Welcome back to this week's Security Bulletins.
Symantec, the developer, and distributor of popular antivirus solution Norton have shared their discovery in a recent blog post. From the substantial amount of data analysed from various devices, they have found a noticeable increase in the number of Android malware detections for applications that can remain hidden while executing malicious activities in the background. The app, which is known as Xhelper gets introduced to the device from malicious application installs--one more reason to stay away from untrusted applications.
Once it is installed on the device, it remains persistent even if you try to remove it. Researchers suspect that it runs two versions of the malware and if we remove one of them, the other one replaces it with the latest version. These are not essentially full-fledged applications, instead, they are installed as an application component and get triggered on certain events. So they don't usually appear in the application launcher. Symantec claims that their products can detect this malware and should provide decent protection against them.
TechCrunch has posted an interesting article about pagers leaking sensitive medical data. Pagers, once the major communication device, are hardly being used now except the Medical industry. A curious researcher in the U.K. has been able to capture medical information that was being broadcasted by major hospitals and ambulances. He was able to set up a radio monitoring rig and capture and translate the data into plain text revealing data such as personally identifiable information (PII) and medical condition. It is estimated that around 130,000 Pagers are being used by the National Healthcare System and due to the security concerns they are expected to ditch them completely by 2021.
Microsoft patched many vulnerabilities in last month's Patch Tuesday. Along with the security patches, Microsoft patched the TLS spoofing vulnerability and several TLS enhancements were also introduced. There have been some reports of the introduction of another issue with this patch which causes TLS connections to time out. Microsoft has since published an article regarding the symptoms of affected systems and possible workarounds to this problem.