Malicious Apps Persistently Appearing on Google Play and Using Google Icons
Seven apps have been discovered reappearing on the Play store under a different name and publisher even after these have been reported. The Google Play app store has a reputation as the safest place online to get Android apps, and Google does a good job of advising users to limit exposure to malware and other…
Twitter reveals security blunder, asks users to change their passwords
330 million Twitter users around the world have been urged to change their account password after a glitch resulted in some of them being stored in plaintext format inside the company network. How many and for how long, they didn’t say.
Uber Updates Bug Bounty Program
Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…
Google Researcher Finds Critical Flaws in uTorrent Apps
Google researcher Tavis Ormandy discovered several critical vulnerabilities in the classic and web-based versions of BitTorrent’s uTorrent application. Patches have been released, but it appears that not all flaws have been fixed properly. Ormandy found that the uTorrent Classic and the uTorrent Web apps create an HTTP RPC server on ports 10000 and 19575, respectively….
Scary apps on Google Play, and what to do about them
Jane, the mother of seven-year-old Samantha, was in the next room when she heard a horrible voice coming from the smartphone her daughter was playing with. She came running into the room as the voice continued: “You look afraid, is it this knife in my hands? Making you a little nervous? This knife is going…
Infosec expert viewpoint: Google Play malware
Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Here’s what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps…
Facebook Launches New Anti-Phishing Feature
Facebook announced on Wednesday the introduction of a new security feature designed to help users check if the emails they receive are legitimate or if they have been sent by cybercriminals. When it detects a suspicious login attempt or a password change, Facebook notifies users by sending them an email from the Facebookmail.com domain. Cybercriminals…
Internet of Things (IoT) security: what is and what should never be
The Internet has penetrated seemingly all technological advances today, resulting in Internet for ALL THE THINGS. What was once confined to a desktop and a phone jack is now networked and connected in multiple devices, from home heating and cooling systems like the Nest to AI companions such as Alexa. The devices can pass information…
Ransomware’s lucrative next stop? The Point of Sale
With the influx of credit card breaches over the past few years at major brands, hackers may have reached a point of supply exceeding demand, as awareness of breaches, security on credit cards, and excess supply have all led to a reported drop in prices on the dark web for stolen data. Researchers have seen…
Facebook Flaw Allowed Removal of Any Photo
A researcher says he received a $10,000 bounty from Facebook after finding a critical vulnerability that could have been exploited to delete any photo from the social media network. In early November, Facebook announced a new feature for posting polls that include images and GIF animations. Iran-based security researcher and web developer Pouya Darabi analyzed…