A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain … [Read more...] about Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store
apps
New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud … [Read more...] about New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Auto-Instrumenting Node.js JavaScript Apps with OpenTelemetry
In this tutorial, we will go through a working example of a Node.js application auto-instrumented with OpenTelemetry. In our example we’ll use Express, the popular Node.js web application framework.Our example application is based on two locally hosted services sending data to each other. We will instrument this application with OpenTelemetry’s Node.js client library to … [Read more...] about Auto-Instrumenting Node.js JavaScript Apps with OpenTelemetry
Secure Cloud Apps Without Sacrificing Speed
Developing applications quickly has always been the goal of development teams. Traditionally, that often puts them at odds with the need for testing. Developers might code up to the last minute, leaving little time to find and fix vulnerabilities in time to meet deadlines. During the past decade, this historical push-pull between security and developers led many organizations … [Read more...] about Secure Cloud Apps Without Sacrificing Speed
Over 10 Million Android Users Targeted With Premium SMS Scam Apps
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, … [Read more...] about Over 10 Million Android Users Targeted With Premium SMS Scam Apps
Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable … [Read more...] about Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users
Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps … [Read more...] about Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users
23 Android Apps Expose Over 100,000,000 Users’ Personal Data
Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today … [Read more...] about 23 Android Apps Expose Over 100,000,000 Users’ Personal Data
How Apple Gave Chinese Government Access to iCloud Data and Censored Apps
In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move users' iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, Apple's privacy and security … [Read more...] about How Apple Gave Chinese Government Access to iCloud Data and Censored Apps
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, … [Read more...] about 1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them