HackDig : Dig high-quality web security articles for hacker

The little-known ways mobile device sensors can be exploited by cybercriminals

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new me
Publish At:2019-12-11 16:50 | Read:97 | Comments:0 | Tags:IoT accelerometer Android camera Google gyroscope Internet o

Yodel parcel tracking app blabs about other people’s parcels

byLisa Vaas“Fragile?” “Handle with care?”“Meh! Looks like a football to me,” workers for the UK parcel delivery company Yodel must have said around the time – 2016 – they were caught on video, apparently tossing packages around.Have they grown more tender? Dunno, but FWIW, a year after the football exposé, they made it to the top of the country&#
Publish At:2019-12-05 12:35 | Read:185 | Comments:0 | Tags:Android Mobile Privacy Ax Sharma courier delivery leak packa

Critical DoS messaging flaw fixed in December Android update

byJohn E DunnFor anyone lucky enough to get them, Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.In Google’s estimation, at the top of the urgent list on the 2019-12-01 patch level (see below for explanation) is CVE-2019-2232, a critical flaw affecting Andro
Publish At:2019-12-05 12:35 | Read:149 | Comments:0 | Tags:Android Google Linux Mobile Operating Systems Security threa

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download the malicious
Publish At:2019-12-02 14:35 | Read:320 | Comments:0 | Tags:Bad Sites Mobile android APK cyberespionage spyware

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:263 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the under
Publish At:2019-11-25 14:35 | Read:321 | Comments:0 | Tags:Mobile Vulnerabilities vulnerability whatsapp Vulnerability

49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play

By Jessie Huang We recently found 49 new adware apps on Google Play, disguised as games and stylized cameras. These apps are typical adware, hiding themselves within mobile devices to show ads and deploying anti-uninstall and evasion functions. These apps are no longer live but before they were taken down by Google, the total number of downloads was more tha
Publish At:2019-11-12 02:35 | Read:257 | Comments:0 | Tags:Mobile apps google play mobile adware

Zimperium Analyzes TikTok’s Security and Privacy Risks

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to
Publish At:2019-11-12 00:25 | Read:201 | Comments:0 | Tags:App Security Mobile Threat Defense Android apps iOS mobile M

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs, we announced the launch of Malwarebytes 4.0, tackled data privacy legislation, and explored some of the ways robocalls come gunning for your data and your money. We also laid out the steps involved in popular vendor email compromise attacks. Other cybersecurity news Bug bounty bonanza: Rockstar Games open up their bounty prog
Publish At:2019-11-11 23:20 | Read:115 | Comments:0 | Tags:A week in security awis cyber facebook fake news hacking Mob

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at these two holidays, and how their
Publish At:2019-11-11 23:20 | Read:232 | Comments:0 | Tags:Consumer malware mobile security mobile cybersecurity

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (W

By Song Wang (Mobile Threat Analyst) At the start of the year, Google updated its permission requests in Android applications, and in particular, restricted access to SMS and CALL Log permissions. Google also added requirements for non-default applications (or those that don’t provide critical core features), allowing them to prompt and ask users for permiss
Publish At:2019-10-18 14:35 | Read:667 | Comments:0 | Tags:Mobile Social android Carrier Billing google play WAP Billin

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android. According to the expert, the bug was allegedly being used or sold by
Publish At:2019-10-18 10:45 | Read:347 | Comments:0 | Tags:Breaking News Hacking Mobile CVE-2019-2215 hacking nres info

Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden

byDanny BradburyJailbreaking iPhones has become a lot harder with each new version of the hardware, but this weekend saw two new announcements that enable people to install apps on their phones. One of them is a traditional jailbreak, while the other is an alternative app store that uses a loophole in Apple’s code-signing process.Jailbreaking is a form
Publish At:2019-09-30 12:45 | Read:684 | Comments:0 | Tags:Apple iOS Mobile App Store iPhone jailbreak jailbreaking

Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play

By Todd Han and Junzhi Lu (Mobile Threats Analysts) Google Play and iOS App store are no strangers to fake apps trying to trick users into downloading ad- or malware-ridden versions. We have previously reported on fake Android voice apps on Google Play, which were observed to be impostor apps for voice messenger platforms. Recently, we also uncovered counter
Publish At:2019-09-26 08:20 | Read:549 | Comments:0 | Tags:Mobile App Store fake apps gambling google play IOS

A week in security (September 9 – 15)

Last week  on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets. Other cybersecurity news The Cobalt Dickens group has returned
Publish At:2019-09-20 11:20 | Read:769 | Comments:0 | Tags:A week in security a week in security infosec malware Mobile

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud