On our forgot password reset form, is it ok to leak that a given e-mail address entered is invalid? Or should we always just return success and check your e-mail, even if the e-mail is not valid.
I feel like always returning success can p…
FireEye Labs has recently discovered six variants of a new Android
threat that steals text messages and intercepts phone calls. We named
this sample set “Android.HeHe” after the name of the activity that is
used consistently across all samples.
…
FireEye Labs has recently discovered six variants of a new Android
threat that steals text messages and intercepts phone calls. We named
this sample set “Android.HeHe” after the name of the activity that is
used consistently across all samples.
…
Third-party libraries, especially ad libraries, are widely used in
Android apps. Unfortunately, many of them have security and privacy
issues. In this blog, we summarize our findings related to the
insecure usage of JavaScript binding in ad libra…
Third-party libraries, especially ad libraries, are widely used in
Android apps. Unfortunately, many of them have security and privacy
issues. In this blog, we summarize our findings related to the
insecure usage of JavaScript binding in ad libra…
Today we released four security bulletins addressing six CVE’s. All four bulletins have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin…
FireEye has been busy over the last year. We have tracked
malware-based espionage campaigns and published research papers on
numerous advanced threat actors. We chopped through Poison
Ivy, documented a cyber
arms dealer, and revealed that Ope…
FireEye has been busy over the last year. We have tracked
malware-based espionage campaigns and published research papers on
numerous advanced threat actors. We chopped through Poison
Ivy, documented a cyber
arms dealer, and revealed that Ope…
Importing a GPG key with a KeyID or fingerprint seems to rely on keyservers. Doesn’t this invite man-in-the-middle attacks, in which someone would alter the keys to allow them to decrypt the data? What measures are in place to prevent this…
