1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google - these serious security threats are targeting both Androi

    From TechnologyDaily@1337:1/100 to All on Thu Mar 30 14:30:03 2023
    Google - these serious security threats are targeting both Android and iOS devices

    Date:
    Thu, 30 Mar 2023 13:10:43 +0000

    Description:
    Exploits and techniques are being shared between surveillance vendors, Google believes.

    FULL STORY ======================================================================

    Google has published new details on multiple zero-days and n-days vulnerabilities that different threat actors have been using to compromise Android, iOS, and Chrome devices.

    In an analysis published on its security blog, Google said it spotted threat actors targeting iOS users with vulnerabilities classified as CVE-2022-42856 and CVE-2021-30900.

    These vulnerabilities allowed hackers to install commercial spyware and malware on target endpoints , which among other things, included installing location trackers, Google's team said. Lengthy campaigns

    The same threat actors targeted Android devices with ARM GPUs for CVE-2022-4135, CVE-2022-38181, and CVE-2022-3723. They used these flaws to install unknown types of malware, the researchers explained.

    "When ARM released a fix for CVE-2022-38181, several vendors, including
    Pixel, Samsung, Xiaomi, Oppo and others, did not incorporate the patch, resulting in a situation where attackers were able to freely exploit the bug for several months," the analysis reads. Read more

    Google warns millions of Android devices could be at risk of attack due to
    this flaw


    Several zero day vulnerabilities are plaguing Android devices with Samsung
    chips, warns Google


    Here are the best firewalls

    In a separate campaign, Google observed threat actors targeting United Arab Emirates users of Samsungs Internet Browser, going for CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, and CVE-2023-0266. They would use these flaws to deploy C++ spyware which allowed them, among other things, to extract and decrypt data from different chat and browser apps.

    The attackers were highly targeted, Google said.

    "These campaigns may also indicate that exploits and techniques are being shared between surveillance vendors, enabling the proliferation of dangerous hacking tools."

    Googles Threat Analysis Group (TAG), which published the report, was
    basically tipped off by Amnesty Internationals Security Lab, BleepingComputer reports, as this organization published information regarding domains and infrastructure used in these attacks.

    "The newly discovered spyware campaign has been active since at least 2020
    and targeted mobile and desktop devices, including users of Googles Android operating system," Amnesty International said in its own report. "The spyware and zero-day exploits were delivered from an extensive network of more than 1000 malicious domains, including domains spoofing media websites in multiple countries." These are the best ransomware protection tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-these-serious-security-threats-are-targe ting-both-android-and-ios-devices


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)