Cryptobugs Found in 300+ Google Play Store Apps
The Threatpost reported on a new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.
Researchers have discovered more than 300 apps on the Google Play Store breaking basic cryptography code using a new tool they developed to dynamically analyze it.
Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of cryptographic code according to 26 basic cryptography rules. Those rules include avoiding the use of: broken hash functions, bad passwords, reusing passwords multiple times, HTTP URL connections or a “badly-derived†key for encryption.
Hackers are Obsessed with Cryptocurrency and It’s Only Intensifying
Cyware Social reported on ever growing interest of hackers to cryptocurrencies
Attacks on cryptocurrency applications and platforms are spreading like wildfire. Recently, admins of Empire Market, the world’s biggest dark web marketplace that allegedly suffered a massive DDoS attack on August 23, could have exited the market pocketing $30 million. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets.
Joker Spyware Plagues More Google Play Apps
The Threatpost reported on Joker spyware messing with Google Play applications.
Google has deleted six apps from its Google Play marketplace that were infecting users with the Joker malware (a.k.a. Bread).
Together, the apps – which tout functionalities ranging from text messaging to emoji wallpaper – account for nearly 200,000 installs, researchers with Pradeo said in a post this week. As of Wednesday, Google confirmed with Threatpost that all infected applications have been removed from Google Play, but researchers said that they are still installed on the devices of their users, and urged users to immediately delete the apps.
Read more on the Threatpost
Slack Bug Allows Access to Private Channels, Conversations
The Threatpost reported on a critical Slack bug.
A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration, according to a security report.
The bug (rated between nine and 10 on the CvSS vulnerability-severity scale), was disclosed on Friday, and involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable.
Enterprise Data Security: It’s Time to Flip the Established Approach
The Threatpost published an article on enterprise data security by Rob Junker.
There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean†when it comes to their data-security program. In fact, they have their entire data-security approach backward – especially when it comes to managing data risk within today’s highly collaborative and remote workforce.
Read more on the Threatpost...
Active Malware Campaign Using HTML Smuggling
The Threatpost reported on ongoing malware campaign based on HTML smuggling.
Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign uncovered on Tuesday, dubbed “Duri,†has been ongoing since July.
It works like this: The attackers send victims a malicious link. Once they click on that link, a JavaScript blob technique is being used to smuggle malicious files via the browser to the user’s endpoint (i.e., HTML smuggling). Blobs, which mean “Binary Large Objects†and are responsible for holding data, are implemented by web browsers.
Corporate VPNs in danger as vishing attacks target home workers
SC Media published a report on current situation with cyberattack on remote workers using VPNs to connect to corporate networks.
Multiple hacking gangs are preying on remote workforces and corporate VPNs through vishing attacks that are more efficient, dangerous and ubiquitous than ever, prompting the U.S. government to issue both a warning and advice on how to thwart them.
“The news has spread throughout the hacker community and multiple groups are now doing this,†said Allison Nixon, chief research officer at Unit 221b.
SMBs assaulted by DeathStalker APT espionage campaigns
The hacker collective known as DeathStalker has recently widened its footprint to include small to medium-sized business (SMB) targets in the financial sector throughout Europe, Middle East, Asia and Latin America.
Deathstalker’s tactics, techniques and procedures aren’t different from when it first emerged as a hacker-for-hire, according to Kaspersky, which tracked Deathstalker’s activities for the past three years.
9 Applications Boosting Phone's Security and Privacy
David Nield of WIRED offered a selection of efficient applications developed to boost iPhones' and Androids' security beyond standard levels.
iOS and Android are both constantly evolving to be more secure and protect your privacy, but that doesn't mean they can't use a little help here and there. We've rounded up 9 great security apps for your phone right here, eschewing the standard antivirus and VPN options to bring you some lesser-known utilities that can really make a difference to how well protected your phone and all the data on it is.
By the way, we are aware that this list is a little Android-heavy, but that's due to the nature of Android and iOS. Apple takes more control over the security of iOS, whereas Google is more willing to let third-party apps step in—iOS apps simply aren't allowed to scan for viruses, analyze networks in detail, reconfigure user permissions, or access any of the other deep hooks in the software that a serious security app would need.
Read further on WIRED
Several Zoom Vulnerabilities Demonstrated at DEF CON 28
The Hacker News published the news on several new vulnerabilities discovered in Zoom.
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application.
According to cybersecurity researcher Mazin Ahmed, who presented his findings at DEF CON 2020 yesterday, the company also left a misconfigured development instance exposed that wasn't updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.