#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

advertisement | Breaking Cybersecurity News | The Hacker News

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

Aug 25, 2020
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk , Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server. The malicious iOS SDK has been named "SourMint" by Snyk researchers. "The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive in
Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

Jun 04, 2019
As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which they display relevant advertisements, content, and promotions on the websites you visit. Which makes sense as no one likes to waste time in watching advertisements and offers that are not of one's interest. However, since tracking cookies gather way more information without requiring users' explicit permissions and there is no control over how companies would use it, the technique also poses a massive threat to users' online privacy. To limit this extensive tracking, Mozilla included the "Enhanced Tracking Protection" option as an experimental feature in Octo
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account

Mar 13, 2018
Nothing comes for free, especially online. Would you be okay with allowing a few paid services to mine cryptocurrencies using your system instead of paying the subscription fee? Most free websites and services often rely on advertising revenue to survive, but now there is a new way to make money—using customers' computer to generate virtual currencies. It was found that a scheduling app, dubbed Calendar 2, was embracing cryptocurrency mining in exchange for free access to its app premium features, but the developer has to take it down from the Apple App Store following reports that it's not working as intended. Cryptocurrency mining is not a new concept, but the technology has recently exploded after hackers found it a great way to make millions of dollars by hijacking computers to secretly perform cryptocurrency mining in the background without users' knowledge or consent. Due to this cryptocurrency mining has emerged as one of the biggest threats in recent mon
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Verizon to pre-install a 'Spyware' app on its Android phones to collect user data

Verizon to pre-install a 'Spyware' app on its Android phones to collect user data

Mar 30, 2017
If the death of online privacy rules wasn't enough for Internet Service Providers and advertisers to celebrate, Verizon has planned to pre-install spyware on customers' Android devices in order to collect their personal data. The telecom giant has partnered with Evie Launcher to bring a new application called ' AppFlash ' — a universal search bar that will come pre-installed on the home screens of all Verizon Android handsets for quickly finding apps and web content. AppFlash is simply a Google search bar replacement, but instead of collecting and sending telemetry data including what you search, handset, apps and other online activities to Google, it will send to Verizon. What's worse? Just like other pre-installed bloatware apps, Android users can't uninstall AppFlash quickly, unless they have rooted their phone. AppFlash allows you to search inside apps or browse through listings of nearby restaurants and entertainment. The built-in Google Search
Smart TV Maker Fined $2.2 Million For Spying on Its 11 Million Users

Smart TV Maker Fined $2.2 Million For Spying on Its 11 Million Users

Feb 07, 2017
Your government is spying on you! Businesses are spying on you! Your phone and browser are constantly spying on you! Even your TV is spying on you! Yes, you should also worry about your "smart" TV, as one of the world's biggest smart TV makers Vizio has been caught secretly collecting its consumers' data through over 11 Million smart TVs and then selling them to third-parties without the user's explicit consent. But the good news is that the home entertainment hardware maker has been fined heavily for this practice. The US Federal Trade Commission (FTC) announced on Monday that Vizio had spied on almost every customer from its Vizio smart TVs through its Smart Interactivity feature, and rather than fighting back the accusation any longer, the company has agreed to pay a $2.2 Million fine to settle the lawsuit. "To settle the case, Vizio has agreed to stop unauthorized tracking, to prominently disclose its TV viewing collection practices, and to g
'MethBot' Ad Fraud Operators Making $5 Million Revenue Every Day

'MethBot' Ad Fraud Operators Making $5 Million Revenue Every Day

Dec 20, 2016
The biggest advertising fraud ever! A group of hackers is making between $3 Million to $5 Million per day from United States brands and media companies in the biggest digital ad fraud ever discovered. Online fraud-prevention firm White Ops uncovered this new Ad fraud campaign, dubbed " Methbot ," that automatically generates more than 300 Million fraudulent video ad impressions every day. The cyber criminal gang, dubbed AFT13, has developed Methbot robo-browser that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions. The hackers, allegedly based in Russia, registered more than 6,000 domains and 250,267 distinct URLs impersonating brand and names of high-profile websites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post, and selling fake video ad slots. Cyber criminals behind Methbot are using servers hosted in Texas and Amsterdam to power more than 570,000 bots with forged IP addresses, mostly belong
Facebook Ads now Tracks you, Even if you don't have an Account

Facebook Ads now Tracks you, Even if you don't have an Account

May 27, 2016
There's nowhere to hide across the web, especially from the marketing and advertising companies. If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts. Until now, Facebook was showing targeted ads only to its users, but now the social networking giant says it needs extra data to make its ads better. Facebook announced on Thursday that the company is expanding its Audience Network , allowing publishers and developers to reach more people through Facebook advertising. To deliver interest-based Ads to its users as well as non-users alike, Facebook will now use cookies via third-party websites offering Facebook plug-ins (e.g. 'Like' button). "We've designed these updates so that we continue to comply with EU law. In particular, we reflected feedback from people who use Facebook, including a variety of privacy experts
1 Million Computers Hacked for making big Money from Adsense

