Security Alerts & News
by Tymoteusz A. Góral

#1688 Clever Gmail hack let attackers take over accounts
Google patched a hole in its Gmail verification system last week that allowed an attacker to hijack a targeted Google Gmail account.

The discovery was made by Ahmed Mehtab, a security researcher and founder of Security Fuse. The hack is simple to execute and requires less than dozen steps to pull off.

The hack exploits an authentication or verification bypass vulnerability in a Gmail feature that allows you to send email from a second Gmail account. Mehtab said the attack is “similar to account takeover but here I — as an attacker — can hijack email addresses by confirming the ownership of email (account).” Exploiting the hack, an attacker can send email as if it was being sent from the compromised account. In addition, the attacker could have email forwarded to the compromised Gmail address.
Read more
#1691 Disassembling a mobile trojan attack
#1690 China’s new cybersecurity law is bad news for business
#1689 Fake shopping apps are invading the iPhone
#1688 Clever Gmail hack let attackers take over accounts
#1687 Adobe patches nine code execution flaws in Flash Player
#1686 Google stops AdSense attack that forced banking trojan on Android phones
#1685 TrickBot banking trojan adds new browser manipulation tools
#1684 IPv4 addresses exhausted, networking standards must support IPv6
#1683 Google releases supplemental patch for dirty COW vulnerability
#1682 Microsoft patches zero-day disclosed by Google
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12