Schneier on Security

FEBRUARY 20, 2023

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles are following you. Tile security requires an “in-app feature.”

Surveillance 196

Surveillance Government 196

Appknox

MAY 12, 2022

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties.

Mobile 143

Mobile Internet Internet Software 143

Malwarebytes

MAY 10, 2023

The basic principle of these tags is that anyone with the matching app and permissions on their device (usually a phone) contributes to find the last location where the tag was detected. This could happen if a criminal planted a tag on your laptop so they could track its location.

Ransomware 98

Ransomware 98

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity 108

Cybersecurity Media Accountability Software 108

Bleeping Computer

NOVEMBER 30, 2022

Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. [.].

Spyware 107

Spyware Software 107

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance 115

Surveillance Mobile Spyware Telecommunications 115

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. An attacker can exploit this vulnerability to bypass signature validation using malicious apps. TAG experts explained that they were unable to capture the full Predator implant.

Spyware 109

Spyware Surveillance Mobile Hacking 109

Security Affairs

AUGUST 2, 2023

Another piece of sensitive information that the research team observed included a Google Tag Manager ID. Google Tag Manager is a tool used to optimize update measurement codes and related code fragments, collectively known as tags, on a website or mobile app.

Passwords 98

Passwords Accountability Mobile Hacking 98

The Hacker News

JULY 19, 2022

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites.

DDOS 95

DDOS Malware 95

Malwarebytes

MAY 6, 2023

The basic principle of these tags is that anyone with the matching app and permissions on their device (usually a phone) contributes to find the last location where the tag was detected. Examples of these accessories are the Apple AirTag, Tile Mate and Pro, Samsung SmartTag, and Google’s expected Grogu.

Manufacturing 93

Manufacturing Technology Ransomware 93

Security Affairs

DECEMBER 1, 2019

Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. ” reads the report published by Google TAG.”We SecurityAffairs – Google TAG, state-sponsored hacking). Pierluigi Paganini.

Phishing 134

Phishing Accountability Advertising Cyber Attacks 134

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. based company that provides code for software developers to profile smartphone app users based on their online activity, allowing them to send tailor-made notifications. ” The Army app was used by soldiers at one of the nation’s main combat training bases.

Mobile 228

Mobile Malware Technology Government 228

Security Boulevard

MAY 5, 2021

This year, Google’s Threat Analysis Group (TAG) discovered a largescale cyberattack that originated out of North Korea. The post Social Media Apps like LinkedIn Have Become Tools for Human Hacking first appeared on SlashNext. The cyberattack utilized fake blogs, fake email accounts, and even […].

Media 108

Media Hacking Accountability Social Engineering 108

The Last Watchdog

JANUARY 13, 2022

While the price tag of these violations was shocking, the compliance failure was not. The ever-changing landscape of rapid communication via instant messaging apps, such as WhatsApp, Signal, WeChat, Telegram, and others, has left regulated industries to find a balance between compliance and efficient client communication.

Mobile 227

Mobile Encryption Risk 227

CyberSecurity Insiders

NOVEMBER 8, 2021

TikTok, that was developed by Chinese firm ByteDance has topped the list of most popular and downloaded apps worldwide in this year with over 57 million installs. And Douyin, a successor to the above stated Chinese short video app is also tagged as a global hit, as it has found a second place in the list with over 55.8

Data privacy 117

Data privacy Internet Internet Cybersecurity 117

Malwarebytes

FEBRUARY 7, 2024

In the past we’ve seen campaigns on Messenger where clicking such a link would install a Facebook app that required posting permissions. These apps would then spread further from the compromised user account. Check for unknown and unused Facebook apps. Click Apps and Websites.Go Click your profile picture.

Scams 136

Scams Passwords Identity Theft Accountability 136

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Accountability 130

Accountability Malware Phishing Social Engineering 130

Approachable Cyber Threats

JULY 19, 2022

RFID uses electromagnetic fields in the form of radio waves to establish communication links between an RFID tag or transmitter and an RFID reader or receiver. Pieces of information are transmitted through the link that the reader uses to establish authenticity of the tag or transmitter and authorize access. Is RFID secure?

