Information

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms Social media sites are a near-bottomless source of information that almost anyone can use for security and intelligence research, as well as for marketing campaigns. The platforms allow anybody to learn more about other people, their interests, experiences and affiliations, while organizations can easily scour the sites to gain insights…

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The application programming interface (API) is an unsung hero of the digital revolution. It provides the glue that sticks together diverse software components in order to create new user experiences. But in providing a direct path to back-end databases, APIs are also an attractive target for threat actors. It…

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down), and given that the master password to your password manager is pretty much the key to your whole digital castle,…

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys They hacked into corporate emails, stole money from people and businesses, and tricked others into transferring the loot. Nigerian nationals Solomon Ekunke Okpe and Johnson Uke Obogo ran a sophisticated fraud scheme that caused up to US$1 million in losses to victims. A US court recently sentenced the duo to four years and…

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few hours of SALT’s responsible disclosure. Fortunately, the fix didn’t rely on customers downloading anything, because the patch was implemented inside…

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool This week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate it. The app, named iRecorder – Screen Recorder, was first listed in the Google Play Store in September 2021, with…