Oracle Fusion Middleware CVE-2016-3581 Remote Security Vulnerability
 

Enlarge (credit: Curious Expeditions)

Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday.

One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server. The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network. Trend Micro has found 3,000 such apps in all, 400 of which were available through Play.

"This malware allows threat actors to infiltrate a user's network environment," Thursday's report stated. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard."

Read 5 remaining paragraphs | Comments

 
BB&T U CVE-2016-6550 SSL Certificate Validation Security Bypass Vulnerability
 
phpMyAdmin CVE-2016-6624 Security Bypass Vulnerability
 
phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
 
phpMyAdmin CVE-2016-6608 Multiple Cross Site Scripting Vulnerabilities
 
phpMyAdmin CVE-2016-6607 Multiple Cross Site Scripting Vulnerabilities
 
Internet Storm Center Infocon Status