Android users are once again in the crosshairs of malware as a sophisticated new version of FakeCall emerges, capable of intercepting calls, recording conversations, and monitoring device activity. This latest variant tricks users into downloading legitimate-looking apps that request to be set as the default phone app, allowing attackers to control calls on the device. … Read more
A new strain of Android banking malware, known as ToxicPanda, has infected over 1,500 devices, allowing threat actors to conduct fraudulent banking transactions. The malware, which is believed to be the work of a Chinese-speaking threat actor, uses a technique called on-device fraud (ODF) to bypass bank countermeasures and initiate money transfers without user knowledge. … Read more
A new Android trojan called ToxicPanda has been discovered targeting bank accounts by spoofing popular apps. The malware, identified by Cleafy’s Threat Intelligence team, has infected over 1,500 devices worldwide, mainly in Europe and Latin America. ToxicPanda uses advanced methods to bypass security measures, making unauthorized withdrawals from the target account. It can intercept one-time … Read more
Okta has disclosed a security bug that could have allowed attackers to bypass authentication using only a username. The issue affects users with long names and/or employers with verbose domain names, particularly those with usernames exceeding 52 characters. The bug could be exploited under specific conditions, including when the targeted account had a successful login … Read more
Okta has addressed an authentication bypass bug that affects users with long usernames or employers with wordy domain names. The security hole could have allowed cybercriminals to pass Okta AD/LDAP delegated authentication (DelAuth) using just a username, but only if certain conditions were met. These conditions included a 52-character username and previous authentication. The vulnerability … Read more
A critical vulnerability was discovered in Okta’s AD/LDAP DelAuth solution, allowing attackers to log in without a password under specific circumstances. The bug, which was introduced through a routine July 23, 2024 update, stems from the use of the Bcrypt algorithm to generate cache keys. The vulnerability exploited when usernames were 52 characters long or … Read more
Proton VPN has announced the availability of its native support for Windows on Arm devices, joining a growing list of popular apps that now cater to this relatively new architecture. The VPN service’s Windows on Arm variant will offer identical features to its x64 counterpart, including kill switch and Secure Core. The move is seen … Read more
Proton VPN has released its native application for ARM-based devices, providing users with seamless performance and the full range of core functionalities, including privacy and security features. The move strengthens VPN support on next-generation Windows computers. In collaboration with Microsoft, Proton VPN developed a fully compatible app to take advantage of the Snapdragon X Elite … Read more
Engadget, part of Yahoo’s family of brands, operates several websites and apps, including Yahoo and AOL. The site uses cookies and collects personal data to enhance user experience and provide targeted advertising through its digital advertising service, Yahoo Advertising. Users have the option to adjust their cookie settings by clicking ‘Reject all’ or ‘Manage privacy … Read more
Proton VPN, known for its security-focused products, has introduced a native app for Windows Arm-based devices. This new release provides users with native support and protection, making it an attractive option for those using these devices. The app’s functionality is similar to its previous versions, offering the same great protection, ultra-fast speeds, and strict no-logs … Read more