Android Kitkat | Breaking Cybersecurity News | The Hacker News

Due to the majority in the mobile platform, Google's Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security , who identified the vulnerability, dubbed the flaw as Fake ID , which affects all versions of Android operating system from 2.1 ( released in 2010 ) up to Android 4.4, also known as KitKat . ALL VERSIONS ARE VULNERABLE UPTO KITKAT Researchers marked the vulnerability as critical because it could allow a fake and malicious app to masquerade as a legitimate and trusted application, enabling an attacker to perform various actions such as inserting malicious code into a legitimate app, infiltrating your personal information or even take complete control of an affected device. Specifically, devices running the 3LM administration extension are at risk for a complete compromise, whic...

A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...