Mobile Security
A Practical Guide to OWASP MASVS v2.0 – Its Evolution and Implementation
What is OWASP MASVS? The OWASP (Open Worldwide Application Security Project) MASVS (Mobile Application Security Verification Standard) is a valuable resource for mobile app developers seeking to improve the security posture of ...
Did Russia Hack Poland’s Trains? MSM Says Yes, but … Well, You Decide
Train Phreaking: It depends what you mean by “hack” (and by “Russia”) ...
Mobile Malware Analysis Part 2 – MasterFred
In this sequel, we dive into the enigmatic maneuvers of MasterFred, a notorious malware exploiting Android Accessibility services for its nefarious objectives. Beyond financial breaches, MasterFred infiltrates social networks and vital services ...
Attack on Kroll Puts a Spotlight on SIM Swapping
Three cryptocurrency firms undergoing bankruptcy restructuring sustained data breaches after an employee at risk advisory firm Kroll recently fell victim to a SIM swapping scam, an attack technique that doesn’t get the ...
Kroll Employee SIM-Swapped for Crypto Investor Data
Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services ...
Gmail Adds Extra Checks, Thwarting Sneaky Hackers
Sensitive actions such as forwarding to be protected by extra 2FA step ...
By Following the Crypto, Cyfirma Identifies Developer Behind CraxsRAT
The person responsible for developing the dangerous CraxsRAT malware that targets Android devices has been operating in Syria for more than eight years and has accumulated at least $75,000 over the last ...
Mobile Malware Analysis Part 1 – Leveraging Accessibility Features to Steal Crypto Wallet
Introduction Hi Everyone! Welcome to the first part of the blog series based on Mobile Malware Analysis where we will deep dive into the world of mobile malware, exploring its capabilities and ...
FBI: New Brand Spoofing Vector – Mobile App Beta-Testing Services
The FBI warns that fraudsters have begun mimicking legitimate mobile apps, injecting them with malicious code, and then distributing them through mobile beta-testing app services. Attackers’… ...
OWASP Updates Top 10 API Security Risks
OWASP recently updated its API Security Top 10, which describes the top risks inherent in insecure APIs ...