Jul 29, 2023THNAndroid / Malware A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act … [Read more...] about New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
Sensitive
Are Your APIs Leaking Sensitive Data?
It's no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization's reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica scandal to the Equifax data breach, there have been some pretty high-profile leaks … [Read more...] about Are Your APIs Leaking Sensitive Data?
Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This
Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app … [Read more...] about Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This
China’s Baidu Android Apps Caught Collecting Sensitive User Data
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users' … [Read more...] about China’s Baidu Android Apps Caught Collecting Sensitive User Data
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a … [Read more...] about Critical Jenkins Server Vulnerability Could Leak Sensitive Information
RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory
A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware.Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM … [Read more...] about RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory