Android trojan attacks PayPal

-
I have to believe that mobile security will be a bigger and bigger issue going forward.  This trojan uses the accessibility features and bypasses even 2 factor. 

https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

Comments

Post a Comment

Popular posts from this blog

Password security

-
Image
One of the constant challenges of those of us who create, teach, or enforce passwords and their policies for use is the protection of the password.  I have given talks that try and disuade organizations against making uses change passwords all the time because the tendency is to then write them down.  Here is a classic example of what I see every day.  Now, thanks to AP photographer Jennifer Sinco Kelleher ( https://twitter.com/JenHapa?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor ) everyone else in the world also gets to see it:
Read more

2021 Week 17-18 Security Roundup

-
  Summary Spent a week driving around the western US then had to get caught up with work and school, so didn't have the time nor ability to post an update.  Here is what has happened over that time frame. For such a long time period there really is not too much actual news.  In my scanning of sites, it appears that the focus has returned to financial sectors and work from home attacks.  One of the things I have noted over the years is that these things tend to be cyclic, which could indicate that there is some dark web coordination that security practitioners are not yet privy to (though nation-state experts might be).   News Washington D.C. police server hacked by Russian group A Russian hacking group named Babuk posted screenshots that seek to prove that they have accessed several databases by the Washington D.C. police department.  The group left a text document on their network outlining how to pay the ransom to get locked files back and to bribe t...
Read more

2021 Week 14 Security Summary

-
  Summary There was not a lot of activity of general interest this week.  Industrial control systems (ICS) security kind of had a spotlight on it.  ICS security is included in this blog as many local governments are responsible for power and water production and/or distribution.  Another hot topic was educational security, and I outline a couple of individual cases as well as general information. News Kansas water utility hack The DOJ announced they were inditing Wyatt Travnichek for hacking the Ellsworth Rural Water District No. 1 (AKA Post Rock Rural Water District) in Ellsworth County, Kansas In March 2019.  The DOJ is claiming that Travnichek tampered with the water purification and disinfecting systems via computers with the intent of causing harm.  If found guilty on all charges he faces 25 years in prison.  It appears that he was a former employee that had remote access privileges.  Apparently, when his employment ended in January 2019, his...
Read more