Google is downplaying the scope of the critical Linux vulnerability patched this week, suggesting that the number of affected Android devices has been exaggerated. The Android OS is built upon the Linux kernel, but minus many of the libraries that are included in standard Linux builds. Initially, startup Perception Point said that upwards of two-thirds...

Asacub, once thought of as spyware, appears to have completed its transition into mobile banking malware, according to research published this week. When the Android malware surfaced in June 2015, researchers with Kaspersky Lab assumed it was spyware. It more or less fit the part; Asacub siphoned incoming SMS messages, browser history, and contacts — and...

It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information. According to a survey carried out by the firm Arxan last fall, 86 percent of health apps it reviewed at had at least two critical vulnerabilities and 55 percent of users it talked...

The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps written by the same group of Chinese developers. Worse yet is Brain...

Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device’s modem and perform any number of actions. The update was released Dec. 7 in version 1.1.13 RC3; details of the issue were disclosed today by SentinelOne, which...

Since last summer’s Stagefright vulnerabilities toppled the Android world for a few weeks, researchers inside and out of Google have been taking a close look at not only the maligned media playback engine, but also at Mediaserver where it lives. Today’s release of the monthly Android Nexus Security Bulletin includes patches for another critical vulnerability...

With 2015 more or less in the rear view mirror Mike Mimoso and Chris Brook discuss the year in security: Wassenaar, ransomware, Carbanak and Equation Group,how big of a deal Stagefright was, that Juniper backdoor, and more. Download: tp_2015_in_review.mp3 Music by Chris Gonsalves

Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel. In all, 19 vulnerabilities were patched in Monday’s monthly over-the-air security update for Google Nexus mobile devices, five rated critical,...

In March when Moxie Marlinspike and Open Whisper Systems released the iOS version of the Signal encrypted messaging app, the noted security researcher promised to expand its reach and among other things, eventually release a desktop version of Signal. That vision was realized on Wednesday with the public availability of the Signal Desktop beta, written...

A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after the airline announced its bug bounty program, the...