Trends come and go in the hacking world. A few years ago, stealing credit card numbers was the crime of choice for most of the hackers out there. They’ve since begin to gravitate toward health related information. The two big trends in 2020 were the rampant increase in ransomware attacks against companies of all shapes and sizes and the preference of hackers to focus on identity theft.
Both of these crimes saw huge increases last year, but the number of identities stolen last year reached a mind-boggling record of 1.4 million in 2020, which is more than double the number reported in 2019. While there are a number of different factors that have fed into this trend, the biggest and most influential one seems to be the ongoing pandemic, which has created a whole raft of opportunities for hackers to exploit.
The government’s Paycheck Protection Program has created a confusing maze that can be hard for some out of work people to navigate. The hackers and scammers of the world are only too happy to insert themselves in the process, offering assistance as a ruse to gain personal information.
In a similar vein, with tens of millions of people out of work and state unemployment systems struggling under the strain, there have been delays in getting benefits that sometimes span months. Again, this raises legitimate questions which hackers and scammers are only to happy to pretend to answer. They use social engineering techniques and pretend to offer assistance in getting needed benefits more quickly, only to steal the target’s identity.
Given this, the IRS has recommended that all taxpayers at least consider taking the time to establish an Identity Protection PIN when filing their taxes this year. This is essentially a form of two factor authentication that will help ensure that if you’re due a refund from the IRS, someone who has stolen your identity won’t file taxes on your behalf and steal it from you.
It’s sound advice but sadly, this won’t be the last threat we’ll need to be mindful of in the months ahead. Stay vigilant out there.
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users’ mailboxes for personal gain.
“The employee was one of three system administrators with the necessary access rights to provide technical support for the service,” Yandex said in a statement.
The company said the security breach was identified during a routine audit of its systems by its security team. It also said there was no evidence that user payment details were compromised during the incident and that it had notified affected mailbox owners to change their passwords.
It’s not immediately clear when the breach occurred or when the employee began offering unauthorized access to third-parties.
“A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures,” the company said. “This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.”
Insider Threats Continue to Hit Companies
This is not the first time insider threats have plagued tech companies and resulted in financial or reputational damage.
Last month, Telesforo Aviles, a 35-year-old former Dallas-based ADT technician, pled guilty to computer fraud and invasive visual recording for repeatedly breaking into cameras he installed and viewed customers engaging in sex and other intimate acts. He was terminated from the firm in April 2020.
In December, former Cisco engineer Sudhish Kasaba Ramesh, 31, was sentenced to 24 months in prison for deleting 16,000 Webex accounts without authorization, costing the company more than $2.4 million, with $1,400,000 in employee time and $1,000,000 in customer refunds.
In October last year, Amazon fired an employee for sharing customers’ names and email addresses with a third-party.
And in November 2019, cybersecurity firm Trend Micro revealed that a rogue employee sold the data of 68,000 customers to malicious cybercriminals, who then used that data to target customers with scam calls by posing as Trend Micro support personnel.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this malware, but since then, a representative from LavaBird reached out to us. They claimed it was not them who was responsible for uploading malicious versions of Barcode Scanner, package name com.qrcodescanner.barcodescanner, but an account named “The space team.”
Upfront, we must also say that though we attempted to reach “The space team” when writing this story, we received no response.
Here, we will show the evidence of the case presented by LavaBird.
LavaBird pleading its case
Below we have the original message from LavaBird from February 10, 2020. We have provided minor editing to conceal and remove sensitive information:
“Good day.
We have read the article and are outraged no less than you. We were the intermediary between the seller and the buyer in this situation.
And the application was transferred to the account “The space team”
Herewith the following account details:
Here is their official email (as listed in Google Play) – digitalapp@yahoo.com
We have written them a letter so they should remove their Google Play account.
Also, we reported that account and app to Google.
Lavabird LTD develops and sells applications, and sometimes we buy and sell applications.
The update that we published from our account was made by the buyer to verify the key and password from the application.
The buyer was given access to the Google Play console of this application and he updated it himself. After that in a week, we transferred an application to buyer Google Play account – it was 7th of December.
We attached a screenshot, from our developer computer the app is visible – probably because he still has got Barcode app on his device. The app is unpublished, probably, since, for people, who do not have the app installed, you can see only “We’re sorry, the requested URL was not found on this server.”
