Hackerzhome

Cybersecurity news all over the world

HACKERZHOME NEWS

February 24, 2023

Friday

Top-Rated Android Applications in the Google Play Store Have False Data Safety Labeling

“Serious gaps” that let apps deliver inaccurate or outright incorrect information have been discovered after a study into the data safety labels for Android apps available on the Google Play Store.


The 20 most popular premium apps and the 20 most popular free apps on the app store were contrasted in the survey, which was carried out by the Mozilla Foundation as part of its *Privacy Not Included project.


Based on differences between the applications’ privacy rules and the data they self-reported on Google’s Data safety form, it was discovered that the labels were inaccurate or misleading in about 80% of the apps analyzed.


League of Stickman Acti, Terraria, and UC Browser – Secure, Fast, and Private all have blank spaces in their data safety sections. Just six of the 40 apps got an “OK” rating.


Google started putting out a new Data safety section on the Play Store last year that details the privacy and security policies of the apps.

The company created it as a response to Apple’s app privacy labeling, which went into force in December 2020.


However, there are some crucial differences. Apple’s labels emphasize what data is being collected, including those that are collected for tracking purposes as well as information that’s linked to the users.

NEWS 1
Top-Rated Android Applications in the Google Play Store Have False Data Safety Labeling

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Hackers are deploying evasive cryptocurrency mining malware using trojanized macOS apps.

Evasive bitcoin mining malware is being installed on macOS devices via trojanized copies of trustworthy software.

The XMRig currency miner was used by means of an unlawful modification of Apple’s video editing program Final Cut Pro, according to Jamf Threat Labs, which discovered the discovery.

The Invisible Internet Project (i2p) is used by this virus to download malicious components and transfer mined bitcoin to the attacker’s wallet, according to a report from Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley.

Trend Micro spotted an earlier edition of the campaign in a report released exactly one year ago. They noted that the virus used i2p to conceal network activity and speculated that it may have been distributed as a DMG file for Adobe Photoshop CC 2019.

The Apple device management company said that the earliest uploads to Pirate Bay, the source of the crypto-jacking apps, date back to 2019.
As a consequence, three malware generations that show the development of the campaign’s sophistication and stealth were found, with the first ones being noticed in August 2019, the second in April 2021, and the third in October 2021, respectively.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news:

February 24, 2023 /

Friday

Hackerzhome News

2

Have you heard?
Apple’s IOS, IPadOS, MacOS, And Safari Are Under Attack From A New Zero-Day Flaw. Apply The Patch Now know more!

A brave browser prevents "open in app" requests and pool party attacks

A brave browser prevents "open in app" requests and pool party attacks

The privacy-focused Brave browser will begin preventing annoyances like “open in app” prompts and will have improved pool-party attack defenses in its next major release.c

The purpose of intrusive “open in app” pop-ups is to direct users to a location where the browser’s privacy protection mechanisms are not in effect, allowing the app developer to freely collect a large amount of user data.

Beginning with version 1.49 for Windows and Android (it is currently available on iOS), Brave will prevent this irritation, enabling users to browse the web without interruptions.

By deactivating “Fanboy’s Mobile Notifications List” under the custom and regional filters in the settings menu, users can turn off the service.
Protections against “pool-party” attacks, which try to constantly track users by leveraging characteristics in the implementation of browser functionality, will also be included in Brave in version 1.49.

A pool party assault can assist attackers in following their targets’ online browsing habits. To build side channels that enable tracking and get beyond privacy safeguards in browsers, they need constrained shared resources, or “pools.”

NEWS 3

Forsage DeFi platform creators are accused of defrauding $340 million.

Forsage DeFi platform creators are accused of defrauding $340 million.
NEWS 4

Four Russian nationals who founded the Forsage decentralized finance (DeFi) cryptocurrency investment platform have been accused by a federal grand jury in the District of Oregon of allegedly running a global Ponzi and pyramid scheme that garnered $340 million.

Forsage was advertised as a “smart contract system” that doesn’t require manual withdrawal requests and automatically distributes profits to investors based on an algorithm.

The project made several promises, including complete decentralization, peer-to-peer transactions, no owner or administrator, zero danger of scams or unexpected shutdowns, and no involvement from companies or third parties.

The defendants, Vladimir Okhotnikov, Olena Oblamska, Mikhail Sergeev, and Sergey Maskalov, are accused of spreading false information about Forsage-related investment and business prospects through aggressive fraudulent social media marketing.

The defendants created and deployed smart contracts on Forsage that, in essence, systematized a combination of Ponzi and pyramid schemes on the Ethereum, Binance Smart Chain, and Tron blockchains in place of a genuine investing system.

TELUS is looking into the theft of source code and employee data leaks.

The second-largest telecom company in Canada, TELUS, is looking into a possible data breach after a threat actor posted samples of what seems to be employee data online.

After that, the threat actor published screenshots that appear to show the company’s payroll data and secret source code repositories.

TELUS continues to monitor the potential situation but has not yet discovered any proof that corporate or retail customer data has been compromised.

On February 17, a threat actor advertised what they claimed to be TELUS’ employee list on a site dedicated to data breaches. The list included names and email addresses.

The repositories contain the source code, testing apps, staging/production/testing, Amazon keys, frontend, middleware [information], and more. posts the seller’s most recent message.

The vendor also bragged that the company’s “sim-swap-API,” which is supposed to allow attackers to conduct SIM swap attacks, was included in the stolen source code.

Despite the threat actor calling this a “FULL breach” and stating that they will sell “anything related with Telus,” it is still too early to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

TELUS is looking into the theft of source code and employee data leaks.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at admin@hackerzhome.org or fill out this contact form.

Share this news: