A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers.
This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source. However, an independent researcher discovered a similar bug in official Gmail Android app that allowed her to hide her real email address and change her display name in the account settings so that the receiver will not be able to know the actual sender. How to Send Spoofed Emails via Gmail Android App?
Read moreA software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.
The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers said. The company estimates that the affected apps are used by over 100 million users. According to Trend Micro's analysis, the Moplus SDK opens an HTTP server on devices where affected apps are installed; the server doesn't use authentication and accepts requests from anyone on the Internet.
Read moreAT&T and Verizon's implementations of LTE are said to be vulnerable to "to several issues" that could result in eavesdropping, data spoofing, and over-billing for potentially millions of phones.
Android devices on these networks are at most risk because the software "does not have appropriate permissions model" for LTE networks. T-Mobile customers were affected but the issue has since been "resolved," a spokesperson said. Apple products are not affected. LTE relies on packet switching, a common way of sending data across the internet, rather than the old method of circuit switching.
Read moreUsers of VKontakte social network are in danger of being duped into installing app that malicious code. Kaspersky Lab said VKontakte users data had been stolen. Thousands of Android users were affected.
Kaspersky Lab researchers said hackers had embedded the malicious code in the app, but users couldn’t notice the difference as it worked without any problems. Malicious app infected mostly Russian users. According to Kaspersky Lab research, hackers used the majority of stolen data for social media group promotion, without user’s knowledge. In this case it is very difficult for account owners to identify or notice data theft.
Read moreWe are still in the midst of the smartphone boom. Over the past couple of years, over 50% of all mobile devices used by consumers are smartphones. In turn, this leads to a major problem: mobile cyberthreats.
Whereas PC users are already used to at least basic “security hygiene,” the majority of smartphone users still consider their device ‘just a phone,’ which is in the same league as an iron or a washing machine – so why bother? Today’s smartphone is a full-fledged computer, which is much more powerful than the one you used to own 10 years ago. And it’s a dangerous computer. If you happen to have a smartphone, it’s quite likely you also have a bankcard.
Read moreChrome, Google’s web browser is said to have problems in incognito mode in its Android version and some of user’s online behavior is stored in history as a consequence.
Google’s Chrome web browser,right from its debut has faced criticism because it uses the WebKit Engine which uses lot of RAM and slows down the machine. Now a bug has been reported in Chrome browser in Android version in its Incognito mode. The Incognito mode was introduced in 2012 by Google for its Chrome browser, a feature now present in all of its variants, on Android, iOS, Mac, Linux, and Windows.
Read moreWithin the past month, malware disguised as an Android game twice made its way into the Google Play store and each time had between 100,000 and 500,000 downloads – making for a potential total infection rate of one million users.
The threat is a working game called Brain Test and it was identified by researchers with Check Point. Currently it has only been observed pushing advertisements, but the malware is quite advanced – it uses tricks to bypass app vetting system Google Bouncer, it uses privilege escalation exploits to gain root access on the device, and it takes steps to maintain persistency so it cannot easily be deleted.
Read moreAfter different errors made by Yandex employees, the mobile app Yandex.Navigator for Android started recording all sounds to a file. The error appeared while creating a new version of the application with Yandex.Navigator voice activation by Yandex commands.
Earlier to give the application voice command (to construct a route or find an address), each user had to click the special button. Before the release the company's employees have taken a debug version of the application by mistake for the final testing. The beta testing version recorded all the sounds to the memory card in order to understand how the voice recognition system worked.
Read moreUnder specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make a call or send an email to its service and complete the procedure.
Mejri explained that a vulnerability affecting the PayPal mobile app that can be exploited by attackers to access blocked accounts through repeated login attempts that leverage valid session cookies. The same trick could be used to bypass two-factor authentication process, once the attacker successfully accesses the account is it able to change its settings.
Read moreA security research company claims to have found a vulnerability baked into Android that could endanger nearly all devices running the popular mobile software. The flaw exists in the media playback tool built into Android.
Malicious hackers could take advantage of it by sending to an Android device a simple text message that, once received by the smartphone, would give them complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information. The flaw has not been exploited, but in a blog post on its own website, it said that Android devices worldwide are vulnerable.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland