Tag Archive for: Web’

Android App Trojans Sold on Dark Web for $25-$20,000

/in


Researchers analyzed both clear and dark web hacking forums and discovered that Russian language threat actors are particularly interested in buying and selling these exploits.

The Google Play app store’s security mechanisms are being compromised by cybercriminals who are developing tools to trojanize Android apps and sell them on underground cybercrime marketplaces.

A recent blog post from cybersecurity firm Kaspersky, published on April 10th, 2023, revealed findings from an extensive study of Clear Net and Dark Web forums, highlighting the vulnerabilities in app store security – Most of these forums are Russian speaking.

The blog post stated that despite the vetting process for software uploaded to Google or Apple app stores, no security solution can be considered 100% foolproof. Every scanning mechanism has inherent flaws that can be exploited by threat actors, allowing them to upload malware to Google Play.

Researchers at Kaspersky monitored activities between 2019 and 2023 and found a thriving market on the Dark Web for buyers and sellers exchanging access to app developer accounts, infected Android apps, and botnets, with prices ranging from a few hundred to several thousand dollars.

One of the methods used by attackers to infect apps with malware involves uploading a harmless app to the app store to gain approval and attract a large number of users. Once the app is approved, the attackers release an update to the app that contains malicious code.

Another method is compromising legitimate app developers by hijacking their accounts and infecting existing apps with malware. Weak password policies and lack of two-factor authentication (2FA) make these accounts easy targets for cybercriminals.

Credential leaks are also used to obtain login details to breach accounts and corporate development systems. Kaspersky researchers found that access to a Google Play account can be purchased for as little as $60, while more lucrative accounts, services, or tools come with a higher price tag.

Loaders, which deploy malicious code into Android apps, are particularly sought-after products on the Dark Web marketplace, with prices ranging from $5,000 to…

Source…

Jamf bolsters student security with web protection now on Chromebook

/in


Jamf has announced that Jamf Safe Internet, a comprehensive content filtering and web security solution optimised for education, is now available on Chromebook.

Jamf Safe Internet is designed to help schools protect students from harmful content on the internet, inappropriate websites and phishing attacks, while also allowing admins to enforce acceptable-use policies in a seamless way, according to the company.

Keeping students safe

Jamf Safe Internet is designed to ensure that students have a safe and secure online learning environment from the moment they unbox their device, the company states.

With Jamf Safe Internet, admins are able to enforce acceptable-use policies without sacrificing the learning experience by offering:

  • Content Control in One Click: Jamf Safe Internet allows teachers and IT admins to customise and create the level of content control that fits each class and can prevent harmful and inappropriate content from reaching student devices. This protection is powered by Jamf’s content filtering and web-based threat prevention technologies.

  • Support for Google Services: Jamf Safe Internet can now enforce Google SafeSearch and YouTube Restricted Mode, ideal for schools leveraging Google products for learning experiences.

  • Streamlined Console: Jamf Safe Internet delivers a streamlined administrative console with workflows built specifically for schools. When Jamf Safe Internet is enabled, students log in to a Chromebook with their Google Workspace for Education account and immediately have group or age group specific browsing policies applied.

  • A Continued Commitment to Protecting Privacy: Jamf’s privacy-friendly approach provides a safe online environment for students of all ages while offering schools enough information to protect students. Jamf is committed to maintaining compliance with all applicable privacy regulations and has signed the Student Privacy Pledge, highlighting its commitment to protecting the information of students, parents and teachers in schools.

Continued partnership with Google

Jamf Safe Internet for Chromebook is just the latest in security innovations brought to market by Jamf and Google. As part of the Google…

Source…

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

/in


API security is a ‘great gateway’ into a pen testing career, advises specialist in the field

Most web API flaws are missed by standard security tests - Corey J Ball on securing a neglected attack vector

INTERVIEW Securing web APIs requires a different approach to classic web application security, as standard tests routinely miss the most common vulnerabilities.

This is the view of API security expert Corey J Ball, who warns that methods that aren’t calibrated to web APIs can result in false-negative findings for pen testers.

After learning his craft in web application penetration testing in 2015 via hacking books, HackTheBox, and VulnHub, Ball further honed his skills on computers running Cold Fusion, WordPress, Apache Tomcat, and other enterprise-focused web applications.

Read more of the latest interviews with industry experts

He subsequentially obtained CEH, CISSP, and OSCP certificates before eventually being offered an opportunity to help lead penetration testing services at public accounting firm Moss Adams, where he still works as lead web app pen tester.

Recently focusing more narrowly on web API security – a largely underserved area – Ball has launched a free online course on the topic and published Hacking APIs: Breaking Web Application Programming Interfaces (No Starch Press, 2022).

In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our applications.

Attractive attack vector

The past few years have seen accelerating adoption of web APIs in various sectors. In 2018, Akamai reported that API calls accounted for 83% of web traffic.

“Businesses realized they no longer need to be generalists that have to develop every aspect of their application (maps, payment processing, communication, authentication, etc),” Ball says. “Instead, they can use web APIs to leverage the work that has been done by third parties and focus on specializing.”

API stands for application programming interface, a set of definitions and protocols for building and integrating application software.

Web APIs, which can be accessed with the HTTP protocol, have spawned API services that monetize their technology, infrastructure, functionality, and data. But APIs have attracted the…

Source…