Android trojan attacks PayPal

-
I have to believe that mobile security will be a bigger and bigger issue going forward.  This trojan uses the accessibility features and bypasses even 2 factor. 

https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

Comments

Post a Comment

Popular posts from this blog

2021 Week 17-18 Security Roundup

-
  Summary Spent a week driving around the western US then had to get caught up with work and school, so didn't have the time nor ability to post an update.  Here is what has happened over that time frame. For such a long time period there really is not too much actual news.  In my scanning of sites, it appears that the focus has returned to financial sectors and work from home attacks.  One of the things I have noted over the years is that these things tend to be cyclic, which could indicate that there is some dark web coordination that security practitioners are not yet privy to (though nation-state experts might be).   News Washington D.C. police server hacked by Russian group A Russian hacking group named Babuk posted screenshots that seek to prove that they have accessed several databases by the Washington D.C. police department.  The group left a text document on their network outlining how to pay the ransom to get locked files back and to bribe t...
Read more

2021 Week 30 & 31 Security Roundup

-
 Summary There was almost no news last week and my day job and personal life meant little time to write summaries so this week we have a larger release.  This includes a disinformation campaign launched against several agencies.  We also had a lot of information about the growing war using operational technology devices to disrupt infrastructure and potentially cause physical harm. There was also some news of municipal breaches.  Finally, we had several bills that were passed or discussed this week. News Disinformation Campaigns in the spotlight I have been sitting on this partially because some of it came from a restricted briefing and some because I was unsure how much was conjecture and how much was based on hard intelligence.  That being said:  More and more "influencers" are coming forward with information about an "influencer marketing agency" by the name of Fazze.  These people were asked to push an anti-vax agenda on their channels and were pro...
Read more

Password security

-
Image
One of the constant challenges of those of us who create, teach, or enforce passwords and their policies for use is the protection of the password.  I have given talks that try and disuade organizations against making uses change passwords all the time because the tendency is to then write them down.  Here is a classic example of what I see every day.  Now, thanks to AP photographer Jennifer Sinco Kelleher ( https://twitter.com/JenHapa?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor ) everyone else in the world also gets to see it:
Read more