Android M | Breaking Cybersecurity News | The Hacker News

Millions of Android smartphones are at serious risk of "screen hijack" vulnerability that allows hackers to steal your passwords, bank details, as well as helps ransomware apps extort money from victims. The worse thing is that Google says it won't be patched until the release of 'Android O' version, which is scheduled for release in the 3rd quarter this year. And the worse, worse, worse thing is that millions of users are still waiting for Android N update from their device manufacturers (OEMs), which apparently means that majority of smartphone users will continue to be victimized by ransomware, adware and banking Trojans for at least next one year. According to CheckPoint security researchers, who discovered this critical flaw, the problem originates due to a new permission called " SYSTEM_ALERT_WINDOW ," which allows apps to overlap on a device's screen and top of other apps. This is the same feature that lets Facebook Messenger float...

"Android M will be Muffin?, or Mango shake?, Milkshake?, Malt ball?, Moon Pie?, Macaroon?, or is it Mars?, Marshmallow?"... …this was the guessing game that occupied most of us when Google created a suspense three months ago, at the launch of the Android M Developer Preview at Google I/O in May. Much awaited Android M is named as ' Marshmallow '; it is the thirteenth Google's Android operating system. Google revealed the 'Marshmallow' by following its ritual of keeping the statue of Android robot with a Marshmallow in his hand. Google has maintained its tradition of naming the dominant mobile Android operating system by the names of sugary delights, starting from: Cupcake Donut Eclair Froyo Gingerbread Honeycomb Ice Cream Sandwich Jelly Bean KitKat Lollipop Official Android 6.0 SDK Available for Download After the final Developer Preview, the official Android 6.0 Software Developer Toolkit (SDK) is now available for d...

While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco. Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the " Android for Work Update " Session, which says… " Android M is bringing the power of Android to all kinds of workplaces. " According to the company, this will open up " huge new markets for hundreds of Millions of devices to workers at small businesses, logistics, deskless workers, and warehousing jobs. " However, Google appears to have since removed any mention of Android M from Google's I/O website, most probably the company wants to keep it as a surprise for Android users. Considering the full Android releases with starting letters in alphabetical order, — Android M — s...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...