Google Play stocks malicious apps

Key details: 12/02/2017 Google Play fooled into stocking malicious apps that were downloaded by over 1 million users. Another example of Google Play’s security and checking processes that have failed, allowing malicious applications to be made available to users. Fake App Most of these apps were uploaded to Google Play in October 2017 Cyber criminals were publishing malicious apps on Google Play Store for more than two years Apps use malicious code to steal login credentials Targeted users in certain languages – Russian, Ukrainian, Armenian, Azerbaijani, Belarusian, Romanian…. https://securelist.com/still-stealing/83343/  WhatsApp fake A fake version of WhatsApp was found to have more than a million user[…]

Continue reading …

1.4 billion usernames, email, and password combinations leaked

Key details: 9th December 2017 4iQ discovered a single file with a database of 1.4 billion clear text credentials Breach is twice as big as the previous largest credential exposure This database allows criminals to search for passwords and usernames easier and quicker, especially targeting users that reuse passwords on multiple sites. Found on 5th December 2017 in an underground community forum. Top passwords include: Password 123456 abc123 qwerty 123456789 1234 iloveyou Users worried about breach can check their e-mails here: https://haveibeenpwned.com/  https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14  

Continue reading …

Russian hackers exploited Kaspersky to steal data from NSA contractor

Key date: 7th October 2017 Russian hackers exploited a vulnerability in Kaspersky Lab’s software to steal sensitive cyber defense data from a United States National Security Agency contractor. Incident occurred in 2015 and involved a contractor ignoring policy and loading information onto personal laptop to take home and work on. Contractor worked in the NSA’s Tailored Access Operations unit, NSA’s own elite hacking division. At the time, the NSA’s security was “sloppy”, because when they “work within the agency, they work on our systems,” quoted a spokesman. Kaspersky Lab denied any “inappropriate” links to the Russian government. Acting DHS Secretary Elaine Duke noted Kaspersky antivirus[…]

Continue reading …