8 total posts
The Severe Flaw Found in Certain File Locker Apps
TrendLabs Security Intelligence Blog:
Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security and privacy protection apps.
One of the ways to protect smartphone data is by using "file locker" apps. As the name implies, these apps can be used as storage for sensitive data. The apps store the data away from prying eyes, often using encryption and passwords for additional security.
But how effective are these apps in protecting your data? Is it safe to assume that these apps will live up to their promise and offer the level of security that our data needs? Unfortunately, we analyzed the more popular ones in Google Play and found that these apps fail to deliver what they promise.
The apps we analyzed are the following:
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/the-severe-flaw-found-in-certain-file-locker-apps/
This thumbdrive hacks computers."BadUSB" exploit makes ..
... devices turn "evil"
"Researchers devise stealthy attack that reprograms USB device firmware."
When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
Continued : http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
Malicious USB device firmware the next big infection vector?
BadUSB Malware Stored in USB Firmware Can Take Over the Computer
Facebook "Enter Details Here to Enable Your Account"
"Malwarebytes Unpacked" Blog:
We at Malwarebytes do our best to keep you, dear Reader, apprised with the latest threats we encounter that target Facebook users. As you may know, Facebook is one of the few prime targets of online crime, particularly fraud.
Here's one in-the-wild phishing campaign that we spotted homing in on users.
Unfortunately, we couldn't trace back the origin of this campaign; however, it's highly likely that it started off as an email pretending to be a notification. As such, be wary of any received emails containing URL(s) that may lead you to us-facebook[dot]com. Successful access to the said site immediately forwards to us-services-facebook[dot]com, as pictured below: [Screenshot]
Apart from asking for email address and password—credentials used to access a Facebook account—from the user, it also wants to get his/her webmail and corresponding password, date of birth, security question and answer, and country of origin—information that are irrelevant at best when enabling disabled accounts in general.
Continued : http://blog.malwarebytes.org/fraud-scam/2014/07/enter-details-here-to-enable-your-account/
Related: Facebook Phishing Scam Asks for More Than Social Network Credentials
7 Out of Top 10 Internet of Things Devices Riddled With
Graham Cluley @ the Lumension Optimal Security blog:
It has become the trendy thing to connect more and more household and office devices to the internet. It is becoming increasingly common to find yourself typing a WiFI password not just into your smartphone, but also your smoke alarm, your fridge, your printer, your baby monitor and maybe even your car.
However, are the manufacturers of these internet-enabled devices paying proper care and attention to security and privacy?
Sadly, it seems they are often falling at the first hurdle.
New research published by HP claims "70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities."
On average, 25 vulnerabilities were found by researchers in HP's study of the top ten most popular IoT devices - with a grand total of 250 security concerns discovered.
Continued : http://blog.lumension.com/9127/7-out-of-top-10-internet-of-things-devices-riddled-with-vulnerabilities/
23 Data Records Exposed Each Second in Q2 2014 Breach ..
A report highlighting the top data breach incidents in the world and the number of records stolen from the targeted organizations shows that, on average, about 23 data records were lost or stolen every second in Q2 2014.
The report (pdf) comes from data protection company SafeNet and relies on publicly available information gathered through their Breach Level Index tool.
According to this information, in Q2 2014, at least 1,355 records were exposed every minute, and simple math shows a daily figure of 1,951,724 records.
As for the top five most significant computer system breaches, three of them occurred in the United States, the eBay incident being by far the one impacting the largest number of individuals, with details on 145 million stolen. It is worth noting that the total amount of data exposed reaches 175,655,228 million.
Continued : http://news.softpedia.com/news/23-Data-Records-Exposed-Each-Second-in-Q2-2014-Breach-Incidents-453093.shtml
Microsoft EMET 5.0 security tool puts a leash on plug-ins
The latest release of a Microsoft security tool that's designed to stop exploits lets administrators control when third-party plugins are launched, a long favored route for attackers.
Microsoft has been steadily improving and adding more capabilities to the Enhanced Mitigation Experience Toolkit (EMET), a free tool that strengthens the security of non-Microsoft applications by using defenses built within Windows, such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention).
The latest 5.0 iteration, released Thursday, includes something called "Attack Surface Reduction," which can block some of an application's modules or plugins that might be abused, wrote Chris Betz, senior director of the Microsoft Security Response Center.
He wrote that Microsoft Word, for example, can be prevented from loading an Adobe Flash Player plugin or allow Java plugins to only run from intranet-zone sites rather than outside ones.
Continued : http://www.infoworld.com/d/security/microsoft-emet-50-security-tool-puts-leash-plug-ins-247503
Related: Microsoft releases EMET 5.0
PC gamers increasingly under attack
Many gamers either disable their security or remove it altogether, thereby sacrificing protection to maximize system performance and leaving themselves vulnerable to gaming-focused malware and cyber-attacks, according to a new study by Webroot. [Screenshot]
Key findings include:
• Nearly half of gamers have experienced an online attack, with 55 percent of the attacks resulting in slow-down in system performance and impacted browser behavior.
• 35 percent of PC gamers have either no security or just rely on free diagnostics or clean up tools.
• Trojans, phishing and rootkits ranked top attacks against PC gamers.
[Key findings continued]
The new report is based on survey responses gathered from more than 1,200 gamers during the E3 2014 Conference. It concluded that while a third of gamers do not use a security program - citing gameplay, slowdown and too many alerts and interruptions as key factors - 47 percent have experienced a malware attack.