7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …
Android, Bridgefy, cloud, Cloud Audit, iOS, messaging app, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Application Security Verification Standard, OWASP Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, Web Security
This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …
Android, ArgoVPN, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, VPN
7ASecurity had the privilege to collaborate with the Open Source Technology Improvement Fund (OSTIF), as well as the K-9 Mail and Thunderbird teams at Mozilla, in a recent security audit of the Mozilla K-9 Mail application. What is K-9 Mail? K-9 Mail is an open source email application that runs on most Android devices. Ideally, the application is reliable, intuitive and secure …
Android, K-9 Mail, Mobile Application Security, Mobile Security, Mozilla, Network Security, OSTIF, OWASP Top 10, Penetration Testing, Security News, Thunderbird, Web Application Security
In case you missed it, I put together a blog post last week on the OWASP AppSec EU Security Conference in Trinity College, Dublin, Ireland with slides, pictures and experience Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “I would recommend to store at least half a …
Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Cloud Security Crytography Privacy Security FAIL General Outrageous Funny / Hilarious Hacking Incidents / Cybercrime Document claims LulzSec has obtained 2011 UK Census records [www.v3.co.uk] Infamous hacking group LulzSec is claiming to have obtained the entire …
Smile! it’s Friday! 🙂 In case you missed it I put together a blog post last week regarding my personal experience on the CISSP certification process, etc: CISSP exam, materials, preparation and experience Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “A pen test should …
Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Forensics / Reverse Engineering Cryptography Wireless Security Mobile Security Cloud Security Privacy / Censorship Security FAIL Off Topic Funny Hacking Incidents / Cybercrime Incident Analysis: Million Dollars Lost In A Minute [carnal0wnage.attackresearch.com] Dudes, I and two …
Thanks to Tadek and Shaun for contributing to this security bulletin NOTE: I am still trying to catch up, some news items are a bit dated but worth mentioning, I tried to put newer items at the top of each section so that if you see something dated you already saw you can skip the …
Category Index Hacking Incidents / Cybercrime Unpatched vulnerabilities Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Cloud Security Privacy / Censorship General Security FAIL Funny Hacking Incidents / Cybercrime Bank of America data leak destroys trust [www.latimes.com] The far-reaching fraud serves as a cautionary tale for all consumers who …
Feedback and/or contributions to make this better are appreciated and welcome For those interested, there was also a technical article posted over the weekend: SSH Service: How to set it up in Backtrack without getting pwned Remember, sometimes the funny section has some food for thought 🙂 Highlighted quotes of the week: ‘”You have won …