Recent Posts

Pages: [1] 2 3 ... 10
By Lawrence Abrams

19 Android apps with over 50 million installs were found on the Google Play store that state that they are full featured GPS apps, but instead simply show an advertisement and then show Google Maps.

These apps were discovered by ESET Android security researcher Lukas Stefanko who stated that they promote themselves as full featured apps and use screenshots from other legitimate apps to entice users to install them.

Full Article Here:
By Sergiu Gatlan

Two Android apps infected with banking malware were found on the Google Play Store, already having been installed on thousands of Android devices and sporting dozens of fake five-star ratings.

The Trend Micro malware research team linked the malware payload found in the two apps with the Anubis banking Trojan based on code similarity and a shared command and control (C&C) server (i.e.,, known to have been targeting the Android platform for the last two years.

Full Article Here:
By Sergiu Gatlan

A hidden web server always running in the background was found by security researcher Robert Baptiste in ES File Explorer, an Android file manager with over 100,000,000 installs displayed on the Google Play store page and over 500 million users worldwide according to its developer.

As discovered by Baptiste, right after launching the app it will start a local HTTP server on port 59777 which will stay open until all the background services of ES File Explorer are killed:

Everytime a user is launching ES File Explorer, a HTTP server is started. This server is opening locally the port 59777. An attacker connected on the same local network than the victim, can obtain a lot of juicy information (device info, app installed, ...) about the victim's phone, remotely get a file from the victim's phone and remotely launch an app on the victim's phone.

Full Article Here:
By Ionut Ilascu

Twitter announced today that an issue in its app for Android exposed some users’ protected tweets for over four years if they made certain changes to their account settings.

As a result, content intended only for approved followers became publicly visible.
Bug survived since late 2014

The problem caused the “Protect your Tweets” feature to become disabled for users of Twitter for Android that had it turned on and also made some modifications to their account, such as updating the associated email address.

Full Article Here:
By Lawrence Abrams

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT.

BlackRouter was originally spotted in May 2018 and had its moment of fame when TrendMicro discovered it dropping the AnyDesk remote access program and keyloggers on victim's computers.

Full Article Here:
Web News / Cryptomining Malware Uninstalls Cloud Security Products
« Last post by Antus67 on Today at 01:29:56 AM »

Author: Lindsey O'Donnell
January 17, 2019 9:03 am

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

Researchers say they have discovered a unique malware family capable of gaining admin rights on targeted systems by uninstalling cloud-security products. Instances of the malicious activity are tied to coin-mining malware targeting Linux servers.

Palo Alto Networks’ Unit 42, which published the report Thursday, said that the malware samples it found do not compromise, end-run or attack the security and monitoring products in question; they rather simply uninstall them from compromised Linux servers.

Full Article Here:
By Ionut Arghire on January 17, 2019

Cyber-attacks that have been ongoing since at least mid-2017 hit financial institutions in West Africa, Symantec security researchers report.

The attackers employed commodity malware and living-off-the-land tools to hit targets in Ivory Coast, Cameroon, Congo (DR), Ghana, and Equatorial Guinea to date. The identity of the attackers, however, remains unknown.

Four different types of attacks were used against financial organizations in the region, with the first of them underway since at least mid-2017. Organizations in Ivory Coast and Equatorial Guinea were infected with the NanoCore Trojan, but the legitimate PsExec tool was also used.

Full Article Here:
Web News / 773M Password ‘Megabreach’ is Years Old
« Last post by Antus67 on Today at 01:22:22 AM »
BY:Brian Krebs

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.

The dump, labeled “Collection #1” and approximately 87GB in size, was first detailed earlier today by Troy Hunt, who operates the HaveIBeenPwned breach notification service. Hunt said the data cache was likely “made up of many different individual data breaches from literally thousands of different sources.”

Full Article Here:
Security Alerts & Briefings / Re: Ad Blocking
« Last post by Digerati on January 17, 2019, 07:51:34 PM »
I have Chrome and use it only on occasion to verify if a site is working or not. I have Adblock Plus with it.
Security Alerts & Briefings / Re: Ad Blocking
« Last post by Corrine on January 17, 2019, 06:47:05 PM »
I haven't heard of SuperBlock but AdBlock Plus is well known and used by many.  Note:  I don't use Chrome but my preferred adblock program, uBlock Origin, is available in the Chrome Store.
Pages: [1] 2 3 ... 10