Security researchers discovered malicious apps designed to steal credentials from users have been downloaded million times from Google play store. Among these, the most popular app is a gaming app. Though, according to a blog post, it was a normal app without any malicious code but later it was updated with information-stealing capabilities.
Since these apps looked like they came from VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her account through a standard login page did not look suspicious at all. The information stolen through the apps are helping cyber criminals to promote groups and increase their popularity.
To avoid your credentials being stolen, make sure to enable Google Play Protect in devices.
When it comes to account compromise, phishing poses a greater threat than data breaches, say researchers at Google and UC Berkeley.
Data collected by Google shows that 80 percent of all the phishing kits observed targeted usernames, passwords, and geolocation; followed by phone numbers and device details. A smaller subset of the phishing attacks also targeted secret questions, full names, credit card data, and Social Security Numbers. (tahawultech.com)
For some people, Google controls most of their identity online, and losing access to that critical account could be devastating. According to Google, enterprising hijackers are constantly finding out, and are able to realize, billions of different platforms’ usernames and passwords on black markets.
The ads come with provocative headlines about hot-button political issues and targeted Facebook users likely to click based on political ideologies.
In September, an ad with the headline, "New Approval Ratings For President Trump Announced And It's Not Going The Way You Think," targeted Facebook users over 40. "Regardless of what you think of Donald Trump and his policies, it's fair to say that his appointment as President of the United States is one of the most…," ran the text. There was a "Learn more" button to lure the audience to click to read the whole news.
Those who clicked the button to read the elaborate news found their computers frozen with a warning and a phone number that users could call to get it fixed for a price. Though the freeze was temporary and restarting the computer would have unlocked it, some worried users who called the number were asked to pay to restore their access, according to computer security experts who have tracked the scam for more than a year.
The vulnerability in question stems from the fact that the affected apps’ cryptographically signed certificate failed to verify the hostname on the server it attempted to connect with. This could allow malicious third parties on the same network as the victim to step in and take control of an online banking session, intercepting usernames and passwords to hijack an account.
Researchers have tested a new tool on a sample of 400 apps, and found that several banking apps had a critical vulnerability that could have allowed hackers to access anyone's username and password who is connected to the same network as the victim, to perform a 'Man in the Middle Attack.'
Apps from some of the world's largest banks were found to contain this flaw, which, if exploited, could have allowed an attacker to decrypt, view and modify network traffic from users of the app.
The cryptocurrency mining company NiceHash announced the breach in a statement where they recommended users to change their passwords. Nicehash had suspended their operations for the time being as the compromise of their payment system caused 64million loss.
Hackers made off with contents of the company's bitcoin account, according to Andrej Škraba, the Slovenian marketplace's head of marketing. He told Reuters that the compromise was highly professional and involved "sophisticated social engineering".
"There are certainly a number potential security issues to discuss, from API vulnerabilities to web application and database protection, however, without more details from NiceHash, we can only speculate by which method of attack their website was compromised," said Rusty Carter, vice president of product management for mobile app security company Arxan Technologies, via email.
Hackers may have obtained personal information for 1.6 million individuals after compromising the systems of Paypal's subsidiary TIO Networks.
An investigation conducted in collaboration with third-party cybersecurity experts revealed that TIO's network had been breached, including servers that stored the information of TIO clients and customers of TIO billers. Affected companies and individuals will be contacted via mail and email and offered free credit monitoring services via Experian.
The company has already been fined more than $40 million in the US over the scandal which involved tens of millions of people around the world.
Google is accused of bypassing the default privacy settings on Apple phones and successfully tracking the online behavior of people using the Safari browser which is then used. The data is used in its DoubleClick advertising business, which enables advertisers to target content according to a user's browsing habits.
Google believes that U.K. privacy laws do not apply to the company, and so British consumers that want to take the tech giant to court are facing a losing battle.
If you are inquisitive by nature and dream to become a successful bug bounty hunter, the first thing you need is consistent, if not constant, attention. As IT security is becoming the talk of the town, more and more companies are focusing on conducting Bug Bounty programs to make their software more secure.Read Details