A Review of the Best News of the Week on AI, IoT, & Mobile Security

Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS (WeLiveSecurity, Jul 28 2021)
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

Android Banking Trojan ‘Vultur’ Abusing Accessibility Services (SecurityWeek, Jul 30 2021)
A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric.

Google Patches High-Risk Android Security Flaws (SecurityWeek, Aug 03 2021)
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Google Details New Privacy and Security Policies for Android Apps (SecurityWeek, Jul 29 2021)
Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors (SecurityWeek, Jul 29 2021)
IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec.

DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos (SecurityWeek, Aug 03 2021)
Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27).