#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Android Kitkat | Breaking Cybersecurity News | The Hacker News

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Jul 30, 2014
Due to the majority in the mobile platform, Google's Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security , who identified the vulnerability, dubbed the flaw as Fake ID , which affects all versions of Android operating system from 2.1 ( released in 2010 ) up to Android 4.4, also known as KitKat . ALL VERSIONS ARE VULNERABLE UPTO KITKAT Researchers marked the vulnerability as critical because it could allow a fake and malicious app to masquerade as a legitimate and trusted application, enabling an attacker to perform various actions such as inserting malicious code into a legitimate app, infiltrating your personal information or even take complete control of an affected device. Specifically, devices running the 3LM administration extension are at risk for a complete compromise, whic
Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Jun 27, 2014
A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Cybersecurity Resources