Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Mobile’ Category




    Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs—Google Wallet and the Chinese payment platform Alipay—and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 and 3 and Alipay SDK 1.0. We have notified the developers of these findings. As of this writing, Alipay has patched the vulnerability. Meanwhile, Google is ...

    Posted in Mobile, Vulnerabilities |



    Security researchers from Bluebox Labs recently uncovered a vulnerability that may allow malicious apps to impersonate legitimate ones. This vulnerability, dubbed as “FakeID,” is involved with the checking of certificate signatures to prove the legitimacy of applications. What makes this highly notable is that all Android devices running on platforms starting from Android 2.1 (“Éclair”) to 4.4 (“KitKat”) are affected by this vulnerability. Certificates and Signatures Android applications must be “signed” before they are published and released for installation. Signing apps ...

    Posted in Mobile, Vulnerabilities |



    We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface.  This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft. Spotify quickly responded to our discovery by fixing the flaw in the 1.1.1 version of the app. Users are encouraged to make sure they are using the ...

    Posted in Mobile, Vulnerabilities |



    We have previously discussed an Android vulnerability that may lead to user data being captured or  used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional controls to protect user data in Evernote for Android 5.8.5. Android users who are running versions below 5.8.5 should update to the latest version. The Content ...

    Posted in Mobile, Vulnerabilities |



    Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security and privacy protection apps. One of the ways to protect smartphone data is by using "file locker" apps. As the name implies, these apps can be used as storage ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice