The Hacker News Daily Updates

"Samsung Galaxy Store App vulnerable...to SneakyApp installs and fraud."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 23 January 2023, 1355 UTC. Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGrcFnDLwTsLgvRBhwLWlzNgjWP

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Filling the Gaps: Integrating Security into Your Cloud Solution A RETHINK Retail exclusive report on the cybersecurity risks resulting from the drive towards digital acceleration. Download Now Sponsored

LATEST NEWS Jan 23, 2023

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. ... Read More

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.  The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those ... Read More

Protect your Apple endpoints with Jamf Protect. Prevent macOS malware, detect Mac-specific threats, and monitor endpoints for compliance. Put security best practices to the test with a demo of Jamf today. ... Read More

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform ... Read More

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices.  "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention ... Read More

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South ... Read More

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic ... Read More

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation (GDPR) in May ... Read More

Filling the Gaps: Integrating Security into Your Cloud Solution A RETHINK Retail exclusive report on the cybersecurity risks resulting from the drive towards digital acceleration. Download Now Sponsored

This email was sent to kh6jrm@gmail.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India