Posts

FEATURED

Google Pushes More Effort Into Their Bug Bounty Programs

"Expanding bug bounties on Google Play" 
Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy
"We're constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength of open platforms and ecosystems, and that the best ideas don't always come from within. It is for this reason that we offer a broad range of vulnerability reward programs, encouraging the community to help us improve security for everyone. Today, we're expanding on those efforts with some big changes to Google Play Security Reward Program (GPSRP), as well as the launch of the new Developer Data Protection Reward Program (DDPRP)."
More Detail Here: https://security.googleblog.com/2019/08/expanding-bug-bounties-on-google-play.html?m=1

New Windows Vuln May Place Many at Risk

"Critical Windows 10 Warning: Millions Of Users At Risk"via Davey Winder | Forbes

 "As the Black Hat security conference comes to an end in Las Vegas, so the DEF CON hacker convention begins. It didn't take long for the first critical warnings for Windows users to emerge as a result. This one is particularly worrying as, according to the Eclypsium researchers who gave the presentation, the issue applies "to all modern versions of Microsoft Windows," which leaves millions of Windows 10 users at risk of system compromise."

https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/#242a87812b51

Info Stealer Malware Aims for Gamers

A command and control info stealing malware named Baldr that stepped into the spotlight in January has increased its reputation with over 200 users.  Baldr steals anything from credentials to cached data and more from multiple different applications and browsers.  It even has appeared to have the capability to deliver payloads as well, including ransomware and is now being pointed at gamers.  Baldr appears to no longer be for sale but it is still active and being utilized. Its creator supposedly is pointing to Krypton to be its successor.
See more details about Baldr here: "Baldr vs The World: A SophosLabs report"via Albert Zsigovits: https://news.sophos.com/en-us/2019/08/06/baldr-vs-the-world-a-sophoslabs-report/

Malvertising: Online advertising's darker side via Talos Blog

"Malvertising: Online advertising's darker side" via Nick Biasini, Chris Neal and Matt Valites | Talos Blog "EXECUTIVE SUMMARY One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements (aka malvertising) and allowing content to remain online, accessible for the average user. The days of installing a basic ad blocker on your web browser and expecting full protection are gone. Between the sites that require them to be disabled and the ability for advertisers to pay to evade them, ad blockers alone are not sufficient. 
As this blog will cover in detail, malvertising is a problem not strictly associated with basic web browsing. It can also come with other software programs including adware or potentially unwanted applications (PUA). These latter examples require the most attention. In today's enterprise, an aggressive approach to advertising is required to be protected against malicious threats. …

Kali Linux for Raspberry Pi 4

"Raspberry Pi 4 and Kali" via Kali Linux News

"We love the Raspberry Pi, and judging by the response we got to alate night tweetwe sent out last weekend a lot of you love the Pi too! Because of that, when the Pi 4 dropped we wanted to get Kali supported on it right away." More detail here: https://www.kali.org/news/raspberry-pi-4-and-kali/

Scam App with Millions of Downloads

"'Updates for Samsung', the scam app with 10M+ downloads" via Pierluigi Paganini | Security Affairs

"Over ten million users have installed a fake Samsung app named "Updates for Samsung" that poses as firmware updates. The malicious app redirects users to a website offering and charging for firmware downloads. Technical detailsof the attack were shared byAleksejs Kuprins, malware analyst at theCSIS Group. The high number of installs for the app shows the great interest of users in getting firmware updates to improve the performance of their devices. The "Updates for Samsung" app promises to keep devices always up to date. Accordung to Kuprins, in reality, the bogus app only loads the updato[.]com website in a WebView (Android browser) component. The site provides both free and paid (legitimate) Samsung firmware updates, operators attempt to monetize their efforts by infesting the pages with ads." More details here: https://securityaffairs.co/wor…

Cryptocurrency Phishing Campaigns Are Changing Up Their Game

"Cryptocurrency phish dials back the fear, cranks up the politeness" via Paul Ducklin | Naked Security "Have you heard of a cryptocurrency outfit called Luno?
We hadn’t heard of it until today – there are lots of cryptocoin companies out there, after all – but cybercrooks certainly had.
According to its own website, Luno (it’s the word for moon in the constructed global language Esperanto, in case you’re wondering) has processed cryptocurrency transactions for more than 2,000,000 people in 40 countries since 2013.
And that’s more than enough potential phishing victims to make it worthwhile for crooks to pump out a spama kampanjo (that’s Esperanto for spam campaign, as you probably guessed) to try to trick Luno users into handing over personal data, including their Luno password.
So, rather sadly for Luno, quite a few people are going to be hearing the company name for the first time in the context of an attempted fraud against them."
Read more details here: https://…