve root access, inject code into system runtime libraries, and change system settings to turn off Android’s Verify Apps feature and allow for the installation of apps from unofficial app stores. We discussed mobile banking Trojans on the NowSecure blog this week and what financial institutions can do to protect the users of their apps.
|
How mobile application assessments can boost enterprise security | TechTarget
“Mobile application assessments can be useful tools for enterprises that want to strengthen mobile security policies. Here’s how to use an app assessment.”
|
Mobile device hackers step up their game with chain attacks | SC Magazine
“Cybercriminals have moved to a new level when attacking mobile devices replacing their simplistic attack methods with sophisticated and stealthier models that now use chain attacks.”
|
June 2017 Release Notes: Google APIs for Android | Google Developers
Google has added a number of new SafetyNet features.
|
Making the Internet safer and faster: Introducing reCAPTCHA Android API | Google Online Security Blog
“Today, on reCAPTCHA’s tenth birthday, we’re glad to announce the first reCAPTCHA Android API as part of Google Play Services.
With this API, reCAPTCHA can better tell humans and bots apart to provide a streamlined user experience on mobile.”
|
Pop-up Android adware uses social engineering to resist deletion | The Register
“As soon as the user presses ‘OK,’ the malware prompts the installation of another APK named 'Update.’ The Update app asks for administrator privileges which, if granted, can’t be revoked.”
|
initroot: Hello Moto | Aleph Security
“Exploiting CVE-2016-10277 on Moto G4 & G5 for Secure Boot Bypass.”
|
FTC Announces Third PrivacyCon, Calls for Presentations | Federal Trade Commission
“As part of this initiative, the FTC is seeking general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality.”
|
|
Did you enjoy this issue?
|
|
|
|
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
|
|
|
|
|