We are very sorry that the application has become a virus, for us it is not only a blow to our reputation.
We hope users will remove the app with a virus from their phones.
We ask you to change the name of the developer to the real “The space team” and attach actual screenshots if needed.
Regards LAVABIRD LTD”
Transferring of ownership
Let’s start with LavaBird’s claim of transferring ownership to The space team on December 7th, 2020. To verify LavaBird’s claims, we search for our own cache Google PLAY webpage of the Barcode Scanner with The space team as owner. Although we’ve included screenshots from the Italian version of the site, here is evidence of ownership to The space team of Barcode Scanner on the date of transfer, December 7, 2020:
Although this may be true, this raises another question. Why did we find evidence of LavaBird being the owner during our last blog prior to the transfer date? The screenshot from our last blog is December 4, 2020:
Was the malware code really added on December 7, or did it exist before? Did we make a mistake of accusing the wrong developer? Further investigation was needed to verify. Thereupon, we turn to third-party app stores that grab APKs from Google Play the date they upload to Play. Keep in mind these types of app stores do not scan APKs for malware like Google Play does. We assume this is due to them trusting Google Play to do that job in advance. Thus, if malware is later revealed to have gotten onto Google Play, third-party app stores do not remove the APKs from their sites. In other words, use third-party app stores at your own risk. (But for purposes of grabbing old versions of apps, malware versions and all, third-party app stores are great.)
The following shows our findings of analyzing multiple versions of Barcode Scanner, package name com.qrcodescanner.barcodescanner, from third-party app stores. The first version containing malware is Barcode Scanner v1.67. The timestamp is November 28, 2020, before the transfer. Grabbing yet another cache Google Play webpage, we prove that v1.67 ownership belonged to LavaBird LTD at that time:
Furthermore, analyzing Barcode Scanner v1.68, the one in our last blog’s screenshot, we prove it contains malware as well. Hence, our accusation is true. LavaBird is indeed the owner during the time of infection. We then went on to analyze the previous version of Barcode Scanner–v1.62–from August 11, 2020. Lo and behold, this version is clean. This is how we can conclude that the infection starts with Barcode Scanner v1.67.
Clarifications from LavaBird
With many unanswered questions, it was time to reach out to LavaBird. I would like to state upfront that LavaBird was quick to respond to all inquiries and proved very helpful during this process.
The transfer to LavaBird
LavaBird stated originally, “We were the intermediary between the seller and the buyer in this situation.” Not being the original developer, LavaBird was transferred ownership of Barcode Scanner on November 23, 2020.
It is important to note that we were unable to find any cache Google Play webpages to find the previous owner but we can verify that previous app versions did exist based off third-party app store data.
Transferring of keys
The big question for LavaBird is this: If “The space team” is the bad actor here, why is the that first version of Barcode Scanner that contains malware, v1.67, lists its ownership to LavaBird?
LavaBird explains:
“To verify the authenticity of the app signing key and password, we gave them (The space team) the option to update the app. As soon as they were convinced of the correctness of the keys, the transaction took place on December 7, the application was transferred to their account.”
The quoted “app signing key” needs some explaining. App signing is setup via Google Play when an app developer first creates an app and wants to upload it onto the digital store. In this process, Google assigns them a keypair. The keypair comes with a public key and a private key.
Every app that is installed from Google Play onto a mobile device is signed with a public key. When an app developer uploads a newer update of the app to Google Play, they sign it with the assigned private key. This is due to the fact that mobile devices will only accept an update of an already installed app when its public key matches the private key. This is done to prevent others from uploading a malicious version of your app to Google Play with a different private key. For this reason, transferring of the app’s signing key when transferring ownership of the app is a legitimate part of process. Therefore, the request by “The space team” to verify that the private key works by uploading an update to Google Play seems plausible.
Updating the analytics
LavaBird went to on to explain:
“We also agreed to update the app with their analytics (according to them it was just analytics) for half of the sum, before transferring the application.
Our agreement included the conditions that they would check the operation of the application with their analytics, as you can see there were 2 updates. One on November 27 and another on December 4. All updates were made by them. We were in the process of selling the application, so we tested the application only manually.”
