The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

Introducing Check Point vSEC for Google Cloud Platform

 
Cloud Security Puzzle – Solved! If you are deploying workloads (like web servers) or migrating back office apps into Google Cloud Platform (GCP), you will be happy to know that you can now do it securely in a turn-key way without sacrificing the agility & business elasticity provided by GCP. Check Point’s vSEC cloud security solution delivers advanced security that is virtually built into the Google environment using Google’s APIs. Together, Google and Check Point enable a multilayer security solution that comprehensively protects customers’ assets and data in the cloud with advanced threat prevention security. Why do we really need another security layer? While the ...

Choice, Flexibility and Advanced Security – Now with Google Cloud Platform

 
As a general rule of thumb, it has been a long accepted strategy in IT to avoid vendor lock in, or trusting too much in a single equipment provider that you get stuck because changing to another vendor would be too costly or inconvenient. This is especially true with public cloud providers, and fear of vendor lock in is often cited as a major road block to further cloud adoption. So how do you eliminate the risks of putting all your IT eggs in a single virtual network basket? One approach to solving this dilemma is a multi-cloud strategy. A multi-cloud approach provides benefits beyond simply eliminating financial risk; it can also help businesses redefine their software ...

Gartner Recognizes the Importance of Mobile Threat Defense

 
HummingBad. Stagefright. QuadRooter. Mobile malware and vulnerabilities have been making headlines well over the past year, and attacks are becoming a more common way for cybercriminals to steal sensitive data. We believe this trend – one that our research team encounters daily – is illustrated in the Gartner Market Guide for Mobile Threat Defense Solutions.* This rise in the sophistication and volume of mobile malware and continued exposure to unknown vulnerabilities demonstrates how Android and iOS devices simply aren’t secure on their own. The Mobile Threat Defense Market is Growing Rapidly Mobile malware and vulnerabilities aren’t all that different than their cousins ...

Security Disclosure: Google’s iOS Gmail App Potential Target for Threat Actors

 
As part of our ongoing research into Apple’s iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. Secure  Mobile Communications 101 In general, secure communications rely on encryption, i.e. SSL, between an app and the back-end server to prevent prying eyes from seeing into content during transmit. The problem with using just SSL is that a threat actor can impersonate the back-end server ...