<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
12
December
2017

85 password stealing apps found on Google Playstore

85 password stealing apps found on Google Playstore

Security researchers discovered malicious apps designed to steal credentials from users have been downloaded million times from Google play store. Among these, the most popular app is a gaming app. Though, according to a blog post, it was a normal app without any malicious code but later it was updated with information-stealing capabilities.

The apps used an official SDK for VK.com but slightly modified it with malicious JavaScript code in an effort to steal users' credentials from the standard login page of VK and pass them back to the apps.

Since these apps looked like they came from VK.com – for listening to music or for monitoring user page visits, requiring a user to login into his/her account through a standard login page did not look suspicious at all. The information stolen through the apps are helping cyber criminals to promote groups and increase their popularity.

To avoid your credentials being stolen, make sure to enable Google Play Protect in devices.

Source: securelist.com

12
December
2017

Phishing attacks pose the greatest threat to people than data breach, says Google

Phishing attacks pose the greatest threat to people than data breach, says Google

When it comes to account compromise, phishing poses a greater threat than data breaches, say researchers at Google and UC Berkeley.

Data collected by Google shows that 80 percent of all the phishing kits observed targeted usernames, passwords, and geolocation; followed by phone numbers and device details. A smaller subset of the phishing attacks also targeted secret questions, full names, credit card data, and Social Security Numbers. (tahawultech.com)

For some people, Google controls most of their identity online, and losing access to that critical account could be devastating. According to Google, enterprising hijackers are constantly finding out, and are able to realize, billions of different platforms’ usernames and passwords on black markets.

11
December
2017

Malware Surfaces In Facebook Ads

Malware Surfaces In Facebook Ads

The ads come with provocative headlines about hot-button political issues and targeted Facebook users likely to click based on political ideologies.

In September, an ad with the headline, "New Approval Ratings For President Trump Announced And It's Not Going The Way You Think," targeted Facebook users over 40. "Regardless of what you think of Donald Trump and his policies, it's fair to say that his appointment as President of the United States is one of the most…," ran the text. There was a "Learn more" button to lure the audience to click to read the whole news.

Those who clicked the button to read the elaborate news found their computers frozen with a warning and a phone number that users could call to get it fixed for a price. Though the freeze was temporary and restarting the computer would have unlocked it, some worried users who called the number were asked to pay to restore their access, according to computer security experts who have tracked the scam for more than a year.

Source: propublica.org

08
December
2017

Critical security flaw in major banking apps left 10 MILLION accounts vulnerable to hackers

Critical security flaw in major banking apps left 10 MILLION accounts vulnerable to hackers

The vulnerability in question stems from the fact that the affected apps’ cryptographically signed certificate failed to verify the hostname on the server it attempted to connect with. This could allow malicious third parties on the same network as the victim to step in and take control of an online banking session, intercepting usernames and passwords to hijack an account.

Researchers have tested a new tool on a sample of 400 apps, and found that several banking apps had a critical vulnerability that could have allowed hackers to access anyone's username and password who is connected to the same network as the victim, to perform a 'Man in the Middle Attack.'

Apps from some of the world's largest banks were found to contain this flaw, which, if exploited, could have allowed an attacker to decrypt, view and modify network traffic from users of the app.

Source: dailymail.co.uk

07
December
2017

$64 million in Bitcoin stolen from cryptocurrency mining company Nicehash

$64 million in Bitcoin stolen from cryptocurrency mining company Nicehash

The cryptocurrency mining company NiceHash announced the breach in a statement where they recommended users to change their passwords. Nicehash had suspended their operations for the time being as the compromise of their payment system caused 64million loss.

Hackers made off with contents of the company's bitcoin account, according to Andrej Škraba, the Slovenian marketplace's head of marketing. He told Reuters that the compromise was highly professional and involved "sophisticated social engineering".

"There are certainly a number potential security issues to discuss, from API vulnerabilities to web application and database protection, however, without more details from NiceHash, we can only speculate by which method of attack their website was compromised," said Rusty Carter, vice president of product management for mobile app security company Arxan Technologies, via email.

Source: reuters.com

04
December
2017

Paypal Subsidiary data breach affects 1.6 Million Customers

Paypal Subsidiary data breach affects 1.6 Million Customers

Hackers may have obtained personal information for 1.6 million individuals after compromising the systems of Paypal's subsidiary TIO Networks.

An investigation conducted in collaboration with third-party cybersecurity experts revealed that TIO's network had been breached, including servers that stored the information of TIO clients and customers of TIO billers. Affected companies and individuals will be contacted via mail and email and offered free credit monitoring services via Experian.

Source: PYPL_News_2017_11_10_General_Releases.pdf

01
December
2017

Google sued for snooping on British iPhone user's privacy

Google sued for snooping on British iPhone user's privacy

The company has already been fined more than $40 million in the US over the scandal which involved tens of millions of people around the world.

Google is accused of bypassing the default privacy settings on Apple phones and successfully tracking the online behavior of people using the Safari browser which is then used. The data is used in its DoubleClick advertising business, which enables advertisers to target content according to a user's browsing habits.

Google believes that U.K. privacy laws do not apply to the company, and so British consumers that want to take the tech giant to court are facing a losing battle.

Source: mirror.co.uk

Research Articles

Read All Research Articles »
Want to become a successful bug bounty hunter? Follow the steps!
Want to become a successful bug bounty hunter? Follow the steps!

If you are inquisitive by nature and dream to become a successful bug bounty hunter, the first thing you need is consistent, if not constant, attention. As IT security is becoming the talk of the town, more and more companies are focusing on conducting Bug Bounty programs to make their software more secure.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details