Forwarded from BlackBox (Security) Archiv
BeautyFraud-Appendix-A.pdf
42.5 KB
The Beauty and the (Fraud) Beast
White Ops Threat Intelligence and Research Team June 2020
👉🏼 List (pdf) of fraudulent picture editing applications:
https://www.whiteops.com/hubfs/BeautyFraud-Appendix-A.pdf
#pdf #fraudulent #picture #editing #applications #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
White Ops Threat Intelligence and Research Team June 2020
👉🏼 List (pdf) of fraudulent picture editing applications:
https://www.whiteops.com/hubfs/BeautyFraud-Appendix-A.pdf
#pdf #fraudulent #picture #editing #applications #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Beware of Applications Misusing Root Stores
We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store to be used for server authentication (TLS) and for digitally signed and encrypted email (S/MIME). Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. With the goal of improving the security ecosystem on the internet, below we clarify the correct and incorrect use of Mozilla’s root store, and provide tools for correct use.
....(....)
Misuse of Root Stores: We have been alerted that some applications are using root stores provided by Mozilla or an operating system (e.g. Linux) for purposes other than what the root store is curated for. An application that uses a root store for a purpose other than what the store was created for has a critical security vulnerability. This is no different than failing to validate a certificate at all.
https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/
#mozilla #root #store #applications
📡 @nogoolag 📡 @blackbox_archiv
We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store to be used for server authentication (TLS) and for digitally signed and encrypted email (S/MIME). Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. With the goal of improving the security ecosystem on the internet, below we clarify the correct and incorrect use of Mozilla’s root store, and provide tools for correct use.
....(....)
Misuse of Root Stores: We have been alerted that some applications are using root stores provided by Mozilla or an operating system (e.g. Linux) for purposes other than what the root store is curated for. An application that uses a root store for a purpose other than what the store was created for has a critical security vulnerability. This is no different than failing to validate a certificate at all.
https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/
#mozilla #root #store #applications
📡 @nogoolag 📡 @blackbox_archiv
Mozilla Security Blog
Beware of Applications Misusing Root Stores
We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store ...
Transparency in App Analytics: Analyzing the Collection of User Interaction Data – Arvix
#MobileData #Applications
#Android
The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data#MobileData #Applications
#Android