#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Android App | Breaking Cybersecurity News | The Hacker News

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

Nov 19, 2020
GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user," Trustwave Senior Security Consultant Richard Tan said in a report shared with The Hacker News. According to Trustwave SpiderLabs, the shortcoming was spotted in version 7.91 of the app, which was released on the Google Play Store on February 18, 2020. The cybersecurity firm said it attempted to contact the app makers multiple times since August 18, 2020, without receiving a response. But checking the app's changelog, GO SMS Pro received an update (v7.92) on September 29, followed by another subsequent update, which was published yesterday. The latest updates to the app, however
Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

May 30, 2020
Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a highly popular video social platform where people upload short videos of themselves doing things like lip-syncing and dancing. The wrath faced by Chinese-owned TikTok from all directions—mostly due to data security and ethnopolitical reasons—gave birth to new alternatives in the market, one of which is the Mitron app for Android. Mitron video social platform recently caught headlines when the Android app crazily gained over 5 million installations and 250,000 5-star ratings in just 48 days after being released on the Google Play Store. Popped out of nowhere, Mitron i
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

May 12, 2020
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said. Acquired by Google in 2014, Firebase is a popular mobile application development platform that offers a variety of tools to help third-party app developers build apps, securely store app data and files, fix issues, and ev
cyber security

Guide: Secure Your Privileged Access with Our Expert-Approved Template

websiteDelineaIT Security / Access Control Security
Transform your Privileged Access Management with our Policy Template—over 40 expertly crafted statements to elevate compliance and streamline your security.
A SaaS Security Challenge: Getting Permissions All in One Place

A SaaS Security Challenge: Getting Permissions All in One Place 

May 08, 2024Attack Surface / SaaS Security
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th
Popular Period Tracking Apps Share Your Sexual Health Data With Facebook

Popular Period Tracking Apps Share Your Sexual Health Data With Facebook

Sep 12, 2019
Hello Ladies, let's talk about periods, privacy, and Facebook. Are you using an app on your smartphone to keep tracks on your periods? Well, it's worrying, because it might be sharing your extremely sensitive information like menstrual cycle and sexual activities with Facebook. A new investigative report from UK-based advocacy group Privacy International revealed how some most popular period tracker apps used by millions of women share their most private health information—including monthly period cycles, contraception use, sexual life, symptoms, like swelling and cramps, and more—directly with Facebook. These period-tracking apps, listed below, transfer your data to Facebook the moment you open them, regardless of the fact that you have a Facebook account or not, and whether you are logged into the social network platform or not. Period-tracking apps are used by women to keep tracks on their monthly period cycles, but mostly they are being used by those who want t
Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral

Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral

Sep 03, 2019
What could be more exciting than seeing yourself starring alongside your favorite actor in a movie, music video, or TV program? Yes, that's possible—well, kind of, by using a new AI-based deepfake app that has gone viral in China over this weekend, climbing to the top of the free apps list in the Chinese iOS App Store in just three days. Dubbed ZAO , the app is yet another deepfake app for iPhone that lets you superimpose your face onto actors like Leonardo DiCaprio, Kit Harrington from "Game of Thrones," and many others in video clips from their popular movies and TV shows with just a selfie uploaded by you. Developed by Chinese developer MoMo, one of China's most popular dating apps, ZAO was released on Friday (August 30) and rapidly got downloaded millions of times with users being excited about the experience for the app's realistic face-swapping videos that last for as little as 8 seconds. ZAO Deepfake Face Swap App Sparks Privacy Outcry Howeve
Cybersecurity
Expert Insights
Cybersecurity Resources