In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts. In a Dec. 20 blog post, Twitter noted that it issued an…
Facebook this week filed a lawsuit against a reputed spyware provider that allegedly exploited a WhatsApp vulnerability to enable smartphone hacking, and also pursued legal action against the domain hosts of multiple websites that allegedly offer tools for hacking the social network. On Tuesday, Facebook and its encrypted messaging subsidiary WhatApp filed a complaint against…
Twitter this week disclosed that it gave advertisers access to email addresses and phone numbers that users had supplied to the social media messaging platform, originally for two-factor authentication purposes. The company is asserting that this practice was inadvertent. In an online post, Twitter acknowledged that data intended for “safety or security purposes” went to…
Hundreds of millions of Android devices have potentially been compromised by malicious adware and ad fraud apps that on the surface appear to offer harmless services such as selfie filters, weather forecasts or VPN security, according to a trio of recently released research reports. Late last week, researchers at mobile security company Wandera reported finding…
For months in some instances, Canadian banking giant Scotiabank reportedly stored highly sensitive digital property on a series of publicly open and accessible GitHub repositories, potentially exposing its internal source code, login credentials and access keys. The financial institution had the repositories “torn down” earlier this week after being alerted to the error, according to…
Malicious hackers can use verbal commands to perform SQL injections on web-based applications run by virtual assistants such as Amazon’s Alexa, researchers say. “Leveraging voice-command SQL injection techniques, hackers can give simple commands utilizing voice text translations to gain access to applications and breach sensitive account information,” reports Baltimore, Maryland-based Protego Labs, in a blog…
Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app. CNN this week reported that Facebook-owned Instagram is restricting the testing to only those individuals who have submitted high-quality research to its…
Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps. This “media file-jacking” flaw could allow attackers to alter photographs, modify invoices (to aid in a financial scam), swap out files in a particular channel feed, or potentially even…
And that’s a big “10-7” (radio lingo for “out of service”) for the Apple Watch Walkie Talkie app after the company reportedly disabled the feature following the discovery of a security vulnerability that could allow eavesdropping on iPhones. According to TechCrunch, Apple learned of the problem through a disclosure on its “report a vulnerability” portal.…
A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…
