Meta and Apple Violated the Digital Marketing Act, EU Charges

About a week after the ruling against Apple, the European Commission ruled Meta’s ‘pay or consent’ model of offering subscriptions as an alternative to ads on Instagram or Facebook is against the terms of the DMA. Continue reading Meta and Apple Violated the Digital Marketing Act, EU Charges

BLint: Open-source tool to check the security properties of your executables

BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint featu… Continue reading BLint: Open-source tool to check the security properties of your executables

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary Code Execution in… Continue reading Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

Apps secretly turning devices into proxy network nodes removed from Google Play

Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so bad, you should know… Continue reading Apps secretly turning devices into proxy network nodes removed from Google Play

MobSF: Open-source security research platform for mobile apps

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and p… Continue reading MobSF: Open-source security research platform for mobile apps

LassPass is not LastPass: Fraudulent app on Apple App Store

A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in … Continue reading LassPass is not LastPass: Fraudulent app on Apple App Store

New method to safeguard against mobile account takeovers

Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosy… Continue reading New method to safeguard against mobile account takeovers

Google Play will mark independently validated VPN apps

Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section. “We’ve launched this banner beginning with VPN apps due to t… Continue reading Google Play will mark independently validated VPN apps

Backdoored Android phones, TVs used for ad fraud – and worse!

A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. The company’s Satori Threat Intelligence and Resear… Continue reading Backdoored Android phones, TVs used for ad fraud – and worse!