Now we know the second reason for the updates is for “The space team” to modify the analytics code. Note that every Android app has some type of analytics in the code which gathers simple data points. Nothing unusual there. Looking at the code of Barcode Scanner versions for myself, there certainly is modification to the analytics code. However, during this same time period is when the adding of the malicious code occurred.
Keep in mind that allowing a developer to modify code, even analytics, before transferring is not common practice. When asked why they did not check the code themselves before allowing the update they replied:
“Usually we do not check the code, because the application will go to another publisher and if he makes mistakes, then it will be a minus for him and not for us.”
LavaBird continued, stating, “We are very sorry that this did not arouse suspicion, again, we thought that the application would be on their account soon and it would not affect us … We were very wrong.”
I also went on to ask if there was any research done on “The space team” to verify trust in them. LavaBird responded that “Unfortunately, we did not have such practice, but this lesson will remain with us for life.” LavaBird apparently found The space team as a buyer through word of mouth.
Thereafter, both updates containing malicious code on November 28 and December 4 are shown with LavaBird LTD being the owner:
It is not until December 7, the date of the transfer, that the owner shows as “The space team.”
Breaking down the timeline
For simplicity, here is a breakdown of the timeline:
August 11, 2020: Barcode Scanner v1.62 is uploaded to Google Play and is a clean version from owners prior to LavaBird LTD
November 23, 2020: LavaBird purchases a clean version of Barcode Scanner
November 25, 2020: LavaBird enters agreements with “The space team”
“The space team” claims they need to, according to LavaBird, “verify the authenticity of the app signing key and password” and “update the app with their analytics” which led to updates on Google Play
November 27, 2020: Barcode Scanner v1.67 is uploaded to Google Play with malicious code added with LavaBird shown as owner
LavaBird claims this was done by “The space team” prior to purchase, according to their agreement
December 4, 2020: Barcode Scanner v1.68 is uploaded to Google Play still containing malicious code
December 7, 2020: LavaBird transfers ownership of Barcode Scanner to “The space team”
December 7, 2020: Barcode Scanner v1.69 is uploaded to Google Play with “The space team” as the owner and still contains malicious code
Here is the timeline after the transfer to “The space team”:
December 21, 2020: Malwarebytes forum patrons first report an instance of infected Barcode Scanner
December 24, 2020: Malwarebytes for Android adds detection originally as Android/Adware.AdQR.FBG
February 10, 2020: We received the original message from LavaBird
More information about the The space team
Alright, so who is “The space team”? The only evidence of them on Google Play is from the Barcode Scanner mentioned and an app called Alarm Clock – Loud and Accurate Alarm, package name com.alarm.clock.wake.up. This app was only on Google Play briefly in December 2020, and is a legitimate, clean app. No other apps appear to exist under the developer’s name. Because there is only evidence of “The space team” existing from December 2020 to January 2021, we can only assume that the developer account was created in December 2020.
When asking LavaBird of any additional information about “The space team,” they said they “do not have any other information.”
“Also,” LavaBird added, “I think that this is not a company and they can easily create account.”
In effect, this confirmed my assumptions of them creating an account at the time of transfer. For the purpose of being fair, we did attempt to reach out to “The space team” to comment on the allegations set forth by LavaBird. They did not respond.
Here is the only information on the “The space team” that we have:
Publisher: The space team
Email: digitalapp@yahoo.com
Address: Ukraine, Krivoy Rog, Kalinina 35
Final Thoughts
From my analysis, what appears to have happened is a clever social engineering feat in which malware developers purchased an already popular app and exploited it. In doing so, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.
There is an important lesson here. To all app sellers, be weary to who you sell. If at all possible, verify their credibility. Furthermore, be skeptical if they are asking unreasonable requests such as modifying code, even analytics, before transfer.
Ultimately, I believe LavaBird’s claims. Unfortunately, LavaBird came in our crosshairs after firing off a blog about this malicious Barcode Scanner. As the evidence shows, we were in right in doing so. Regardless, now knowing the full story we apologize it led to this. We write this in hopes of clearing LavaBrid’s name.
Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or other abusive content against a known list of offenders.
These services use a number of methods to compile lists of IP addresses reputed to send spam, mostly populating them using honeypots drawing them in with “poison” email addresses to act as victims.
