application development | Breaking Cybersecurity News | The Hacker News

Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim's infected mobile phone hostage until a ransom is paid. Researchers observed the Koler Android ransomware Trojan , at the very first time, in May when the Trojan was distributed through certain pornographic websites under the guise of legitimate apps. It locks the victim's mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography. ANDROID SMS WORM Recently, researchers from mobile security firm AdaptiveMobile has discovered a new variant of the rare piece of mobile malware – named Worm.Koler – that allows the malware to spread via text message spam and attempts to trick users into opening a shortened bit.ly URL, turning Koler into an SMS worm. Once the device is infected by the Koler variant, it will first send an SMS mess...

The ultra secure NSA-Proof Blackphone titled as, " world's first Smartphone which places privacy and control directly in the hands of its users, " has been rooted within 5 minutes at the BlackHat security conference in Las Vegas this weekend. Blackphone , a joint venture between encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone , has a fully customized version of Android known as PrivatOS and pre-installed with lots of privacy-enabled applications, which claims to offer its users a high-end security at consumer level. A security researcher with twitter handle @TeamAndIRC took only 5 minutes to achieve root access on the Blackphone without having the need to unlock the device' bootloader. The hacker even mocked Blackphone's team by saying that "It is apparent no one ran CTS [ compatibility test suite ] on this device." The so-called " secure " Android phone that was promising security given the fact that its basically a suite of secure...

Cybercriminals have rolled out a new malicious Android application that wraps different varieties of banking fraud trick into a single piece of advanced mobile malware . GOOGLE SERVICE FRAMEWORK - APPLICATION OR MALWARE? Security researchers at the security firm FireEye have came across a malicious Android application that binds together the latest and older hijacking techniques. The malicious Android app combines private data theft, banking credential theft and spoofing, and remote access into a single unit, where traditional malware has had only one such capability included in it. Researchers dubbed the malware as HijackRAT , a banking trojan that comes loaded with a malicious Android application which disguises itself as "Google Service Framework," first and the most advanced Android malware sample of its kind ever discovered, combining all the three malicious activities together. MALWARE FEATURES By giving the remote control of the infected device to hackers,...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...