We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional…
Read MoreAs part of our 2013 predictions, we predicted that legitimate cloud services would be abused by cybercriminals. Unfortunately, that has proven to be the case – and in today’s current climate, it is unlikely to get any better. For example, last week we saw a spam run that used Dropbox to host its malicious payload. It’s not…
Read MoreThe past few weeks have seen some very high-profile sites adopt two-factor authentication in one form or another. First was Twitter, followed soon by Evernote and Linkedin. For users of these sites, these represent a welcome improvement to their security. In the event that their password is (somehow) compromised, an attacker faces another barrier before…
Read MoreWith its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote…
Read More