HackDig : Dig high-quality web security articles for hackers

End of line: supporting IoT in the home

Trouble is potentially brewing in Internet of Things (IoT) land, even if the consequences may still be a little way off. System updates and issues surrounding expiring certificates will pose problems for manufacturers and headaches for consumers. System updates for fun and profit One of the first mainstream collisions of putting updates out to pasture
Publish At:2020-06-17 15:39 | Read:788 | Comments:0 | Tags:Cybercrime Privacy advertisement app appliance fridge guaran

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack i
Publish At:2020-01-06 14:35 | Read:1385 | Comments:0 | Tags:Exploits Mobile app APT google play exploit

There’s an app for that: web skimmers found on PaaS Heroku

Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming
Publish At:2019-12-04 16:50 | Read:1435 | Comments:0 | Tags:Web threats app apps credit card heroku Magecart paas skimme

Introducing iVerify, the security toolkit for iPhone users

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got your back! Today, Trail of Bits launched i
Publish At:2019-11-14 15:25 | Read:1768 | Comments:0 | Tags:Apple Education Exploits Guides iVerify Press Release Privac

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

by Luis Magisa Unlike in the pre-internet era, when trading in the stock or commodities market involved a phone call to a broker — a move which often meant additional fees for would-be traders — the rise of trading apps placed the ability to trade in the hands of ordinary users. However, their popularity has led to their abuse by cybercriminals who create fa
Publish At:2019-09-20 08:20 | Read:1987 | Comments:0 | Tags:Mac Malware app Trojan

Rio Olympics 2016 Keyboard app: more privacy challenges for enterprises

NBCUniversal Media’s official Rio 2016 Olympics keyboard app for iOS (left) and Android (right) A simple keyboard extension built for people celebrating the Olympics was actually collecting more information than its developer intended, putting personal privacy and corporate information at risk. Any time a very popular event like the Olympics occurs, or a wil
Publish At:2016-07-28 03:45 | Read:4424 | Comments:0 | Tags:Security app data leakage Enterprise mobile security keyboar

“Exclusive” Fallout 4 iOS Release Banished to the Wasteland

Online marketplaces such as Google Play and Apple’s App Store have various checks in place to ensure rogue / fake apps don’t slip through the cracks, but you can’t stop them all. Sure enough, here’s one which came crashing into, er, number 105 with a vengeance: Fallout 4 – Biohazard, priced at $6.99. Fallout 4 is currently sell
Publish At:2016-03-22 18:05 | Read:5202 | Comments:0 | Tags:Fraud/Scam Alert app apps fallout 4 falout iOS store IOS

“Your Recent Purchase with your Apple ID”…

Apple fans should steer clear of a convincing phishing mail doing the rounds, with the sender address popping up in a 419 scam not so long ago. Here’s the mail in question: It’s a fake tax receipt which states that a purchase has been made for “Rain Radar, Remove Ads”. If you didn’t make this purchase, you should visit the link
Publish At:2016-03-17 10:55 | Read:5945 | Comments:0 | Tags:Phishing app Apple email fake phish phishing

App permissions – your last best hope for privacy

We have written a lot about how companies treat you as an asset. A source of data that can be monetized in a variety of ways. Spotify did recently change their terms and ensured that this topic stays in the headlines. They want to collect information stored on your mobile device, such as contacts, photos and media files. No thanks! My Spotify app plays music
Publish At:2015-09-09 06:45 | Read:5052 | Comments:0 | Tags:Mobile Phone Privacy Android app app permissions apps big da

WhatsApp Issues Update for ‘MaliciousCard’ Vulnerabilities in Web-Based Extension

WhatsApp, a popular mobile application with more than 900,000 million active users, has released an update to address several significant vulnerabilities in the app’s web-based extension.With WhatsApp Web, sent and received messages are fully synced between a user’s phone and computers, giving users the capability to access messages on both devices.However,
Publish At:2015-09-08 18:35 | Read:4068 | Comments:0 | Tags:Latest Security News app Check Point mobile vulnearbility Wh

Facebook Apps Phish Wants Government Approved ID

We sometimes see Facebook Apps pages being used for phishing scams, and here’s one that’s been doing the rounds recently: apps(dot)facebook(dot)com/783348471781894 This apps page served up a website in a frame, which (unusually) changed since we first started looking at it. Originally, the page claimed to be offering something called “Faceb
Publish At:2015-08-05 20:10 | Read:6495 | Comments:1 | Tags:Online Security app facebook ID phish

WhatsApp Elegant Gold Hits the Digital Catwalk

Late last year, a scam targeted users of WhatsApp called “Whatsapp Gold” was simply a way of extracting phone numbers and potentially charging phone owners “up to $51″ on their bills. Someone has decided to bring this one back with a twist – and by “twist”, I mean “add a random word in the old name and hope for
Publish At:2015-07-02 03:10 | Read:6672 | Comments:0 | Tags:Fraud/Scam Alert app fake Mobile scam

Facebook Phishing via Apps is Alive and Well

We’ve seen a number of phishing attempts targeting users of Facebook, and just like the campaign we’ve seen in February last year, the scammers have used the Apps feature. The pages you’re about to see below originated from one account, specifically: apps[DOT]facebook[DOT]com/1454467078202373/ Click to view slideshow. These phishing pages r
Publish At:2015-07-02 03:10 | Read:3115 | Comments:0 | Tags:Fraud/Scam Alert app facebook phish phishing scam security

POLL – How should we deal with harmful license terms?

We blogged last week, once again, about the fact that people fail to read the license terms they approve when installing software. That post was inspired by a Chrome extension that monetized by collecting and selling data about users’ surfing behavior. People found out about this, got mad and called it spyware. Even if the data collection was documented in t
Publish At:2015-04-15 11:21 | Read:5340 | Comments:0 | Tags:Privacy Web ad ads advertising advertizing app apps data per

Android Installer Hijacking Bug Used as Lure for Malware

Mobile users became alarmed after the discovery of an Android bug that was dubbed as the “Android Installer Hijacking vulnerability.” This flaw can allow cybercriminals to replace or modify legitimate apps with malicious versions that can steal information. Given the high profile nature of this discovery, we decided to search for threats that might exploit t
Publish At:2015-04-07 06:20 | Read:4524 | Comments:0 | Tags:Malware Mobile android Android Installer Hijacking Android v

Tools