SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...

Social Engineering People’s Credit Card Details

Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic...

Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign

A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet...

ASB-A-268038643

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no addition...

How to Use Apple Pay or Google Wallet Instead of Plastic Cards

Cash is safe—for now. Contactless payment methods, like Apple Pay or Google Wallet, are more of a threat to the existence of physical cards...

wallet.google.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-452576 Description| Value ---|--- Affected Website:| wallet.google.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

Android new vulnerability exposure: hack may fake and authentic applications-vulnerability warning-the black bar safety net

Ticker 7 on 3 0 September morning news, on Tuesday released a study on the display, the Google Android operating system has a security vulnerability that can allow a hacker to fake a trusted formal application, thereby hijacking the user's smartphone or tablet. The security company Bluebox Securi...

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Due to the majority in the mobile platform, Google’s Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security...

Critical Android FakeID Bug Allows Attackers to Impersonate Trusted Apps

There is a critical vulnerability in millions of Android devices that allows a malicious app to impersonate a trusted application in a transparent way, enabling an attacker to take a number of actions, including inserting malicious code into a legitimate app or even take complete control of an...

Google Wallet Secure Connection Detection

Binary data 6974.prm...

Google Play privacy issue, sends app buyers personal details to developers

Google is again under attack for its apparent mishandling of its users’ personal information. An Australian software developer 'Dan Nolan' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post, Nolan...

Google Reacts to Google Wallet Security Issues

Google has temporarily disabled the provisioning of prepaid cards as the company deals with the fallout from the discovery of security vulnerabilities affecting Google Wallet. Google Wallet is a mobile payment application that enables users to store information such as credit cards on their mobil...

Dennis Fisher and Paul Roberts on the MacDefender Malware and Google Wallet

Dennis Fisher and Paul Roberts discuss the re-emergence of the MacDefender malware, Apple’s decision to push out an OS X update to protect against and the release of Google Wallet and the security implications of the system. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground...