some
now browsing by tag
#cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK
Source: National Cyber Security – Produced By Gregory Evans
Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.
According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.
CNBC says that amongst the offending Android apps are the photo-editing tools Giant Square and Photofy. Presently there is no indication that iOS users are affected by the issue.
According to an advisory published by Twitter, data extracted from accounts via the use of the oneAudience SDK (which it describes as “malicious”) in a smartphone app could be used to take control of a Twitter account, although it has seen no evidence that this has occurred.
Twitter was keen to emphasise that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” and says it will be notifying users of the Twitter for Android app who may have been affected.
Furthermore, Twitter says it has “informed Google and Apple about the malicious SDK so they can take further action if needed.” I presume what they mean by that is that so Google and Apple can kick any offending apps out of their respective app stores.
In response, oneAudience has issued a statement claiming the “data was never intended to be collected, never added to [its] database and never used.”
According to the company, it “proactively” updated its SDK in mid-November so user data could not be collected, and asked developer partners to update to the new version. However, it has now announced it is shutting down the offending SDK.
Facebook meanwhile has issued a statement saying that it is taking action against not only the oneAudience SDK, but also an SDK from marketing company MobiBurn:
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.”
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
On its website, MobiBurn describes how it helps app developers generate revenue – not by placing more ads within an app, but through the “monetization of your applications’ valuable data in a safe and confidential way.”
However, in light of the revelations and action taken by Facebook and Twitter, MobiBurn says it has “stopped all its activities” until investigations are complete.
This is all very well and good, but what are users supposed to do to protect themselves?
When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.
All you can realistically do is exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
The post #cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK appeared first on National Cyber Security.
View full post on National Cyber Security
WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens
Source: National Cyber Security – Produced By Gregory Evans
A cybersecurity firm has announced hacking tools linked to the US National Security Agency are being exploited by cybercriminals. NSA-linked hacking tools are being used by cybercriminals in efforts to remotely steal money and confidential information from online banking users, according to researchconducted by cybersecurity firm Proofpoint. Proofpoint researchers discovered two different banking trojans in the wild, with computer…
The post WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit
Source: National Cyber Security – Produced By Gregory Evans
An Illinois federal judge on Monday refused to entirely dismiss a putative class action claiming some Fiat Chrysler Jeeps are susceptible to hacking, saying that the plaintiffs can continue to claim they overpaid for the vehicles. District Court Judge Michael Reagan dismissed remaining claims that possible future car hacking could…
The post Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers could take over your computer if they fragged you on some CS:GO servers
Source: National Cyber Security – Produced By Gregory Evans
An exploit in the Counter-Strike: Global Offensive Source (SDK) engine was removed in a June update, according a report from software security company One Up Security yesterday. The vulnerability allowed users in CS:GO community browser and third-party servers to hack into another player’s computer merely through killing them on a…
The post Hackers could take over your computer if they fragged you on some CS:GO servers appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Dark Web Hosting Service Hacked, Some Data Was Stolen
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans Deep Hosting — a Dark Web hosting service — admitted yesterday to suffering a major security incident during which “some sites have …
The post Dark Web Hosting Service Hacked, Some Data Was Stolen appeared first on Become007.com.
View full post on Become007.com
Computer expert: Some voting machines can be directly hacked
Source: National Cyber Security – Produced By Gregory Evans
A computer science professor told the Senate Intelligence Committee Wednesday that voting machines that create an electronic record of the voters’ decisions are open to fraud and computer hacking, vulnerabilities that are big enough to potentially change the outcome of some elections. J. Alex Halderman, professor of computer science at…
The post Computer expert: Some voting machines can be directly hacked appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Some question government’s responsibility in cyber security after latest breach
Source: National Cyber Security – Produced By Gregory Evans
This week’s news about the CIA having the ability to access cell phones didn’t come as a surprise to some. However, there are also those that are concerned about whether or not withholding that information from tech companies is safe …
The post Some question government’s responsibility in cyber security after latest breach appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Meridian Police warn there are some apps parents shouldn’t allow their kids to have
MERIDIAN, Idaho – Lake Hazel Middle Schoolers are learning a valuable lesson outside the classroom. They’re working to make a friendship tree to show kindness to others.
“I’m hoping they learn kindness can go a long way if they are kind to each other, we have a better school environment,” said Jenna Lowman the counselor at Lake Hazel Middle School.
And in this digital age of bullying, kindness is quickly forgotten.
“Parents have no idea when you give this smart device to your kid, that it can get them into danger very quickly,” said School Resource Officer David Gomez of the Meridian Police Department.
View full post on Parent Security Online