Spyware, Viruses, & Security forum


NEWS - April 22, 2014

Active malware campaign steals Apple passwords from jailbroken iPhones

Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads.

News of the malware dubbed "unflod," based on the name of a library that's installed on infected devices, first surfaced late last week on a pair of reddit threads here and here. In the posts, readers reported their jailbroken iOS devices recently started experiencing repeated crashes, often after installing jailbroken-specific customizations known as tweaks that were not a part of the official Cydia market, which acts as an alternative to Apple's App Store.

Since then, security researcher Stefan Esser has performed what's called a static analysis on the binary code that the reddit users isolated on compromised devices. In a blog post reporting the results, he said unflod hooks into the SSLWrite function of an infected device's security framework. It then scans it for strings accompanying the Apple ID and password that's transmitted to Apple servers. When the credentials are found, they're transmitted to attacker-controlled servers.

Continued : http://arstechnica.com/security/2014/04/active-malware-campaign-steals-apple-passwords-from-jailbroken-iphones/

Mysterious malware steals Apple credentials from jailbroken iOS devices
New iOS malware with a funky name: "Unflod Baby Panda"
Discussion is locked
You are posting a reply to: NEWS - April 22, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 22, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fake Facebook app attack can lead to your Android being ..

In reply to: NEWS - April 22, 2014

.. spied upon, and your bank account being hacked

The ESET "We Live Security" Blog:

Are you a Facebook user?

If so, be on your guard if you see a screen like the following popping up on your screen: [Screenshot]

Hopefully the poor grammar is enough to trigger your alarm bells, and prevent you from entering your mobile phone number.

But if it's not, there is a risk that malicious hackers could soon be listening in to the calls made on your Android smartphone, intercepting your SMS text messages, and even listening in to any private conversations you are having in the vicinity of your phone.

And, if the hackers can read your SMS messages, they can potentially break into your online bank accounts too.

Continued : http://www.welivesecurity.com/2014/04/22/facebook-android-bank/

Related : Android trojan app targets Facebook users
Collapse -
Secunia: Fixing OpenSSL's Heartbleed flaw will take MONTHS

In reply to: NEWS - April 22, 2014

Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnerable to the infamous OpenSSL security flaw.

Heartbleed most obviously affected secure web servers but also hit routers and other networking equipment, as well as a wide array of other enterprise technology.

And the bundling of the faulty OpenSSL library means applications vulnerable to Heartbleed include everything from VPN software, messaging and VoIP apps, among others. A large number of smartphones (specifically those running Android 4.1) are also on the danger list.

Kasper Lindgaard, Secunia head of research, told El Reg that other items vulnerable to Heartbleed include switches and servers.

Continued : http://www.theregister.co.uk/2014/04/22/heartbleed_repairs_may_take_months/

Collapse -
An Allegation of Harm

In reply to: NEWS - April 22, 2014

In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the harm allegedly caused to consumers by just one of the 1,300 customers of that ID theft service — an Ohio man the government claims used the data to file fraudulent tax returns on dozens of Americans last year.

In February, I was contacted via Facebook by 28-year-old Lance Ealy from Dayton, Ohio. Mr. Ealy said he needed to speak with me about the article I wrote in October 2013 — Experian Sold Consumer Data to ID Theft Service. Ealy told me he'd been arrested by the U.S. Secret Service on Nov. 25, 2013 for allegedly using his email account to purchase Social Security numbers and other personal information from an online identity theft service run by guy named Hieu Minh Ngo.

Continued : http://krebsonsecurity.com/2014/04/an-allegation-of-harm/

Collapse -
Supposedly patched router backdoor was simply hidden

In reply to: NEWS - April 22, 2014

When security systems' engineer and researcher Eloi Vanderbeken discovered the existence of a backdoor in his own Linksys router last Christmas, he spurred other hackers to check what other routers have the same backdoor. The results of this investigation was that 24 DSL router models from Cisco, Linksys, Netgear, and Diamond were confirmed to be vulnerable.

The backdoor has been tied with Sercomm - the firm that builds these routers for the aforementioned companies - and the specific firmware they install on the devices. A month after the discovery, those companies have pushed out a new version of the firmware that apparently closed the backdoor. Only it didn't - it merely hid it.


Related: Easter egg: DSL router patch merely hides backdoor instead of closing it

Collapse -
OpenSSL code beyond repair, claims creator of "LibreSSL"

In reply to: NEWS - April 22, 2014

.. fork

OpenBSD founder Theo de Raadt has created a fork of OpenSSL, the widely used open source cryptographic software library that contained the notorious Heartbleed security vulnerability.

OpenSSL has suffered from a lack of funding and code contributions despite being used in websites and products by many of the world's biggest and richest corporations.

The decision to fork OpenSSL is bound to be controversial given that OpenSSL powers hundreds of thousands of Web servers. When asked why he wanted to start over instead of helping to make OpenSSL better, de Raadt said the existing code is too much of a mess.

Continued : http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/

Related: OpenBSD team forks OpenSSL to create safer SSL/TLS library
Collapse -
Google refunds Android users who bought fake Virus Shield

In reply to: NEWS - April 22, 2014

Earlier this month an Android anti-virus app, named Virus Shield, managed to fool thousands of customers into buying it, despite not having any anti-virus capabilities.

The $3.99 app initially appeared to be a hot purchase as it quickly rose to the top of the Google Play Store sales charts before Android Police discovered all was not as it seemed.

The app was subsequently removed from the store on 6 April but not before tens of thousands of people had purchased it.

Now Google is offering full refunds to anyone who bought Virus Shield. That's long after the usual 15-minute refund window.

Continued : http://nakedsecurity.sophos.com/2014/04/22/google-refunds-android-users-who-bought-fake-virus-shield-app/

Collapse -
Some sites have plugged Heartbleed, but 1000's haven't, says

In reply to: NEWS - April 22, 2014

.. security firm

According to Computerworld, Sucuri Security, a Calif.-based Internet security outfit, says that of the top 1 million sites on the Web as ranked by Alexa (a service which measures what websites are most popular based on Web data that it gathers), as much as two percent of those sites are still susceptible to the Heartbleed OpenSSL bug. However, Sucuri exec Daniel Cid said in an email that the top 1,000 Alexa sites were all safe from the bug, or have been patched and are not at risk anymore. The findings are accurate as of last week.

Sucuri also found that 0.53 percent of the 10,000 most popular sites were vulnerable, with that number rising to 1.5 percent among the 100,000 most popular sites. The percentages break down like this: 53 of the top 10,000 sites were at risk, 1,595 of the top 100,000 sites were vulnerable, and 20,320 of the 1,000,000 most popular sites were still susceptible to Heartbleed.

"We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues. However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better," Cid said in a blog post.

Continued : http://www.digitaltrends.com/computing/sites-plugged-heartbleed-thousands-havent-says-security-firm/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.