#android

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the...

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. “The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows

By Deeba Ahmed Remote Access Trojan Threat: Beware Malicious Downloads Disguised as Meeting Apps. This is a post from HackRead.com Read the original post: Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.

American Express has warned affected customers about a breach at a merchant process that leaked account numbers, names, and card expiration dates.

Meta has won a court case against spyware vendor NSO Group to reveal the Pegasus spyware code that allows spying on WhatsApp users.

By Deeba Ahmed The CHAVECLOAK banking Trojan employs PDFs, ZIP downloads, DLL sideloading, and deceptive pop-ups to target Brazil's unsuspecting banking users financial sector.  This is a post from HackRead.com Read the original post: New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. Details about the scam

By Deeba Ahmed It is unclear how much the hacker received as part of the Facebook bug bounty program. This is a post from HackRead.com Read the original post: Nepali Hacker Tops Hall of Fame by Exposing Facebook’s Zero-Click Flaw

By Deeba Ahmed Lookout urges crypto users to be on the lookout of the new and tricky phishing campaign. This is a post from HackRead.com Read the original post: CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees