/ Security News /

Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users’ smartphones to fraudulently click on Facebook ads. According to Facebook, Hong Kong-based ‘LionMobi’ and Singapore-based ‘JediMobi’ app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as “click …

/ Security News /

Even after Google’s security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers’ existing accounts, is enough for ‘bad-faith’ developers to trick the Play …

/ Security News /

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations …

/ Security News /

The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with. A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer Blog on Friday. What …

/ Security News /

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to steal files and execute malicious code on vulnerable systems remotely. The issue was discovered by security researchers …

/ Security News /

From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business model—instead of investing, spammers have started a new wave of …

/ Security Assessments News /

Enlarge / A computer screen displaying Eternalromance, one of the NSA exploits used in Tuesday’s NotPetya outbreak. Update: This post was revised throughout to reflect changes F-Secure made to Thursday’s blog post. The company now says that the NotPetya component was probably completed in February, and assuming that timeline is correct, it didn’t have any definitive …

/ Security Assessments News /

Open-source developers who use Github are in the cross-hairs of advanced malware that can steal passwords, download sensitive files, take screenshots, and self-destruct when necessary. Dimnie, as the reconnaissance and espionage trojan is known, has largely flown under the radar for the past three years. It mostly targeted Russians until early this year, when a …