Banking Malware Distributed via YouTube Ads.

Malvertising attacks are becoming more and more common and it appears that not even YouTube users are safe.
Security researchers from Bromium Labs recently found that YouTube advertising network has been used by cyber criminals to distribute malware. According to experts, cyber criminals compromised an ad network and were redirecting users to malicious websites, hosting the 'Styx Exploit Kit' and infect users computer with Caphaw Banking Trojan..
This particular exploit kit is designed to exploit java vulnerability (CVE-2013-2460) in outdated versions, once in the targets computer system the malware detects the Java version installed on the operating system and based upon it loads suitable exploit compatible with the installed java version.
The command and control server (C&C) used by the cyber criminals appears to be hosted in Europe and it relies on a domain generation algorithm (DGA). Researcher has notified Google of the attack, but so far, they still do not know how the cyber criminals have pulled it off to evade Google’s internal advertisement security checks.And how many users had become victim of this attack is yet a question.
Google has confirmed that a rogue advertiser was behind this malvertisment and also said it has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again.

Snapchat vulnerability allows hackers to launch DDoS attack and remotely crash your smartphone.

A new security bug has been reportedly discovered in photo sharing app, Snapchat,which could launch a DDoS attack on users  smartphones and cause them to crash.

Jamie Sanchez, a Security researcher first reported the vulnerability which can enable an hacker to launch a massive spam and denial-of-service attacks.The bug could allow hackers to overload user's inbox with messages, and crash the iPhone, requiring the user to reset their device, and make Android devices noticeably slower.

Jamie Sanchez demonstrated the vulnerability to LA Times reporter,With consent, he sent 1,000 messages in 5 seconds to reporter account, which crashed his iPhone. Android phones apparently won’t crash with the attack, but they will significantly slow down, and the app itself becomes crippled.
He declined to contact Snapchat with his findings as he believes the company has no respect for the cyber security research community which was proved recently when the company did not pay much heed to researchers' warning about a vulnerability that could expose user data and ultimately published phone numbers of about 4.6 million users to prove their point.
Snapchat issued statement ,"We are working to resolve the issue and will be reaching out to the security researcher who publicized the attack to learn more".

the bug could allow hackers to overload an inbox with messages, and crash the iPhone, requiring the user to reset their device, and make Android devices noticeably slower.  - See more at: https://www.authintmail.com/article/technology/snapchat-vulnerability-can-crash-your-smartphone#sthash.mpgzAVPJ.dpuf

Your laptop Camera could spy on you without lighting up the warning light.

If you own a MacBook or any other laptop, you should cover up it's webcam, because there’s a possibility someone could be watching you.
Most of the webcam have a tiny light lets you know that the webcam is active, but it's possible for malware to disable this important privacy feature.
Two Students from Johns Hopkins University  Matthew Brocker and Stephen Checkoway created a proof of concept app called “iSeeYou” that confirmed that MacBook iSight webcams can spy on their users without the warning light being activated.
A young man recently pleaded guilty in court to extortion after he performed a remote hack on Miss Teen USA’s webcam to secretly collect nude photos. It was revealed through court papers that the FBI has the ability to do the same thing with a variety of current laptops including Apple products.
Your laptop camera could Spy on You without lighting up

PayPal denies to pay Bug Bounty reward to teenager.

A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.Robert Kugler said he notified PayPal of the vulnerability on May 19. He said he was informed by email that because he is under 18 years old, he did not qualify for its Bug Bounty Program.

Many companies such as Google and Facebook have reward programs. The programs are intended to create an incentive for website users to report problems and create fixes before hackers can take advantage.
Google pays from $100 up to $20,000 depending on the severity of the issue and Facebook pays a minimum of $500 for qualifying bugs. Neither company has age restrictions listed on their websites.

iPhone has most vulnerabilities, so why is Android the most attacked?

The biggest story in malware right now is mobile malware. The shift from traditional mobile phones that simply made phone calls to smartphones containing gigabytes of data has made the
pocket-sized computers a prime target for attackers.
There was a 32 percent increase in the number of documented vulnerabilities for mobile operating systems and, not surprisingly, a 58 percent increase in mobile malware and
Android smartphones and tablets are the hottest targets. 
       Virtually all mobile malware samples detected are intended for Android, ranging from malware that sends out SMS messages, or fraudulent SMS payments, mobile botnets, spyware, and Trojans that can capture or destroy data from Android devices.
      There has been biggest spike in malware samples detected in four years, and the growing threat faced by mobile devices—particularly Android mobile devices.

AirDroid security flaw allows hackers to perform Dos attack from your Android device.

AirDroid, a free app which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network, has a dangerous cross-site scripting (XSS) vulnerability which allow hackers  to perform Dos attack from your Android device.

Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to the Department of Homeland Security’s  Vulnerability Notes Database ,

Hacking Google users with Google's GooPass phishing attack

Google Drive is the new home for Google Docs, that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information.

Security researcher Christy Philip Mathew came up with combination of Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack.

For those who are not aware about Clickjacking, It is a technique where an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

He explain how this technique can be executed to pwn a Google user to steal victim's

IOS vulnerability in Configuration Profiles pose malware threat.

Israeli mobile security start-up Skycure has exposed a vulnerability that could allow hackers to control and spy on iPhones. A major security vulnerability for iOS configuration profiles  pose malware threat.

The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates.

The below demo shows that how sensitive information, including the victim’s exact