The SolarWinds supply chain attacks continue to play out, with new impacts and technical considerations coming to light in the headlines seemingly every day. Amidst all the helpful research into the vulnerabilities and tactics being utilized by the involved hackers, who many experts now believe to be sponsored by some form of nation-state, one particular […]
Black History Month Spotlight: Mindy Parker michelle Fri, 02/12/2021 – 14:26
Delphix is taking part in this year’s celebration of Black History Month by spotlighting members of our staff whose exemplary work furthers the mission of our company every day.
Feb 12, 2021
What personal passions bring you to Delphix?
Having worked for both very large corporations as well as small startups, I realized I liked the smaller family type atmosphere of a startup. They tend to be a lot more innovative, creative, and simply easier to navigate. I love how Delphix can maneuver quickly and change direction to meet the changing global environment. That’s something you simply can’t do in a large corporation.
What does Black History Month mean to you?
It’s a chance to see what is not normally shown. A chance to recognize the unrecognizable and a chance to say I’m not apologizing for how I was born.
Who inspires you?
My mother. She has taught me determination, fearlessness, and grit. My mother was born in rural South Carolina, and her parents were farmers. She excelled academically in high school and received a partial scholarship to attend Stillman College. During the summers, she would travel to New York City to visit her sisters and work at Saks Fifth Avenue, where she got her stellar sense of fashion. She went on to get her master’s degree from Atlanta University and worked for the IRS until she retired after 30 years of service.
Throughout her life, my mother has taught me the importance of fighting for representation and equality in society. She too participated in the civil rights protests, where she was sprayed with fire hoses and attacked. Today, she is a successful businesswoman, realtor, and the most spectacular mom, grandmother, and role model.
How does being black impact the way that you approach diversity & inclusion?
Being black in this country, you are constantly reminded that you are different and often not seen in a positive light. I’ve often heard “Oh, you speak so well.” or “You paid for your own college education?” These are examples of the assumptions that are often made about African Americans. Bringing awareness to these assumptions and learning more about each other is an important part of inclusion.
What’s your favorite mantra or quote?
Never let a win get to your head or a loss to your heart. -Chuck D
In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. All initial signs led us to believe that LavaBird LTD was the developer of this malware, but since then, a representative from LavaBird reached out to us. They claimed it was not them who was responsible for uploading malicious versions of Barcode Scanner, package name com.qrcodescanner.barcodescanner, but an account named “The space team.”
Upfront, we must also say that though we attempted to reach “The space team” when writing this story, we received no response.
Here, we will show the evidence of the case presented by LavaBird.
LavaBird pleading its case
Below we have the original message from LavaBird from February 10, 2020. We have provided minor editing to conceal and remove sensitive information:
“Good day.
We have read the article and are outraged no less than you. We were the intermediary between the seller and the buyer in this situation.
And the application was transferred to the account “The space team”
Herewith the following account details:
Here is their official email (as listed in Google Play) – digitalapp@yahoo.com
We have written them a letter so they should remove their Google Play account.
Also, we reported that account and app to Google.
Lavabird LTD develops and sells applications, and sometimes we buy and sell applications.
The update that we published from our account was made by the buyer to verify the key and password from the application.
The buyer was given access to the Google Play console of this application and he updated it himself. After that in a week, we transferred an application to buyer Google Play account – it was 7th of December.
We attached a screenshot, from our developer computer the app is visible – probably because he still has got Barcode app on his device. The app is unpublished, probably, since, for people, who do not have the app installed, you can see only “We’re sorry, the requested URL was not found on this server.”
We are very sorry that the application has become a virus, for us it is not only a blow to our reputation.
We hope users will remove the app with a virus from their phones.
We ask you to change the name of the developer to the real “The space team” and attach actual screenshots if needed.
Regards LAVABIRD LTD”
Transferring of ownership
Let’s start with LavaBird’s claim of transferring ownership to The space team on December 7th, 2020. To verify LavaBird’s claims, we search for our own cache Google PLAY webpage of the Barcode Scanner with The space team as owner. Although we’ve included screenshots from the Italian version of the site, here is evidence of ownership to The space team of Barcode Scanner on the date of transfer, December 7, 2020:
Although this may be true, this raises another question. Why did we find evidence of LavaBird being the owner during our last blog prior to the transfer date? The screenshot from our last blog is December 4, 2020:
Was the malware code really added on December 7, or did it exist before? Did we make a mistake of accusing the wrong developer? Further investigation was needed to verify. Thereupon, we turn to third-party app stores that grab APKs from Google Play the date they upload to Play. Keep in mind these types of app stores do not scan APKs for malware like Google Play does. We assume this is due to them trusting Google Play to do that job in advance. Thus, if malware is later revealed to have gotten onto Google Play, third-party app stores do not remove the APKs from their sites. In other words, use third-party app stores as your own risk. (But for purposes of grabbing old versions of apps, malware versions and all, third-party app stores are great.)
