Month: July 2017

Company expels 20 advanced surveillance apps installed on ~100 devices.     Dan Goodin – 7/27/2017   Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users’ e-mail, text messages, locations, voice calls, and other sensitive data.   The apps, which made their way onto… Continue reading Stealthy Google Play apps recorded calls and stole e-mails and texts

July 27, 2017  By Bill Brenner     It’s normal for Android apps to download plugins. The main application might just be a “view folder” while plugins provide much of the functionality. It’s not so normal when one of those plugins tries to steal your SMS messages.   SophosLabs has discovered two apps on Google… Continue reading Don’t want your SMSs stolen? Don’t download these Android apps

July 27, 2017 by Wendy Zamora   Full Article. Take a look at the best antivirus, anti-malware, anti-spy, etc. software Powered by WPeMatico

By Ionut Arghire on July 26, 2017   Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, as Google’s platform still allowed malicious OAuth clients to be submitted under deceiving names, Proofpoint security researchers say.   The… Continue reading Google Takes Second Swing at OAuth Worm

Probe finds widespread abuse of cop IT systems by personnel By John Leyden 26 Jul 2017     A freedom-of-information request by Huntsman Security has discovered that UK police forces detected and investigated at least 779 cases of potential data misuse by personnel between January 2016 and April 2017.   Despite the high number of… Continue reading Revealed: 779 cases of data misuse across 34 British police forces

By Kevin Townsend on July 26, 2017   Insiders attached two Raspberry Pi devices to a corporate healthcare network to help divert staff to a phishing website to phish staff credentials. An internet-connected smart fish tank transferred 10GB of data to an adversary’s server in Finland.   These are two of nine real-life examples presented… Continue reading Hacked Smart Fish Tank Exfiltrated Data to ‘Rare External Destination’

By Eduard Kovacs on July 26, 2017   Researchers at Cisco’s Talos security intelligence and research group have discovered several potentially serious vulnerabilities in FreeRDP. The tool’s developers patched the flaws on Monday with the release of an update.   FreeRDP is an open-source implementation of Microsoft’s Remote Desktop Protocol (RDP). The software, which allows… Continue reading Code Execution Vulnerabilities Patched in FreeRDP

July 26, 2017   by Michael Mimoso                                      LAS VEGAS—A 20-year-old Windows SMB vulnerability is expected to be disclosed Saturday during a talk at DEF CON. Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease using only 20 lines of Python… Continue reading Windows SMB Zero Day to Be Disclosed During DEF CON

25th July 2017  By Tara Seals   CepKutusu, a Turkish alternative Android app store, was found to be 100% infested with malware—where every single app delivered malicious code.   Eset researchers discovered that when users browsed the store and proceeded to download an app, the “download now” button led to banking malware instead of the… Continue reading Turkish Android App Store 100% Flush with Malware

Ransomware has always been sinister – now it’s creepy too.   By Danny Palmer | July 25, 2017   This is a Philadelphia ransomware ransom note targeting a hospital — but users will see something similar on their own computers if they’re not careful. Image: Proofpoint   As if ransomware wasn’t sinister enough, a simple… Continue reading This ransomware lets crooks spot their victim on a map