169 matches found
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could...
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could...
Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensiti...
Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensiti...
Threat Source newsletter (June 20, 2019)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This week, we disclosed two vulnerabilities in KCodes’ NetUSB kernel module contains that could allow an attacker to inappropriatel...
EquityPandit 1.0 - Password Disclosure
Exploit title: EquityPandit v1.0 - Insecure Logging Date:27/05/2019 Exploit Author: ManhNho Software name: "EquityPandit" Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit Version: 1.0 Category: Android apps Description: - Sometimes developers keeps sensiti...
This Week in Security News: IIoT Threats and Malware Apps
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about security threats directed at smart manufacturing environments. Also, learn why malware installed from the Android app store...
Financial Apps are Ripe for Exploit via Reverse Engineering
A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface API keys and use them to attack the vendor’s...
CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue...
A week in security (February 11 – 17)
Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for...
This Week in Security News: Spyware and Data Breaches
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a spyware that disguised itself as an Android application to gather information from users. Also, find out the biggest global da...
How Facebook Tracks Non-Users via Android Apps
LEIPZIG, GERMANY – If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest. Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking an...
CVE-2018-18006
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...
22 malware infected apps on Play Store found draining phone’s battery
By Waqas Another day, another malware targeting Android users - This time, 22 apps have been removed from the Play Store after security researchers found malware draining user phone's battery and also downloading files without their consent. These Android apps disguised themselves as legitimate...
Cheetah Mobile Blames SDKs for Rampant Ad Fraud in Its Android Apps
Cheetah Mobile is finding itself in a swirl of media attention after being accused of developing mobile apps that contain deliberate ad fraud features. But the mobile giant says it didn’t do it. The Chinese developer, which is listed as a top provider in Google Play’s tool app category, offers...
8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme
Cheetah Mobile —a prominent Chinese app company, known for its popular utility apps like Clean Master and Battery Doctor—and one of its subsidiary Kika Tech have allegedly been caught up in an Android ad fraud scheme that stole millions of dollars from advertisers. According to app analytics firm...
‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets
A mobile spyware campaign against mainly Iranian citizens has been spotted – with evidence that the Iranian government might be involved. The operation is dubbed Domestic Kitten by Check Point researchers — “kitten” to follow common APT nomenclature for Iranian groups and “domestic” because they...
Google Solves Update Issue for Android Apps Installed from Unknown Sources
If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does...
These Chrome extensions & Android apps collect your Facebook data
By Waqas The data collection is not limited to Facebook but also This is a post from HackRead.com Read the original post: These Chrome extensions & Android apps collect your Facebook data...
COPPA Compliance
Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance...