HackDig : Dig high-quality web security articles

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (W

By Song Wang (Mobile Threat Analyst) At the start of the year, Google updated its permission requests in Android applications, and in particular, restricted access to SMS and CALL Log permissions. Google also added requirements for non-default applications (or those that don’t provide critical core features), allowing them to prompt and ask users for permiss
Publish At:2019-10-18 14:35 | Read:5368 | Comments:0 | Tags:Mobile Social android Carrier Billing google play WAP Billin

Business Process Compromise and the Underground’s Economy of Coupon Fraud

by Vladimir Kropotov and Fyodor Yarochkin (Senior Threat Researchers) The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year. And where there’s money to be made, there are cybercriminals rustling up schemes to take advantage of it. Unsurprisingly, that was the cas
Publish At:2017-09-29 00:50 | Read:7564 | Comments:0 | Tags:Bad Sites Deep Web Social Business Process Compromise Coupon

GhostClicker Adware is a Phantomlike Android Click Fraud

By Echo Duan and Roland Sun We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode sc
Publish At:2017-08-16 13:40 | Read:6712 | Comments:0 | Tags:Mobile Social adware android GhostClicker

Can Online Dating Apps be Used to Target Your Company?

by Stephen Hilt, Mayra Rosario Fuentes, and Robert McArdle and (Senior Threat Researchers)  People are increasingly taking to online dating to find relationships—but can they be used to attack a business? The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a
Publish At:2017-08-10 09:45 | Read:4930 | Comments:0 | Tags:Mobile Social Online Dating

How HTML Attachments and Phishing Are Used In BEC Attacks

Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files but HTML pages: Fi
Publish At:2017-07-27 16:35 | Read:7087 | Comments:0 | Tags:Social Targeted Attacks BEC HTML attachments phishing

Exploring the Online Economy that Fuels Fake News

By Lion Gu, Vladimir Kropotov, and Fyodor Yarochkin (Senior Threat Researchers) “Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propagand
Publish At:2017-06-13 14:05 | Read:5807 | Comments:0 | Tags:Bad Sites Social cyber propaganda fake news Public Opinion M

iPhone Phishing Scam Crosses Over Physical Crime

Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big, metropolitan areas in countries like Brazil. He managed to buy a new one, but kept the same number for convenience. Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password. Fortunately, he wa
Publish At:2017-05-05 09:25 | Read:7121 | Comments:0 | Tags:Bad Sites Social Brazilian underground market iphone phishin

How Cyber Propaganda Influenced Politics in 2016

Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals. In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organizations.
Publish At:2017-01-12 16:40 | Read:5986 | Comments:0 | Tags:Social Targeted Attacks cyber propaganda Pawn Storm

Selling Online Gaming Currency: How It Makes Way for Attacks Against Enterprises

Offhand, companies and enterprises being affected by attacks like DDoS against the online gaming industry may be far-fetched. But the gaming industry, being a billion-dollar business with a continuously growing competitive community, is naturally bound to garner attention from cybercriminals. A recent wire fraud case, for instance, allowed a group of hackers
Publish At:2016-11-24 02:35 | Read:6119 | Comments:0 | Tags:Bad Sites Malware Social cryptocurrency DDoS online gaming o

Masque Attack Abuses iOS’s Code Signing to Spoof Apps and Bypass Privacy Protection

First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima’s repackaged, ad
Publish At:2016-11-19 12:05 | Read:6837 | Comments:0 | Tags:Mobile Social Vulnerabilities Haima iOS repackaged apps thir

Let’s Encrypt Now Being Abused By Malvertisers

Encrypting all HTTP traffic has long been considered a key security goal, but there have been two key obstacles to this. First, certificates are not free and many owners are unwilling to pay; secondly the certificates themselves are not always something that could be set up by a site owner. The Let’s Encrypt project was founded with the goal of elimina
Publish At:2016-01-07 04:10 | Read:5760 | Comments:0 | Tags:Bad Sites Malware Social malvertising Let's Encrypt

CTO Insights: Encryption Works – Don’t Break It!

Every now and then, an ill-informed politician will stand before a microphone and say something along the lines of: encryption is helping bad guys (either terrorists, child pornographers, or other similarly acceptable target), because law enforcement can’t see what the bad guys are doing because they’re using sophisticated tools that use encrypti
Publish At:2015-12-01 06:05 | Read:5352 | Comments:0 | Tags:Social cryptography encryption privacy terrorism

Siri’s Flaw: Apple’s Personal Assistant Leaks Personal Data

Siri for iOS devices has made everyday tasks easier; whether it is getting directions to the nearest gas station or staying in contact with growing social media networks. iOS users can just call out a contact’s name and the device will populate with a telephone number and email address. However, convenience comes with a price: personal information. What if I
Publish At:2015-11-18 10:35 | Read:6768 | Comments:0 | Tags:Mobile Social Apple data leak iOS Siri

2016 Predictions: The Fine Line Between Business and Personal

Like any other year, 2015 had its mix of ups and downs in the world of security. A fine line exists between the threats that we face and the solutions we have at our disposal; any slip-up on the part of defenders can make an existing problem that much worse. The coming year will not be any different. In 2016, cyber extortionists will devise new ways to targe
Publish At:2015-10-27 16:20 | Read:5845 | Comments:0 | Tags:Internet of Things Mobile Social Targeted Attacks 2016 predi

Ashley Madison, Why Do Our Honeypots Have Accounts On Your Website?

She is 33 years old, from Los Angeles, 6 feet tall, sexy, aggressive, and a “woman who knows what she wants”, according to her profile. She is intriguing. However, her intrigue doesn’t end there: her email address is one of Trend Micro’s email honeypots. Wait… what? This was how we learned that Ashley Madison users were being ta
Publish At:2015-09-08 08:25 | Read:5437 | Comments:0 | Tags:Social


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud