Archive
Hackers have breached 60 ad servers to load their own malicious ads | ZDNet
Imagine running your web server for little or money and putting up with some ads (don’t look down, DON’T LOOK DOWN 🤓) only to find that one of the visitors to your site gets pwned because of an ad like one of these?
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Developers Network Behind Android Apps With 69M+ Installs Unveiled
Ever wonder why someone would spend time creating software for your cellphone…for FREE? I mean most of us would install an app with ads enabled rather than pay for the software but these guys may have actually created software to steal your data. This post lists the group by name and you are advised to remove apps that have been created by any of this group.
Want to learn how to counter Mobile App Risks?
In what seems like a comprehensive list of the OWASP Mobile top 10, this blog entry from AppSealing brings you a great article about what developers need to worry about to protect your mobile apps.
AppSealing is an app-wrapping approach to protecting your mobile application and is a great approach to solve many issues after you have developed your app. You can look at it as an emergency curbside tire inflation kit. Nice to have and not need than need and not have.
It might be better to find a cure instead of just treating the symptom. If you can, make use the risks identified in this blog to effect design changes to your app to avoid many of these vulnerabilities from occuring.
Review this post to become aware of the many issues that plague mobile developers.
Great news for all you iOS hackers!
You can now sideload unverified apps on iOS without Jailbreak or revokes. Anyone who thought that iOS was more secure than Android is going to learn the hard way. MDM rules are going to need to really clamp down on malicious apps.
What is Windows Virtual Desktop? – The Redmond Cloud
Can it be that MS has learned from all of that RDP vulnerability and come up with a novel way to enable VDI for us all?
OWASP Mobile Top 10: Comprehensive Guide To Counter Mobile App Risks
Here is a great article about the specific risks that mobile apps face. Learning about the attack surface of your mobile applications can help your organization plan how to avoid breach – https://www.appsealing.com/owasp-mobile-top-10-a-comprehensive-guide-for-mobile-developers-to-counter-risks/
U.S. Government: Update Chrome 80 Now, Multiple Security Concerns Confirmed
If you use webaudio in a browser like Chrome, you should be interested to learn that three severe vulnerabilities are being fixed and all you have to do is upgrade your Chrome!
Whether you use WebAudio or not, if someone sends you a link to a site that has one of these vulnerabilities, you are probably already pwned.
The details are being held back but you can read more in the announcement here…
Incident Notification
It is very sad to report another breach for the Marriot chain of hotels. Read more about it here https://mysupport.marriott.com/
Security Analyst - Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH 