With a special focus on mobile apps and connected, unmanaged devices, this Cybersecurity Threat Roundup is compiled by Verimatrix Cybersecurity researchers and data scientists. It includes links to notable threat advisories over the past 30 days, information on vulnerabilities and patches, and links to recent intelligence reports.

Threat info

  • Goldoson adware infiltrated more than 60 android apps in a supply chain attack. These apps were downloaded more than 100 million times in South Korea.
  • Hiddad mobile malware was the third popular mobile malware in March 2023 according to Check Point Research. It repackages legitimate apps and then distributes them via third-party stores.
  • The Federal Communications Commission (FCC) and FBI in Denver issued a standard warning about data theft when one plugs their mobile device into a public charging station, as known as juice jacking.
  • WhatsApp, LinkedIn, Booking and many other very popular android applications are in danger of being compromised via highly privileged device migration tools. The reason behind this is that these apps do not invalidate or revalidate session cookies if app data is transferred from one device to another.

Vulnerabilities & patches

  • Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution.
  • CISA adds CVE-2023-28205 and CVE-2023-28206, two zero-day vulnerabilities exploited by spyware, to its known exploited vulnerabilities catalog. Both issues were address in iOS 16.4.1 and 15.7.5 versions.
  • CISA adds CVE-2023-26083, a zero-day vulnerability abused by an unnamed spyware vendor as part of an exploit chain to break into Samsung’s Android smartphones. It was fixed in Arm Bifrost, Valhall and Avalon GPU Kernel Driver r43p0 version.
  • CISA adds CVE-2023-20963 to its catalog of known exploited vulnerabilities. It’s an Android zero-day vulnerability exploited by the Pinduoduo app to spy on its own users. It was addressed in Android 2023-03-01 security patch level.

Intelligence reports