Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming

Just in time for Black Friday, Cyber Monday and the holiday shopping season, we investigated the most recent versions* of 30 of the leading, well-known mobile shopping applications to see how the application providers protect users from security and privacy risks.  The results based on our Advanced Application Analysis z3A technology are alarming: 100% of

Introduction Thousands of new malicious apps are being released for mobile devices every day. And thousands more variations of older malware are being released too. Unfortunately, many of these new/old threats are not being detected by the existing mobile malware technology. Organizations need next generation machine learning-based solutions that can effect

By Jessie Huang We recently found 49 new adware apps on Google Play, disguised as games and stylized cameras. These apps are typical adware, hiding themselves within mobile devices to show ads and deploying anti-uninstall and evasion functions. These apps are no longer live but before they were taken down by Google, the total number of downloads was more tha

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to

Planned your holiday travel just yet? Too soon? Not according to experts who told The Today Show the best time to book your Thanksgiving AND Christmas travel plans are before Halloween. After Halloween, fares go up, layover possibilities increase as does ending up in the middle seat.  The truth is, whenever you book travel – and more of us are doing s

People are slowly learning to be careful about providing their credentials when prompted by an email or phone call, but hackers are getting more creative and tricking users into giving their credentials when users think they’re just signing into their mobile app.  For example, BankBot is Android-targeting malware using fake overlay screens to mimic existing

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of

There are more than 5 million apps in the app stores. Most of these apps fit into the gaming, business, education, lifestyle, entertainment, and utility app categories. Some of these apps have access to and contain highly sensitive data and require in-app protection and security to defend against real-time cyberattacks. This security is in addition to securi

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected! Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails. I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly sig

Apps installed on smartphones and tablets are considered to be one of the biggest risks for companies today. And for good reason. In addition to diminishing the performance of the devices themselves, they can become the gateway to mobile and corporate tablets for cybercriminals. Because of this, IT departments should be wary of employees downloading certain

Are shopping apps safe? As we shoppers get better at identifying scams, cybercriminals are having to create new ways to try and steal our money. Effective PC security tools like Panda Safe Web can identify and block fake websites before scammers have a chance to trick us. But increasingly we are shopping from our smartphones and tablets instead of desktop PC

The Android operating system is the undisputed king of smartphones. According to the latest data from Kantar Media, Android continues to enjoy a solid lead in market share. Companies and individual users alike are turning to Android as their principal OS for their devices. Despite the success of this operating system, we have all complained about our smartph

Since the 1st of January, the iPhones in your mobile device fleet are even more secure. Or, at least, they should be based on Apple’s most recent requirements for developers. With the beginning of the new year, all apps that haven’t incorporated the App Transport Security (ATS) function will be unable to offer updates through the official store. With the ATS

Back in my younger days, I used to create apps for platforms like iOS, Android and yes, even Blackberry. Mostly, this was a hobby to fill a need which was being met by the infant app stores at the time.My primary concern wasn’t security, proper development techniques, or any of the other best practices found in the OWASP Top 10. It’s safe to say that there a