Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Android and Java devs: Your IDE could be used to steal your data


Your Android developer tools, both local and cloud-based, could be wide open for exploitation, hacking, or remote code execution (RCE), new research from Check Point revealed.

Android and Java developers who use popular integrated development environments (IDEs) like Google Android Studio, IntelliJ, and Eclipse, as well as those using APK reverse engineering tools like APKTool and Cuckoo-Droid, could have data stolen, machines remotely seized, and malicious code executed on them.

It's a simple trick that can be done as easily as simply tossing a fake AndroidManifest.xml file into a package. Then the attacker can just sit back and wait for the data to come to them.

A serious exploit

Check Point explains that the vulnerability starts in APKTool and similar platforms, which are used to break down APKs for platform compatibility checks and app testing. Many of the popular apps in that category fail to block XML external entity references (XXEs), which allow an attacker to...(continued)

View All Trending Stories