Telsa dramatically upped the ante at the upcoming CanSecWest security conference Pwn2Own contest with the company offering up a Tesla Model 3 among other prizes to anyone who can successfully hack the vehicle. The Zero Day Initiative said a car will be on site at the conference, being held March 20-22 in Vancouver, and the…
An old hoax targeting WhatsApp users has reportedly reemerged, attempting to scare users by falsely warning them not to download a supposed video that contains dangerous malware. The fake notification, which pops up up on WhatsApp’s instant message feature, advises users to be on the lookout for a malicious video titled “Martinelli”. However, no such…
Preying on an individuals’ desire to personalize their mobile phones, scammers infused at least 15 Android wallpaper apps to redirect phony ad click revenue, reported Trend Micro in a blog post. The Google Play Store removed the mobile phone apps, which were downloaded more than 222,200 times while being available over a period of several…
Google is boosting Android Key security for mobile apps with new Keystore features to improve the safety of devices running Android Pie. The Android Keystore provides application developers with cryptographic tools designed to secure user data and Android Pie is introducing new capabilities to Keystore to enable restrictions on key use and to secure key…
Google yesterday issued a stable channel update for the desktop version of its Chrome browser for Windows, Mac and Linux, addressing a high-level vulnerability in the process. The bug, CVE-2018-17481, is a use after free flaw in PDFium that was originally repaired in an earlier Chrome release. However, yesterday’s update to version 71.0.3578.98 introduces additional…
ESET has come across an Android trojan capable of defeating the multifactor authentication required to access the official PayPal app. Multifactor authentication (2FA) has become a keystone for many organizations and individuals attempting to secure their data, but one cybergang has created an app masquerading as a battery optimization tool in third-party Android stores that…
The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular users of secure messaging apps such as WhatsApp and Telegram. The SEA is…
Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…
A malicious actor recently smuggled 13 malicious apps disguised as driving simulator games into Google Play, resulting in more than 560,000 installations before they were removed. Each of the sketchy apps was found to download and launch in the background an additional malicious APK, titled “Game Center.” This APK hides its own icon and displays ads…
A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…
