Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as...

New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting...

BlackRock: Open redirect by the parameter redirectUri in the URL

The following URL is vulnerable to an open redirect it will redirect to google.com https://www.blackrock.com/authplatform/user/activate-success?redirectUri=https://google.com After clicking on "return to site" it will be redirected to the page Steps To Reproduce: Enter on this link...

New malware “BlackRock” disguised as Android Clubhouse app

By Habiba Rashid According to researchers, the fake website with malware app looks as real as it gets. It is “a well-executed copy of the legitimate Clubhouse website.” This is a post from HackRead.com Read the original post: New malware “BlackRock” disguised as Android Clubhouse app...

Bogus Android Clubhouse App Drops Credential-Swiping Malware

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can...

Glassdoor: Reflected XSS at https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm via filter.jobTitleExact parameter

Summary: There is a reflected XSS vulnerability in https://www.glassdoor.co.in/Interview/BlackRock-Interview-Questions-E9331.htm?filter.jobTitleExact=Portfolio+Management+Group-Fixed+Income+Analyst&countryRedirect=true Affected Parameter: filter.jobTitleExact Browsers tested: Chrome, Firefox...

Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...

Lock and Code S1Ep11: Locating concerns of Bluetooth and beacon technology with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about Bluetooth and beacon technology. Last month, cybersecurity experts warned the publi...

New Android Malware Now Steals Passwords For Non-Banking Apps Too

BlackRock does the data collection by abusing Android's Accessibility Service privileges, for which it seeks users' permissions under the guise of fake Google updates when it's launched for the first time on the device, as shown in the shared screenshots. Subsequently, it goes on to grant itself...

LokiBot Redux Attacks Massive List of Common Android Apps

Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. The apps targeted include: Amazon, eBay, Facebook, Grinder, Instagram...

blackrock.com XSS vulnerability

Vulnerable URL: http://www.blackrock.com/corporate/en-se/search/summary-search-results?searchText="';--=true Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...