The following shows our findings of analyzing multiple versions of Barcode Scanner, package name com.qrcodescanner.barcodescanner, from third-party app stores. The first version containing malware is Barcode Scanner v1.67. The timestamp is November 28, 2020, before the transfer. Grabbing yet another cache Google Play webpage, we prove that v1.67 ownership belonged to LavaBird LTD at that time:
Furthermore, analyzing Barcode Scanner v1.68, the one in our last blog’s screenshot, we prove it contains malware as well. Hence, our accusation is true. LavaBird is indeed the owner during the time of infection. We then went on to analyze the previous version of Barcode Scanner—v1.62—from August 11, 2020. Lo and behold, this version is clean. This is how we can conclude that the infection starts with Barcode Scanner v1.67.
Clarifications from LavaBird
With many unanswered questions, it was time to reach out to LavaBird. I would like to state upfront that LavaBird was quick to respond to all inquiries and proved very helpful during this process.
The transfer to LavaBird
LavaBird stated originally, “We were the intermediary between the seller and the buyer in this situation.” Not being the original developer, LavaBird was transferred ownership of Barcode Scanner on November 23, 2020.
It is important to note that we were unable to find any cache Google Play webpages to find the previous owner but we can verify that previous app versions did exist based off third-party app store data.
Transferring of keys
The big question for LavaBird is this: If “The space team” is the bad actor here, why is the that first version of Barcode Scanner that contains malware, v1.67, lists its ownership to LavaBird?
LavaBird explains:
“To verify the authenticity of the app signing key and password, we gave them (The space team) the option to update the app. As soon as they were convinced of the correctness of the keys, the transaction took place on December 7, the application was transferred to their account.”
The quoted “app signing key” needs some explaining. App signing is setup via Google Play when an app developer first creates an app and wants to upload it onto the digital store. In this process, Google assigns them a keypair. The keypair comes with a public key and a private key.
Every app that is installed from Google Play onto a mobile device is signed with a public key. When an app developer uploads a newer update of the app to Google Play, they sign it with the assigned private key. This is due to the fact that mobile devices will only accept an update of an already installed app when its public key matches the private key. This is done to prevent others from uploading a malicious version of your app to Google Play with a different private key. For this reason, transferring of the app’s signing key when transferring ownership of the app is a legitimate part of process. Therefore, the request by “The space team” to verify that the private key works by uploading an update to Google Play seems plausible.
Updating the analytics
LavaBird went to on to explain:
“We also agreed to update the app with their analytics (according to them it was just analytics) for half of the sum, before transferring the application.
Our agreement included the conditions that they would check the operation of the application with their analytics, as you can see there were 2 updates. One on November 27 and another on December 4. All updates were made by them. We were in the process of selling the application, so we tested the application only manually.”
Now we know the second reason for the updates is for “The space team” to modify the analytics code. Note that every Android app has some type of analytics in the code which gathers simple data points. Nothing unusual there. Looking at the code of Barcode Scanner versions for myself, there certainly is modification to the analytics code. However, during this same time period is when the adding of the malicious code occurred.
Keep in mind that allowing a developer to modify code, even analytics, before transferring is not common practice. When asked why they did not check the code themselves before allowing the update they replied:
“Usually we do not check the code, because the application will go to another publisher and if he makes mistakes, then it will be a minus for him and not for us.”
LavaBird continued, stating, “We are very sorry that this did not arouse suspicion, again, we thought that the application would be on their account soon and it would not affect us … We were very wrong.”
I also went on to ask if there was any research done on “The space team” to verify trust in them. LavaBird responded that “Unfortunately, we did not have such practice, but this lesson will remain with us for life.” LavaBird apparently found The space team as a buyer through word of mouth.
Thereafter, both updates containing malicious code on November 28 and December 4 are shown with LavaBird LTD being the owner:
It is not until December 7, the date of the transfer, that the owner shows as “The space team.”
