HackDig : Dig high-quality web security articles for hacker

Popular Sarahah App secretly uploads your phone contacts to the company’s servers

According to a report published by The Intercept, the popular Sarahah app silently uploads users’ phone contacts to the company’s servers. This summer, Sarahah became one of the most popular iPhone apps in the world for both iOS and Android. Sarahah has been created by Saudi Arabian developer Zain al-Abidin Tawfiq, it implements a social network
Publish At:2017-08-28 14:00 | Read:231 | Comments:0 | Tags:APT Digital ID Mobile app permissions mobile privacy Sarahah

Mobile Trojan Development Kits allow creating ransomware without the need to write code

Researchers at Symantec have discovered Trojan Development Kits that allow creating Android ransomware without the need to write code. Ransomware continues to represent a serious threat to users and organizations. Unfortunately, it is easy for crooks arranging their own ransomware campaign by using numerous RaaS services offered online. Recently researchers
Publish At:2017-08-25 15:15 | Read:539 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android Hacking mal

WAP-billing Trojan-Clickers on rise

During the preparation of the “IT threat evolution Q2 2017” report I found several common Trojans in the “Top 20 mobile malware programs” list that were stealing money from users using WAP-billing – a form of mobile payment that charges costs directly to the user’s mobile phone bill so they don’t need to register a c
Publish At:2017-08-24 05:50 | Read:197 | Comments:0 | Tags:Mobile Mobile Malware Trojan-clicker WAP

iOS 11 in the Enterprise: Get Your iPads Ready

While some are in back-to-school mode and others are getting ready for football, we’re gearing up for the latest mobile operating systems to hit the market. With the Apple iOS 11 release right around the corner, the time is now for IT and security leaders to zero in on their Apple iOS management strategy to prepare for the myriad changes set to affec
Publish At:2017-08-23 22:25 | Read:288 | Comments:0 | Tags:Mobile Security Apple apple releases Enterprise Mobility iOS

Hacker published the decryption key for the Apple Secure Enclave security chip

A hacker Thursday afternoon published what he claims to be the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. The Apple Secure Enclave is an ARM-based coprocessor that enhances iOS security, but on Thursday a hacker published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. According to Apple 
Publish At:2017-08-18 14:30 | Read:295 | Comments:0 | Tags:Breaking News Hacking Apple Apple Secure Enclave decryption

Faketoken evolves and targets taxi booking apps to steal banking info

Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information. Security experts from Kaspersky have discovered a news strain of the infamous mobile banking trojan Faketoken that implements capabilities to detect and record an infected device’s calls and display
Publish At:2017-08-18 14:30 | Read:147 | Comments:0 | Tags:Breaking News Malware Mobile Android Banking Malware Faketok

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware, while its geographical spread is growing. Some of these modifi
Publish At:2017-08-17 05:05 | Read:246 | Comments:0 | Tags:Mobile Google Android Malware Descriptions Mobile Malware Tr

GhostClicker Adware is a Phantomlike Android Click Fraud

By Echo Duan and Roland Sun We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode sc
Publish At:2017-08-16 13:40 | Read:219 | Comments:0 | Tags:Mobile Social adware android GhostClicker

Google adds Anti-Phishing feature also to Gmail app for iOS

To fight phishing attacks, Google has introduced a security measure for its Gmail app for iOS that will help users identify and delete phishing emails. Phishing continues to be one of the most dangerous threats, crooks continue to devise new techniques to trick victims into providing sensitive information. The technique is still the privileged attack vector
Publish At:2017-08-15 15:40 | Read:366 | Comments:0 | Tags:Breaking News Mobile Security Cybercrime Gmail Gmail app for

Can Online Dating Apps be Used to Target Your Company?

by Stephen Hilt, Mayra Rosario Fuentes, and Robert McArdle and (Senior Threat Researchers)  People are increasingly taking to online dating to find relationships—but can they be used to attack a business? The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a
Publish At:2017-08-10 09:45 | Read:249 | Comments:0 | Tags:Mobile Social Online Dating

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:233 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

New WannaCry-Mimicking SLocker Abuses QQ Services

by Lorin Wu Trend Micro researchers detected a new SLocker variant that mimics the GUI of the WannaCry crypto-ransomware on the Android platform. Detected as ANDROIDOS_SLOCKER.OPSCB, this new SLocker mobile ransomware variant features new routines that utilize features of the Chinese social network QQ, along with persistent screen-locking capabilities. SLock
Publish At:2017-08-02 20:00 | Read:279 | Comments:0 | Tags:Mobile Ransomware mobile ransomware SLocker WannaCry

The Svpeng Trojan continues to evolve, the last variant includes keylogger capabilities

Security experts at Kaspersky discovered the dreaded Svpeng Trojan has been recently modified to implement keylogger features. Cyber criminals are becoming even more aggressive and are using new stealth techniques. Security experts at Kaspersky have discovered that one of the most dangerous Android banking Trojan, Svpeng, has been recently modified to imple
Publish At:2017-08-02 13:35 | Read:558 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android Cybercrime

LeakerLocker Mobile Ransomware Threatens to Expose User Information

by Ford Qin While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. The LeakerLocker ransomware is bei
Publish At:2017-07-31 12:45 | Read:292 | Comments:0 | Tags:Mobile Ransomware

A new era in mobile banking Trojans

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Accessibility services generally provide user interf
Publish At:2017-07-31 09:45 | Read:317 | Comments:0 | Tags:Mobile Google Android Keylogger Mobile Malware

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud