Trusted Design

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

概要

Overview Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Description CWE-295: Improper Certificate Validation - CVE-2017-3212 SCCU Mobile is a banking application. On both Android and iOS devices, the app fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Acer Portal app for Android does not properly validate SSL certificates (score: 0.65)
Android banking malware masquerades as Flash Player (score: 0.53)
Banking Trojan infected dozens of Android apps worldwide (score: 0.50)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.50)
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.49)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Silent Librarian

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

Magic Hound

Score: 7.24

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1578.002 - Create Cloud Instance

MITREへのリンク →

Scattered Spider

Score: 3.62

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure

MITREへのリンク →

APT28

Score: 9.08

Matched TTPs:

T1139 - Bash History
T1146 - Clear Command History

MITREへのリンク →

APT29

Score: 11.74

Matched TTPs:

T1568 - Dynamic Resolution
T1218.009 - Regsvcs/Regasm
T1490 - Inhibit System Recovery

MITREへのリンク →

APT37

Score: 4.13

Matched TTPs:

T1078 - Valid Accounts

MITREへのリンク →

Windshift

Score: 4.13

Matched TTPs:

T1078 - Valid Accounts

MITREへのリンク →

OilRig

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Turla

Score: 8.88

Matched TTPs:

T1556.009 - Conditional Access Policies
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Storm-1811

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

Dragonfly

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

Contagious Interview

Score: 4.54

Matched TTPs:

T1651 - Cloud Administration Command

MITREへのリンク →

FIN7

Score: 5.26

Matched TTPs:

T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT29

Score: 0.75

Matched TTPs:

T1218.009 - Regsvcs/Regasm
T1490 - Inhibit System Recovery
T1568 - Dynamic Resolution

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1146 - Clear Command History
T1139 - Bash History

MITREへのリンク →

Turla

Score: 0.57

Matched TTPs:

T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery
T1556.009 - Conditional Access Policies

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る