Researchers have discovered a number of malicious Android apps are using Google’s Cloud Messaging (GCM) service and leveraging it as a command and control server to carry out attacks. A post on Securelist today by Kaspersky Lab’s Roman Unuchek, breaks down five Trojans that have been spotted checking in with GCM after launching. Trojan-SMS.AndroidOS.FakeInst.a Trojan-SMS.AndroidOS.Agent.ao […]
Continue ReadingHackers have obtained a digital certificate good for any Google website from a Dutch certificate provider. Criminals could use the certificate to conduct “man-in-the-middle” attacks targeting users of Gmail, Google’s search engine or any other service. Attackers could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials. Man-in-the-middle […]
Continue ReadingGoogle’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza. Quatrini discovered that two vulnerable pages – /_/sharebox/linkpreview/ and gadgets/proxy? – can be used to request any file type, which Google+ will download and show – even if the […]
Continue Reading