PossibleThreat Articles

Articles for the experts…

Android

MalwareBytes Security 

Update now! Two zero-days fixed in 2022’s last patch Tuesday

0 Comments , , , , , , , , , , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Android

Tags: Apple

Tags: Mozilla

Tags: Google

Tags: Sap

Tags: Citrix

Tags: Fortinet

Tags: Cisco

Tags: CVE-2022-44698

Tags: MotW

Tags: CVE-2022-44710

Tags: race condition

Tags: CVE-2022-44670

Tags: CVE-2022-44676

Tags: CVE-2022-41076

Tags: remote powershell

The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed

(Read more…)

The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth

0 Comments , ,

Categories: Android

Categories: Exploits and vulnerabilities

Categories: News

Google has issued its December round of patches, which includes a fix for a critical vulnerability that allows RCE over Bluetooth

(Read more…)

The post Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Ho, ho, no! Scams to avoid this festive season

0 Comments , , , , , , , , , , , , , , , , , ,

Categories: News

Tags: FBI

Tags: scams

Tags: xmas

Tags: christmas

Tags: festive season

Tags: social media

Tags: cryptocurrency

Tags: bitcoin

Tags: app

Tags: android

Tags: fake job

Tags: offer

Tags: whatsapp

Tags: telegram

Tags: interview

Tags: resume

Tags: gift cards

Tags: survey

We take a look at a list of popular scams compiled by the FBI to avoid this festive season, and offer our own insights.

(Read more…)

The post Ho, ho, no! Scams to avoid this festive season appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Time to uninstall! Abandoned Android apps pack a vulnerability punch

0 Comments , , , , , , , , ,

Categories: News

Tags: CVE

Tags: android

Tags: apps

Tags: abandonware

Tags: vulnerability

Tags: bug

Tags: telepad

Tags: pc keyboard

Tags: lazy mouse

Three abandoned Android apps with remote code execution vulnerabilities need to be shown the door.

(Read more…)

The post Time to uninstall! Abandoned Android apps pack a vulnerability punch appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

Biometrics are even less accurate than we thought

0 Comments , , , ,

Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 05 Dec 2022 09:43:00 -0800

Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they’re better than nothing.

Also — and this may prove critical — the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts. 

There are a variety of practical reasons biometrics don’t work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Hey, Google: It's time to step up your Pixel upgrade promise

0 Comments , , , , ,

Look, it’s no big secret that I’m a fan of Google’s Pixel program.

I’ve personally owned Pixel phones since the first-gen model graced our gunk-filled pockets way back in 2016. And Pixels have been the only Android devices I’ve wholeheartedly recommended for most folks ever since.

There’s a reason. And more than anything, it comes down to the software and the overall experience Google’s Pixel approach provides.

  • Part of that is the Pixel’s interface and the lack of any unnecessary meddling and complication — including the absence of confusing (and often privacy-compromising) duplicative apps and services larded onto the phone for the manufacturer’s business benefit and at the expense of your user experience.
  • Part of it is the unmatched integration of exceptional Google services and exclusive Google intelligence that puts genuinely useful stuff you’ll actually benefit from front and center and makes it an integrated part of the Pixel package.
  • And, yes, part of it is the Pixel upgrade promise and the fact that Pixel phones are still the only Android devices where both timely and reliable software updates are a built-in feature and guarantee.

[Psst: Got a Pixel? Any Pixel? Check out my free Pixel Academy e-course to uncover all sorts of advanced intelligence lurking within your phone!]

To read this article in full, please click here

Read more
ComputerWorld Independent 

Do you really know what’s inside your iOS and Android apps?

0 Comments , , , , , ,

It’s time to audit your code, as it appears that some no/low code features used in iOS or Android apps may not be as secure as you thought. That’s the big take away from a report explaining that disguised Russian software is being used in apps from the US Army, CDC, the UK Labour party, and other entities.

When Washington becomes Siberia

What’s at issue is that code developed by a company called Pushwoosh has been deployed within thousands of apps from thousands of entities. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe Pushwoosh was based in Washington when the developer is, in fact, based in Siberia, Reuters explains. A visit to the Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.

To read this article in full, please click here

Read more