Risk 119

Risk Encryption Technology Retail 119

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware 91

Spyware Surveillance Firmware Internet 91

Malwarebytes

NOVEMBER 1, 2022

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. It turns out that this app uses delays quite a bit, as you’ll discover in our analysis.

Phishing 90

Phishing Malware Mobile Adware 90

eSecurity Planet

JUNE 1, 2023

To avoid issues, we need to understand the DMARC record tags in detail. DMARC Record Tags in Detail To understand the DMARC record, we start with an example record and then explore the detailed options for each tag. Tags are separated by semicolons ( ; ) with no extra spaces.

DNS 78

DNS Authentication Marketing eCommerce 78

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. It is important to highlight that the library was not developed by the authors of the apps.

Data collection 97

Data collection Mobile Malware Education 97

Security Affairs

FEBRUARY 15, 2019

The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search. “Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search.

Advertising 93

Advertising VPN Backups Cryptocurrency 93

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Malware 128

Malware Phishing Antivirus Hacking 128

SecureWorld News

NOVEMBER 27, 2023

An inexpensive phone could be purchased and left in someone’s bag or car for several days while an app communicates with the user’s account to notify them whenever the phone is on the move. These radios are being tracked and tagged by marketers, telecom companies and individuals in an effort to resell that data to parties willing to pay.

Wireless 83

Wireless Energy and Utilities Technology Data privacy 83

Malwarebytes

MAY 17, 2022

Most recently, it’s reported that Ohio has proposed a new bill in relation to electronic tagging devices. Find My, an app for Apple mobiles, is an incredibly slick way to keep track of almost any Apple product you can think of. She only became aware of what was happening because her phone alerted her to the tag’s presence.

Mobile 119

Mobile Technology 119

Security Affairs

OCTOBER 31, 2022

ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have discovered five malicious dropper apps on the official Google Play Store. that were delivered using dropper apps on Google Play with 10k+ installations.

Banking 89

Banking Cryptocurrency Authentication Malware 89

Security Boulevard

FEBRUARY 2, 2024

Based on the breach details Microsoft provided, a critical part of SVR’s Attack Path involved abusing a foreign app registration with elevated privileges in Microsoft’s corporate Entra ID tenant. ”, or our recent video describing the breach here , to understand the full scope of what we know based on Microsoft’s transparency report.

Risk 61

Risk Cybersecurity 61

Malwarebytes

MARCH 8, 2022

One such Google Docs revamp is the “tag tool” which fetches lists of recommended people. It’s worth noting this behaviour wasn’t just restricted to Docs; other apps like Slides were affected too. Spammers figured out they were able to send messages via tagging to “nearly any email address” (as per this article ).

Risk 69

Risk 69

Security Affairs

APRIL 1, 2023

The exploits were used to install commercial spyware and malicious apps on targets’ devices. Google TAG shared indicators of compromise (IoCs) for both campaigns. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits.

Spyware 86

Spyware Surveillance Mobile Education 86

Security Affairs

DECEMBER 1, 2023

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. CVE-2023-49103 – The vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL.

Surveillance 96

Surveillance Software Engineering Passwords 96

SecureWorld News

OCTOBER 19, 2021

One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). According to Google’s TAG blog, APT35 have been active since at least 2017, including attacks on the 2020 U.S. Read Google's official TAG blog to learn more about the technical details.

Phishing 69

Phishing Authentication Social Engineering Government 69

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, SAP Security Note #3413475 , tagged with a CVSS score of 9.1, SAP Security Note #3412456 , tagged with a CVSS score of 9.1, The HotPriority Notes in Detail SAP Security Note #3411869 , tagged with a CVSS score of 8.4, HTTP/1 is not affected.

Internet 52

Internet Internet Marketing Technology 52

Security Boulevard

FEBRUARY 20, 2023

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles are following you.

Government 52

Government 52

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing 89

Phishing Hacking Government VPN 89

Krebs on Security

DECEMBER 4, 2019

x, sharing a video showing how the device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on). Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

Engineering 195

Engineering Encryption 195

Hacker's King

JUNE 29, 2023

The feature lets you send high-resolution media files within the app without reducing their quality. Open the WhatsApp Beta app listing and tap the Update button. After updating the app, open it on your smartphone and select the chat where you want to share photos in HD. The image will be sent to the chat with an HD tag.

Media 52

Media 52