Skip to main content

Posts

Showing posts from October, 2019

WARNING — 500 Million+ UC Browser Android Users are Vulnerable to Man-in-the-Middle Attacks

Researchers discovered various unusual activities and vulnerabilities in UC Browser for the Android platform and it also violating the Google Play policies and exposing more than 500 million users to Man-in-the-Middle (MitM) attacks. UC Browser is the most popular browser in the Android platform with more than 500 million downloads from the Google Play Store. And UC Browser Mini also has 100 million+ downloads from the Google Play Store alone. So, More than 600 million users of the popular UC Browser and UC Browser Mini Android apps have been vulnerable to Man-in-the-Middle (MitM) attacks . Recent research from Zscaler reveals that the UC Browser and UC Browser Mini apps unusually made a request over an unsecured channel (HTTP over HTTPS) to download an additional Android Package Kit (APK) from the third-party source onto the Android user's devices. The researchers noticed that the UC Browser and UC Browser Mini app were sending requests to download an a

Major Security Flaw — Google Pixel 4’s Face Unlock Works Even if Your Eyes are Closed

Recently, Google launched its latest Pixel 4 series smartphones. It hasn't even arrived yet and someone has already found a major security flaw in the device. Google Pixel 4's Face Unlock works even if your eyes are closed and it's a major security flaw . This can be a problem as it can allow for unauthorized access if the person is asleep or even dead in more extreme cases. It is a serious privacy concern because it allows attackers to easily gain access to a person's device without their permission. Someone could easily open it just by holding up to the owner's face when the owner is asleep. Now, unauthorized access into a Google Pixel 4 phone is a constant concern for those who will buy one. According to the BBC reporter , Chris Fox , the Google Pixel's Face Unlock feature works even if a user's eyes are closed, a clear security risk for anyone with a Pixel 4. Using default settings, users who are asleep or even dead could unknowingly unlo

Google Play Store Flooding with Spyware, Banking Trojan, Adware Via Games, and Utility Apps

Google Play Store continues to be the source of malicious apps. Researchers found several Spyware , Banking Trojan , Adware , and other threats in these malicious apps. These malicious apps are designed to spy on users, show unwanted ads and also perform malicious activities on the user's devices. These apps are disguised as legitimate apps such as game apps, photo editors, family locator, memory boosters, crypto exchange, security and camera apps . Researchers found a new Banking Trojan named Android.Banker.352.origin distributed through a fake version of the official YoBit crypto application. Once the application launched, it open's up a fake authentication window and asks users to enter login credentials, if the login credentials are entered then the app sends the login credentials to the attacker server and shows the error message like service unavailable. So, this way Banking Trojan steals the user's login credentials. The Banking Trojan

Researchers Find New Hack To Read Content Of Password Protected PDF Files

Looking for ways to unlock and read the content of a password-protected or encrypted PDF file without knowing the password? Well, that's now possible, thanks to a set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file. PDFex, the new techniques include two classes of attacks that take advantage of a vulnerability in the standard encryption protection built into the PDF (Portable Document Format) . The PDFex doesn't allow an attacker to know or remove the password for an encrypted PDF file. But it allows an attacker to remotely exfiltrate content once a legitimate user opens that PDF file. In other words, PDFex attack allows attackers to modify a password-protected or encrypted PDF file, without having the corresponding password , in a way that when opened by someone with the correct password, the file will automatically send out a copy of the decrypted content to a remote attacker.