Tuesday, November 26, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Mobile

MalwareBytes Security 

Fake Instagram assistance apps found on Google Play are stealing passwords

admin , , , , ,

Credit to Author: Nathan Collier| Date: Fri, 12 Apr 2019 17:40:55 +0000

We all want those Instagram likes and followers. But what if the app that’s supposed to be assisting you is also stealing your username and password? As a matter of fact, that’s exactly what we found in three fake Instagram assistance apps found on Google Play.

Categories:

Tags:

(Read more…)

The post Fake Instagram assistance apps found on Google Play are stealing passwords appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

Massive bank app security holes: You might want to go back to that money under the mattress tactic

admin ,

Credit to Author: Evan Schuman| Date: Fri, 05 Apr 2019 10:24:00 -0700

A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: “Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them,” the report noted. “Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution’s] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization.”

To read this article in full, please click here

Read more
MalwareBytes Security 

A week in security (March 25 – 31)

admin , , , , , , ,

Credit to Author: Malwarebytes Labs| Date: Mon, 01 Apr 2019 08:24:19 +0000

A roundup of news stories from March 25 – 31, including phishing, hacking, Government studies, mobile dangers on official stores and more.

Categories:

Tags:

(Read more…)

The post A week in security (March 25 – 31) appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Awakening the beast: BatMobi adware

admin , , , , , ,

Credit to Author: Nathan| Date: Fri, 29 Mar 2019 15:00:00 +0000

BatMobi is an Advertisement Software Developer Kit (Ad SDK) that was once clean and safe to use, but suddenly began serving adware in January. Learn more about this elusive threat, including how to clean it off pre-installed apps on mobile devices.

Categories:

Tags:

(Read more…)

The post Awakening the beast: BatMobi adware appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

With its Apple Card, Apple edges further into financial services

admin , , , ,

Credit to Author: Lucas Mearian| Date: Fri, 29 Mar 2019 03:00:00 -0700

Apple’s Monday announcement of a credit card – the Apple Card – represented a natural progression of the company’s journey into financial services that began with the Apple Wallet app and its contactless digital payment service, Apple Pay.

apple card iphonexs entertainment 032519 carousel.jpg.medium 2x Apple

The Apple Card, as described by the company this week, will offer users some attractive features: up to 3% cash back on daily purchases, no late or international transaction fees, and a physical chipped card make of titanium (sans any credit card numbers – just your name and an Apple symbol).

To read this article in full, please click here

Read more
ComputerWorld Independent 

Apple’s Box security scare shows the risk of shadow IT

admin , ,

Credit to Author: Jonny Evans| Date: Tue, 12 Mar 2019 10:25:00 -0700

Until enterprise IT truly gets to understand that its own internal systems need to be as easy to use as any iOS app and as easy to learn as an iPhone, potentially damaging data breaches will take place, threatening business confidentiality. Apple is not immune.

Apple and the human interface

The news is that information from some of the world’s biggest names in business – including Apple, Edelman and Discovery Channel – could have been accessed through Box Enterprise, which offers companies bespoke company name-based file archiving and sharing services using this URL construction:

https://<companyname>.app.box.com/v/<filename>

To read this article in full, please click here

Read more
ComputerWorld Independent 

Now you can buy police-grade iPhone hacking tools on eBay

admin , ,

Credit to Author: Jonny Evans| Date: Thu, 28 Feb 2019 06:25:00 -0800

If you want to hack your way into an old iPhone you can get hold of a law enforcement-grade system to do just that for a bargain price on eBay.

I think that’s a crime

I can’t stress this enough.

The very existence of tools like these is a threat to every smartphone user. This is because no matter how many times people argue that these solutions will only see use by law enforcement, these things always proliferate.

The fact that Celebrate systems law enforcement was until recently spending heavily on acquiring are now available on the open market for as little as $100 is a perfect illustration of this.

To read this article in full, please click here

Read more
Security Sophos 

Automated Android attacks deliver “UFO” cryptominer Trojan

admin , , , , , , ,

Credit to Author: Andrew Brandt| Date: Tue, 26 Feb 2019 16:00:23 +0000

A persistent attack against Android devices is on the rise and gaining traction with the criminals who do this sort of thing<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zu19kgWwZIw” height=”1″ width=”1″ alt=””/>

Read more