1 Million Computers Hacked for making big Money from Adsense

May 17, 2016
A group of cyber criminals has infected as much as 1 Million computers around the world over the past two years with a piece of malware that hijacks search results pages using a local proxy. Security researchers from Romania-based security firm Bitdefender revealed the presence of this massive click-fraud botnet, which the researchers named Million-Machine Campaign. For those unaware, Botnets are networks of computers infected with malware designed to take control of the infected system without the owner's knowledge, potentially being used for launching distributed denial-of-service (DDoS) attacks against websites. The malware in question is known as Redirector.Paco that alone has infected over 900,000 machines around the world since its release in 2014. The Redirector.Paco Trojan infects users when they download and install tainted versions of popular software programs, such as WinRAR, YouTube Downloader, KMSPico, Connectify, or Stardock Start8. Once infected, Paco m
Facebook Offering You $1000 to Run Advertisement Against Terrorism

Facebook Offering You $1000 to Run Advertisement Against Terrorism

Feb 16, 2016
Over a past few times, we have seen a steady growth in the online recruitment of Jihadis from social networking sites by many radical groups. ISIS has topped the online recruitment, and it is the only terror group that leverages the enormous power of Twitter and Facebook to radicalize young minds, spread its message and recruit foreign supporters to its fights. Many ISIS militants maintain extremely active accounts on the popular social media platforms and have a strong presence on the most popular encrypted messaging app Telegram with more than 100,000 followers. This issue had impacted the society deeply. Recent examples include last year's Paris attack in which ISIS used some popular messaging apps to plot the attack. As the Dark Siders of social media began to turn this platform into a Terror-Picker, the White Siders of the same social media came under a single roof to declare fight against terrorism, and rage cyber war against these anti-humans. Facebook
Bye bye, Flash! Google to Ban Flash-based Advertising

Bye bye, Flash! Google to Ban Flash-based Advertising

Feb 10, 2016
Google had also joined the path of Apple, Facebook, and Youtube to kill the "Adobe Flash Player" by announcing that the company is banning Flash banner support from its Adwords Advertising platform. "To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5" Google says. It's been two decades since Adobe Flash has ruled the Web Space Animation Arena, which was the de facto standard for playing the online videos. Flash Player had been famous for Zero-day exploits which are a potential threat to online users. Even Adobe tried to maintain equilibrium by releasing a countless number of patches frequently (that got hiked), for instant reported vulnerabilities, but this had annoyed both customers and companies. The endless troubleshooting of the Flash Player plugins never resolved the vulnerabilities. To put a full stop on this issue... many major t
Twitter will now Track EVERY App You have Installed on Your Smartphone

Twitter will now Track EVERY App You have Installed on Your Smartphone

Nov 27, 2014
Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut
Malicious Google DoubleClick Advertisements Distributed Malware to Millions of Computers

Malicious Google DoubleClick Advertisements Distributed Malware to Millions of Computers

Sep 21, 2014
Cyber criminals have exploited the power of two online advertising networks, Google's DoubleClick and popular Zedo advertising agency , to deliver malicious advertisements to millions of internet users that could install malware on a user's computer. A recent report published by the researcher of the security vendor Malwarebytes suggests that the cyber criminals are exploiting a number of websites, including The Times of Israel, The Jerusalem Post and the Last.fm music streaming website, to serve malicious advertisements designed to spread the recently identified Zemot malware . Malvertising is not any new tactic used by cybercriminals, but Jerome Segura, a senior security researcher with Malwarebytes, wrote in a blog post that his company " rarely see attacks on a large scale like this. " "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura wrote. "That's
HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology
DeviantArt Malwaretising Campaigns lead to Potentially Unwanted Apps

DeviantArt Malwaretising Campaigns lead to Potentially Unwanted Apps

Jun 16, 2014
Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealer, and other variants of potentially unwanted software range into millions. It has the capability to create several different forms of itself dynamically in order to thwart antimalware programs. Users of the biggest online artwork community, DevianART with Global Alexa Rank 148, are targeted by the potentially unwanted software programs -- delivered by the advertisements on the website, Stop Malvertising reported on Sunday. A Potentially Unwanted Application (PUA) is a program that may not be intentionally malicious, but can negatively affect the performance and reliability of the system by distributing spyware or adware that can cause undesirable behavior on the computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. However, unlike malware, users themselves co
Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

Beware! Cyber Criminals Spreading Click Fraud Trojan for Making Money

May 11, 2014
Before Ransomware, Click fraud was one of the popular and efficient ways for cybercriminals to make money and with the explosive growth in the size of the online threats it is still making its way on the Internet. " Click-Fraud " is the practice of deceptively clicking on search ads with the intention of either increasing third-party website revenues or exhausting an advertiser's budget. Besides the search results, we all have seen advertisements placed in the search engine's WebPage. If the visitor clicks the Ad, the advertiser has to pay a fee to the search engine. A problem that has arisen with pay-per-click is results in Click-Fraud. The term " fraud " is used because in either case, the advertiser is paying for a click without receiving any true value. Of course, the number of clicks has to be large enough in order to gain a considerable amount of money, and in order to do that an attacker can use an automated script or malicious program to simulate multiple clicks b
Google Admits that It Reads your Emails

Google Admits that It Reads your Emails

Apr 16, 2014
Google has updated its privacy terms and conditions on Monday to offer more transparency regarding its email-scanning practices. One of the world's biggest Web internet giant, Google, made it clear that the information its users submit and share with its systems is all analyzed. Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become. But Google has long insisted that its scanning practices are outlined in its terms of service. So, finally admitting the accusation, Google has made some changes in its terms of service res a new paragraph that explains the manner in which its software automatically scans and analyzes the content of Gmail messages when they are sent, received, and stored. " Our
Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Jan 05, 2014
Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "
Cybersecurity Resources