Skip to main content

Posts

Showing posts with the label 2023 at 11:32PM

Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China.

#iip_updates . #Information_is_Power . #we_inform_the_uninformed . Read more here https://informationispowah.blogspot.com/2023/07/two-spyware-apps-on-google-play-with-15.html in the link. Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps, namely  File Recovery and Data Recovery  (com.spot.music.filedate) with over 1 million installs, and  File Manager  (com.file.box.master.gkd) with over 500,000 installs, are developed by the same group. These seemingly harmless Android apps use similar malicious tactics and automatically launch when the device reboots without user input. Contrary to what they claim on the Google Pla...

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered.

#we_inform_the_uninformed . Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge Point Protocol (OCPP) standard that uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1. “The OCPP standard doesn’t define how a CSMS should accept new connections from a charge point when there is already an active connection,” SaiFlow researchers Lionel Richard Saposnik and Doron Porat said. “The lack of a clear guideline for multiple active connections can be exploited by attackers to disrupt and hijack the connection between the charge point and t...