Breaking down the timeline
For simplicity, here is a breakdown of the timeline:
August 11, 2020: Barcode Scanner v1.62 is uploaded to Google Play and is a clean version from owners prior to LavaBird LTD
November 23, 2020: LavaBird purchases a clean version of Barcode Scanner
November 25, 2020: LavaBird enters agreements with “The space team”
“The space team” claims they need to, according to LavaBird, “verify the authenticity of the app signing key and password” and “update the app with their analytics” which led to updates on Google Play
November 27, 2020: Barcode Scanner v1.67 is uploaded to Google Play with malicious code added with LavaBird shown as owner
LavaBird claims this was done by “The space team” prior to purchase, according to their agreement
December 4, 2020: Barcode Scanner v1.68 is uploaded to Google Play still containing malicious code
December 7, 2020: LavaBird transfers ownership of Barcode Scanner to “The space team”
December 7, 2020: Barcode Scanner v1.69 is uploaded to Google Play with “The space team” as the owner and still contains malicious code
Here is the timeline after the transfer to “The space team”:
December 21, 2020: Malwarebytes forum patrons first report an instance of infected Barcode Scanner
December 24, 2020: Malwarebytes for Android adds detection originally as Android/Adware.AdQR.FBG
February 10, 2020: We received the original message from LavaBird
More information about the The space team
Alright, so who is “The space team”? The only evidence of them on Google Play is from the Barcode Scanner mentioned and an app called Alarm Clock – Loud and Accurate Alarm, package name com.alarm.clock.wake.up. This app was only on Google Play briefly in December 2020, and is a legitimate, clean app. No other apps appear to exist under the developer’s name. Because there is only evidence of “The space team” existing from December 2020 to January 2021, we can only assume that the developer account was created in December 2020.
When asking LavaBird of any additional information about “The space team,” they said they “do not have any other information.”
“Also,” LavaBird added, “I think that this is not a company and they can easily create account.”
In effect, this confirmed my assumptions of them creating an account at the time of transfer. For the purpose of being fair, we did attempt to reach out to “The space team” to comment on the allegations set forth by LavaBird. They did not respond.
Here is the only information on the “The space team” that we have:
Publisher: The space team
Email: digitalapp@yahoo.com
Address: Ukraine, Krivoy Rog, Kalinina 35
Final Thoughts
From my analysis, what appears to have happened is a clever social engineering feat in which malware developers purchased an already popular app and exploited it. In doing so, they were able to take an app with 10 million installs and turn it into malware. Even if a fraction of those installs updates the app, that is a lot of infections. And by being able to modify the app’s code before full purchase and transfer, they were able to test if their malware went undetected by Google Play on another company’s account.
There is an important lesson here. To all app sellers, be weary to who you sell. If at all possible, verify their credibility. Furthermore, be skeptical if they are asking unreasonable requests such as modifying code, even analytics, before transfer.
Ultimately, I believe LavaBird’s claims. Unfortunately, LavaBird came in our crosshairs after firing off a blog about this malicious Barcode Scanner. As the evidence shows, we were in right in doing so. Regardless, now knowing the full story we apologize it led to this. We write this in hopes of clearing LavaBrid’s name.
If you’ve been a long-time reader of this blog you may recall seeing here before that around 1999 the US government left security of critical infrastructure up to the cash-flush market (e.g. market investors in infrastructure, mainly banks) to figure out. It was like a “trickle-down” theory of big banks showering their littlest critical infrastructure … Continue reading Is “Cash Strapped” The Right Analysis of American Critical Infrastructure?→
CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Enjoy this podcast with special guest Mischel Kwon to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives…
On this week’s news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS.
Visit https://www.securityweekly.com/swn for all the latest episodes!
On this week’s news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS.
Visit https://www.securityweekly.com/swn for all the latest episodes!
On this week’s news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Our thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; which originally appeared at the group’s BSidesSF 2020 Conference, and on the Organization’s YouTube Channel. Additionally, the BSidesSF 2021 Conference will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!
Picture this. You walk into the kitchen. On the counter, is a beautiful charcoal gray plate. And right in the center of the plate is a perfectly round cookie. You are tempted, of course. You reach for the cookie, take a bite, and close your eyes in anticipation of a sweet, sinful burst of flavor, …
A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
