Scary apps on Google Play, and what to do about them
Jane, the mother of seven-year-old Samantha, was in the next room when she heard a horrible voice coming from the smartphone her daughter was playing with. She came running into the room as the voice continued: “You look afraid, is it this knife in my hands? Making you a little nervous? This knife is going…
Removal Attempt Turns Android Banking Trojan Into Ransomware
Researchers at SfyLabs have detailed the capabilities of an Android banking Trojan named LokiBot that is designed to turn into a piece of ransomware when users attempt to remove it from their devices. LokiBot has been around since at least June and its authors have been rolling out new features nearly every week. Once it…
Kaspersky Aims to Clear Its Name With New Transparency Initiative
Kaspersky Lab announced on Monday the launch of a new Global Transparency Initiative whose goal is to help the company clear its name following recent reports about its inappropriate ties to the Russian government. There have been several media reports analyzing the company’s alleged connection to the Kremlin, which has led to many U.S. officials…
Personal Details of 117,000 AA Shoppers Exposed
The Automobile Association (AA) — the UK’s largest motoring organization with over 15 million members — is being heavily criticized over its public handling of a major data incident that occurred in April. A server misconfiguration exposed personal details of more than 100,000 AA Shop customers; but its importance has been consistently downplayed by the organization….
Mobile app developers: Make sure your back end is covered
Application security isn’t just a developer’s problem. IT staff and the security team also have roles to play in setting up the infrastructure and implementing security controls. When IT administrators forget the security basics for the app’s back-end servers, they undermine the developer’s good security decisions. Researchers at mobile security company Appthority recently analyzed apps…
Application security trends: What you need to know
Today at Infosecurity Europe 2017, High-Tech Bridge released a summary report on application security trends for Q1 – Q2 2017. Statistical data mentioned in the report largely comes from the ImmuniWeb application security testing platform and High-Tech Bridge’s free web security services, but also leverages a wealth of data from various open sources. The most…
How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, Accenture and NowSecure have performed vulnerability assessments of customer-facing mobile banking apps of 15 banking institutions in the North American market.
Slack bug paved the way for a hack that can steal user access
One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts. Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates…
Firefox Users Fingerprinted via Cached Intermediate CA Certificates
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use…
Trojan Downloader Masquerades as Defunct Flash Player for Android
A recently observed malware downloader targeting Android users is masquerading as an update for Adobe Flash Player, ESET researchers warn. Although the Flash Player for Android was discontinued nearly half a decade ago, cybercriminals are still abusing it to trick unsuspecting users into downloading and installing their malicious programs. As always, the attackers rely on…