Technology

Jan 23, 2023The Hacker NewsSaaS Security / SSPM Solution The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access. The tools used to define IAM make up its

Samsung has released a Galaxy Store app update to fix vulnerabilities that could potentially allow malicious sources to install apps without a user’s permission. Two vulnerabilities were reportedly detected on the Galaxy Store by a research team. These vulnerabilities have only been affecting handsets running Android 12 or lower. Android 13 users are not affected

Jan 23, 2023Ravie LakshmananMobile Hacking / App Security Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by

Google Pixel 7 users have seemingly started receiving dual eSIM support with the Android 13 QPR2 Beta 2 update. The Pixel smartphones have supported the use of a single eSIM along with a physical SIM card for a while. This new update is said to allow users to ditch their physical SIM cards and have

An organization’s sensitive information is under constant threat. Identifying those security risks is critical to protecting that information. But some risks are bigger than others. Some mitigation options are more expensive than others. How do you make the right decision? Adopting a formal risk assessment process gives you the information you need to set priorities.

OnePlus, Realme, and Oppo devices running on Android 12 or higher will now be able to record calls without an on-call voice disclaimer through a downloadable dialer app called ODialer. The app, developed by Oppo’s ColorOS and released on January 16, is currently available on Google Play Store only to users of the aforementioned smartphone

Jan 19, 2023Ravie LakshmananThreat Intelligence / Malware Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious

Samsung Galaxy A34 5G has reportedly surfaced on the US Federal Communications Commission (FCC) website with the model number SM-A346M. It has appeared on the US regulator’s website shortly after its arrival on the Bureau of Indian Standards (BIS) certification site. The listing hints at an imminent global launch for the Samsung Galaxy A34 5G,

Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October

Infinix Note 12i (2022) India launch date has been set for January 25, according to the company. The launch was announced via a Flipkart microsite, which also reveals certain specifications of the phone. It is expected to be powered by a MediaTek Helio G85 SoC and sports a 6.7-inch Full HD+ AMOLED display with a

Jan 20, 2023Ravie LakshmananData Protection / Privacy The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta’s WhatsApp for violating data protection laws when processing users’ personal information. At the heart of the ruling is an update to the messaging platform’s Terms of Service that was imposed in the

Oppo Reno 8T design and colour options have been revealed by the company, ahead of its upcoming launch. The company has now set up a landing page teasing the arrival upcoming smartphone along with some of its specifications. The Oppo Reno 8T was previously spotted on various certification sites which hinted at an imminent release.

Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the

iQoo Neo 7 5G India launch is set to take place in India next month, and the company has revealed the design of the iQoo Neo 7 Indian variant and the colour options that it will be available in, along with certain specifications. Based on the details shared by the company, the phone looks like

Jan 20, 2023Ravie LakshmananCyber War / Cyber Attack The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim

Samsung Galaxy A14 5G and Samsung Galaxy A23 5G were unveiled in India earlier this week. The handsets went on sale in the country for the first time earlier today. The latest 5G offerings from Samsung are equipped with 6.6-inch displays, pack 5,000 mAh batteries, and feature a 50-megapixel primary camera. The Galaxy A14 5G

Jan 19, 2023Ravie LakshmananMobile Security / Android The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook

U.S. authorities said on Wednesday they have arrested the majority shareholder and Co-Founder of Hong Kong-registered virtual currency exchange Bitzlato Ltd for allegedly processing $700 million (roughly Rs. 5,700 crore) in illicit funds. Anatoly Legkodymov, a Russian national living in China, was arrested in Miami on Tuesday on charges that he operated the exchange as

Jan 19, 2023Ravie LakshmananCloud Security / Data Security A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. “The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu,” Ermetic

Oppo will reportedly expand its Reno 8 series with a new smartphone Oppo Reno 8T. The phone is speculated to be launching soon in India. While the handset has been a subject of multiple leaks and rumours for some time now, a tipster has shared a detailed spec sheet for the Oppo Reno 8T, revealing