AutoSpill Attack May Lead to Stolen Android Credentials
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.
IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
SLAM Attack Leaves Intel, AMD, Arm CPUs Vulnerable
Researchers from the Vrije Universiteit Amsterdam unveiled a new side-channel attack called ‘SLAM’ that could leave Intel, AMD, and Arm CPUs vulnerable to sensitive data exploitation.
SLAM exploits Intel’s new CPU feature called ‘Linear Address Masking (LAM)’, which unmasks gadgets to potentially leak arbitrary ASCII kernel data. Intel’s CPU vulnerability spreads to AMD and Arm CPUs due to its analogous counterparts.
Hotel Booking Phishing Technique Used to Spread ‘MrAnon Stealer’ Malware
FortiGuard Labs revealed a new phishing campaign that impersonates hotel booking services, to lure unsuspecting victims to download the ‘MrAnon Stealer’ malware through downloading the PDF attached to the email.
The phishing email comprises a believable hotel availability query, and fabricated booking details, with a malicious PDF attached which hides a downloader link leading to the ‘MrAnon Stealer’, a Python-based disguised infostealer.
