HackDig : Dig high-quality web security articles for hacker

Fake WhatsApp app in official Google Play Store downloaded by over a million Android users

A fake WhatsApp version deployed on the Play Store was downloaded by over a million users, a failure for the automated checks implemented by Google. Once again crooks exploited the official Google’s Play Store as a repository for malicious apps. This time a fake WhatsApp version was used to infect over a million users that downloaded it. The fake Whats
Publish At:2017-11-05 16:20 | Read:105 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:231 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

White hat hackers earn over $500,000 for mobile exploits at Mobile Pwn2Own 2017 competition

Let’s see what has happened at Mobile Pwn2Own 2017 competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. Here we are discussing once again of the Mobile Pwn2Own competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. White hat hackers earned more than half a milli
Publish At:2017-11-02 14:15 | Read:195 | Comments:0 | Tags:Breaking News Hacking Mobile mobile Mobile Pwn2Own 2017 comp

Coin Miner Mobile Malware Returns, Hits Google Play

By Jason Gu, Veo Zhang, Seven Shen The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance. Recently, we found that apps with malicious cryptocurrency mining cap
Publish At:2017-10-30 18:55 | Read:175 | Comments:0 | Tags:Malware Mobile Android malware Coin mining CPUMINER JSMINER

AhMyth Android RAT, another open source Android RAT Tool available on GitHub

The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. You just have to download and test it. The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. The malicious code is still in beta version, the AhMyth Android RAT consists of two par
Publish At:2017-10-23 18:55 | Read:220 | Comments:0 | Tags:Breaking News Malware Mobile AhMyth Android RAT Android Hack

Google launched Google Play Security Reward bug bounty program to protect apps in Play Store

Google has launched Google Play Security Reward, the bug bounty program that will pay $1,000 rewards for flaws in popular apps. Google has officially launched a bug bounty program for Android apps on Google Play Store, a measure that aims to improve the security of Android apps. The initiative, called Google Play Security Reward, will involve the security c
Publish At:2017-10-22 06:06 | Read:227 | Comments:0 | Tags:Breaking News Hacking Mobile bug bounty program Google Googl

Which are most frequently blacklisted apps by enterprises?

Mobile security firm Appthority published an interesting report that revealed which Android and iOS applications are most frequently blacklisted by enterprises. The company Appthority has published an interesting report that reveals which mobile apps, both Android and iOS, are most frequently blacklisted by enterprises. “The mobile ecosystem in an ente
Publish At:2017-10-04 22:40 | Read:248 | Comments:0 | Tags:Breaking News Mobile Reports Security blacklisted apps BYOD

iOS apps can access metadata revealing users’ locations and much more

Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy. The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history. Krause published a detailed analysis on the Open Radar community, he explai
Publish At:2017-09-28 18:26 | Read:287 | Comments:0 | Tags:Breaking News Digital ID Hacking Mobile DetectLocations Exif

Signal announces private contact discovery to improve users’privacy

Open Whisper Systems announced that it’s working on a new private contact discovery service for its popular communications app Signal. Signal is considered the most secure instant messaging app, searching for it on the Internet it is possible to read the Edward Snowden’ testimony: “Use anything by Open Whisper Systems” Snowden says. The Cryptographer and Pr
Publish At:2017-09-28 18:25 | Read:334 | Comments:0 | Tags:Breaking News Digital ID Mobile mobile privacy private conta

Google publishes PoC Exploit code for iPhone Wi-Fi Chip hack

Google disclosed details and a proof-of-concept exploit for iPhone Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. This week Google disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. The flaw that was patched this week could be exploited by att
Publish At:2017-09-27 23:55 | Read:242 | Comments:0 | Tags:Breaking News Hacking Mobile CVE-2017-11120 iPhone mobile Wi

ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to
Publish At:2017-09-27 05:25 | Read:365 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android CVE-2016-51

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:204 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

Researchers demonstrate how to steal Bitcoin by exploiting SS7 issues

Hackers have exploited security weaknesses in SS7 protocol to break into a GMail account, take control of a bitcoin wallet and steal funds. In June 2016, researchers with Positive Technologies demonstrated that it is possible to hack Facebook accounts by knowing phone numbers by exploiting a flaw in the SS7 protocol. The technique allows bypassing any securi
Publish At:2017-09-19 13:05 | Read:286 | Comments:0 | Tags:Breaking News Hacking Bitcoin mobile SS7 two-factor authenti

New Android Banking Trojan Red Alert 2.0 available for sale on crime forums

Researchers discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. Researchers with security firm SfyLabs have discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. “The last several months a
Publish At:2017-09-19 13:05 | Read:284 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Malware Android banking t

iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices

by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones th
Publish At:2017-09-19 00:55 | Read:333 | Comments:0 | Tags:Mobile Apple iOS iOS Configuration Profile iXintpwn YJSNPI I

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud