Security Alerts & News
by Tymoteusz A. Góral

#872 Android malware finds new ways to derive current running tasks
As we have discussed in our previous blogs, the ability to determine what app is currently running in the foreground is central for mobile banking malware to create overlay "injections" to phish the current running application. Android 5.0 Lollipop and Android 6.0 Marshmallow have thwarted malware’s ability to find the current running task by deprecating getRunningTasks() API, but ever since Google rolled out the Android security enhancement, malware authors have engaged in a cat-and-mouse game of workarounds and fixes. We have been blogging about each of these malware evolutions as we spot them in the wild.

The recent variants of Android.Bankosy and Android.Cepsohord, observed over the last quarter, are using two new tricks to circumvent the new security enhancements. One of these two techniques requires an additional special permission from the user, while another does not require any additional permission at all.
Read more
#873 Google patches two high-severity flaws in Chrome
#872 Android malware finds new ways to derive current running tasks
#871 93% of phishing emails are now ransomware
#870 Twitter pays out over $322,000 to bug bounty hunters
#869 TeamViewer servers go down as users complain on Reddit about getting hacked
#868 Symantec warns encryption and privacy are not the same
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12