Ghost Push re-appears as Gooligan malware in biggest theft of Google accounts yet

Android_Malware_Bugdroid_01

Some old malware that targets older versions of the Android operating system was implicated in the biggest theft of Google account data yet. The malware is called Ghost Push and has been in the wild for a few years now as Google and other security firms have battled to minimize its impact. However, a new variant called Gooligan was determined this past summer, in public statements made today by security firm Check Point and Google, to be implicated in the theft of around 1.3 million Google account credentials. Read more

Android and iPhone security equally safe? ‘For sure’ says Google engineer

android_security_padlock

In Manhattan, security professionals have assembled this week for the O’Reilly Security Conference, including Adrian Ludwig who is the director of security for Google’s Android platform. During the conference and in a subsequent interview, Ludwig addressed comparisons between Android and iOS in terms of security. Despite concerns that Android may lag behind Apple’s platform thanks to the more open nature of the ecosystem, Ludwig says the two are “nearly identical in terms of their platform-level capabilities.” Ludwig not only points to Pixel devices and iPhone devices being on equal footing, he claims Android will surge ahead in the near future. Read more

Google posts October’s security update for Android

nexus_9_logo_close_with_blur

Many of us are waiting patiently to see Google announce a raft of new devices later today, as well as wondering if the much-leaked Pixel and Pixel XL handsets have anything left to surprise us with. Until the launch event begins, Nexus and Pixel C owners will be glad to hear that the search giant is in the process of rolling out its October Security Bulletin for Android devices. Read more

Yahoo expected to announce major data breach affecting 200 milion users

Yahoo

Yahoo was most recently in the news when the wireless carrier, Verizon, snapped the company up for around $4.6 billion after it failed to turn its fortunes around in the search engine and advertising segments, a deal that is still subject to regulatory approval. Today, Yahoo has made the headlines due to reports surfacing that it suffered a security breach back in 2012, with the details of around 2 hundred million Yahoo users being up for grabs on the dark web. As such, the search company is expected to make an official announcement on the issue sometime this week.  Read more

Google launches new Project Zero Prize to find Android vulnerabilities

android-security

Although Google already has programs in place to encourage hackers and developers to help identify bugs in their code, especially items that could be used as the basis of a vulnerability, some recent Android episodes have highlighted the need to step things up a notch. In response, Google’s Project Zero team announced today a new contest called the Project Zero Prize that could yield $200,000 for the winning entry. Read more

Honor commits to 24 months of software and security updates for new phones

Honor8_software_updates

When we shell out our hard earned dollars on the latest smartphone we expect that phone to be updated to Android’s latest and greatest into the foreseeable future. Not only is it gratifying to have the newest software on our device, but with ever increasing threats from malware, such as this new Google Adsense bug, there is also a huge security risk to having outdated software. Unfortunately, getting devices onto the newest software still remains a huge problem for the Android ecosystem. Just take a look at the latest Android distribution numbers and you’ll see what I am talking about. Huawei sub-brand Honor is looking to help ameliorate those problems a little bit with all its newest phones. According to a Huawei’s Taylor Wimberly, Honor is going to begin delivering an enhanced software experience for the latest Honor devices.

Read more

Samsung Pay vulnerability to electronic skimming exposed

samsung_pay_table_coins

Security researcher Salvador Mendoza revealed last week that he has discovered a weakness in Samsung Pay security that could allow an attacker to skim credit card tokens. Once a token is grabbed by an attacker, it can be used on other phones to make fraudulent payments. The source of the weakness is found in the magnetic secure transmission (MST) technology which is unique to Samsung Pay and allows it to be used with standard card swipe hardware at retailer locations. Read more

BlackBerry DTEK50 Android phone launches as ‘most secure’

blackberry_dtek50_front_angle

When BlackBerry was flying high in its heyday, one of the benefits of the devices was how well they played with corporate IT environments, especially the heightened security requirements. Since then the company has tumbled, but recently has been trying to make a comeback on the back of Android powered devices. Today BlackBerry officially announced the launch of the new BlackBerry DTEK50, which the company describes as “the world’s most secure Android smartphone.” Read more

New Moto Z devices to get security updates, schedule unclear

moto_z_moto_z_force_droid_edition_unboxing

After a report surfaced indicating the new Moto Z and Moto Z Force may not be getting regular security updates for Android, the company has issued a statement confirming the device will be getting the security patches. Part of the confusion may have stemmed from the fact that devices shipping early to some reviewers are only updated through the May patch and even the units that will be hitting consumer hands initially will be at that same patch level. However, Motorola indicates they do have plans to issue the June and July Android security patches soon after the official July 28th launch. Read more