URL address spoofing flaw keeps mobile victims from determining fake, real sites
If left unpatched, mobile browsers could direct to a fraudulent website where attackers steal account credentials and credit card information.
If left unpatched, mobile browsers could direct to a fraudulent website where attackers steal account credentials and credit card information.
Apple on Wednesday officially launched its iOS Security Research Device (SRD) program — a significant milestone for the white-hat hacker community, which has made significant strides in recent years gaining the trust of software developers, tech manufacturers and website operators that previously were reluctant to work with outsiders on security issues. Under the terms of…
The recent U.K. ban on the use of Huawei technology in its 5G wireless network is likely as much about salvaging the deteriorating U.S.-U.K. Sino relationship and restoring trade normalcy as it is about security. “There are clearly legitimate security concerns around Huawei, particularly given that as a result of the trade ban, equipment will…
Edicts by Wells Fargo, India and the U.S. military forbidding use of popular Chinese video-sharing app TikTok, may portend a national ban and raise questions if such a prohibition would be practical and enforceable, and what the greater implications would be. Owned by Beijing-based internet technology company ByteDance, TikTok has been downloaded more than 2…
A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…
Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…
Capitalizing on a Canadian government announcement pertaining to the development of a nationwide, voluntary Covid-19 contact tracing app, malicious actors this month created a fake version of such an app that in reality infects Android users with mobile ransomware. According to a new blog post from ESET, the ransomware, dubbed CryCryptor, was found being distributed…
An Amnesty International study of 11 Covid-19 contact tracing apps from Europe, the Middle East and North Africa found identified apps from Bahrain, Kuwait and Norway as the most dangerous to users’ privacy. In a news release published on Tuesday, the human rights organization’s Security Lab said Bahrain’s ‘BeAware Bahrain’, Kuwait’s ‘Shlonik’ and Norway’s ‘Smittestopp’…
A pair of Android barcode reader apps that were downloaded more than 1 million times were found to contain ad fraud malware that tries to stay hidden by generating advertisements that instantly disappear from view. The malware, detected as AndroidOS_HiddenAd.HRXJA, can operate in the background even when infected devices aren’t actively being used, and it…
Apple this week issued a new security update that addresses a zero-day vulnerability enabling iOS users to jailbreak their devices. The company has patched CVE-2020-9859, a memory consumption issue that can result in arbitrary code execution with kernel privileges. The fix was made in iOS 13.5.1 and iPadOS 13.5.1 for iPhone 6s and later, iPad…