An iOS version of an Android espionage Trojan targeting activists and protestors in Hong Kong has been discovered on the command and control server hosting the Android malware.
The iOS version, a mobile remote access Trojan dubbed Xsser by Lacoon Mobile Security, affects only jailbroken iOS devices. Lacoon is calling this the first such iOS Trojan used in a China-sponsored nation-state attack, but in April a German security consultancy called SektionEins reported on an iOS malware campaign it called Unflod Baby Panda. It too targeted jailbroken iOS devices and was linked to China.
Two years ago, Citizen Lab at the Munk School of Global Affairs at the University of Toronto, published a paper on the use of an iOS Trojan to spy on dissidents in the Middle East. That malware was connected to the controversial FinFisher toolkit, commercially sold spyware used to record calls, download device information and stored data, and provide location data to a remote server.
Continued : http://threatpost.com/xsser-trojan-spies-on-jailbroken-ios-devices/108627
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
NEWS - October 02, 2014
"Fixes Bash bug discovered last week that's already been seen in the wild."
Apple has just released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell that we first reported on last week. Bash, which is the default shell for many Unix and Linux-based operating systems, has been updated two times to fix the Shellshock remote exploit bug, and many Linux distributions have already issued updates to their users.
When installed on an OS X Mavericks system, the patch upgraded the Bash shell from version 3.2.51 to version 3.2.53, something that users could already do manually if they were so inclined. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on your system first. An Apple representative told Ars that the company would not be releasing an individual patch for users running the current OS X Yosemite developer or public beta builds, but the rep went on to say the bug will be fixed in future builds of the software. The company previously stated that Macs "are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services." Non-jailbroken iOS devices shouldn't be vulnerable to the exploit at all.
Continued: http://arstechnica.com/apple/2014/09/apple-patches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
Related:
Apple Releases Patches for Shellshock Bug
Apple patches Shellshock bug in OS X
Apple releases patches for OS X's 'Shellshock' Bash shell vulnerability
Also See: Shellshock fixes beget another round of patches as attacks mount
Discussion is locked
12 Posts
- Collapse
- Collapse -
- Collapse -
The indictment this week of the man behind an app designed for surreptitiously monitoring cellphone activity is only the second federal case filed against someone involved in the commercial sale of so-called spyware and stalkingware. But the case could have negative implications for others who make and sell similar snooping tools, experts hope.
The case involves StealthGenie, a spy app for iPhones, Android phones and Blackberry devices that until last week was marketed primarily to people who suspected their spouse or lover of cheating on them but it also could be used by stalkers or perpetrators of domestic violence to track victims. The app secretly recorded phone calls and siphoned text messages and other data from a target's phone, all of which customers of the software could view online until the government succeeded to temporarily close the Virginia-based site (.pdf) that hosted the stolen data.
Continued : http://www.wired.com/2014/10/stealthgenie-indictment/
Related: Head of 'StealthGenie' mobile stalking app indicted for selling spyware
- Collapse -
A Florida man was sentenced today to 27 months in prison for trying to purchase Social Security numbers and other data from an identity theft service that pulled consumer records from a subsidiary of credit bureau Experian.
Derric Theoc, 36, pleaded guilty to attempting to purchase Social Security and bank account records on more than 100 Americans with the intent to open credit card accounts and file fraudulent tax returns in the victims' names. According to prosecutors, Theoc had purchased numerous records from Superget.info, a now-defunct online identity theft service that was run by Vietnamese individual named Hieu Minh Ngo.
Continued : https://krebsonsecurity.com/2014/10/id-theft-service-customer-gets-27-months/
- Collapse -
"Please note that [COMPANY NAME] takes the security of your personal data very seriously." If you've been on the Internet for any length of time, chances are very good that you've received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, "It's not you, it's me."
I was reminded of the sheer emptiness of this corporate breach-speak approximately two weeks ago, after receiving a snail mail letter from my Internet service provider — Cox Communications. In its letter, the company explained:
"On or about Aug. 13, 2014, "we learned that one of our customer service representatives had her account credentials compromised by an unknown individual. This incident allowed the unauthorized person to view personal information associated with a small number of Cox accounts. The information which could have been viewed included your name, address, email address, your Secret Question/Answer, PIN and in some cases, the last four digits only of your Social Security number or drivers' license number."
Continued: http://krebsonsecurity.com/2014/09/we-take-your-privacy-and-security-seriously/
- Collapse -
Researchers at Russian anti-virus company Dr Web believe that they have uncovered a new botnet, which has recruited thousands of Mac computers.
According to their report, the sophisticated malware - which they have dubbed Mac.BackDoor.iWorm - has infected more than 17,000 computers running OS X.
Unfortunately, what isn't presently documented is how the malware spreads - but the consequences can clearly be serious.
Like any computers that have been recruited into a botnet, Macs that have been hijacked in this attack could have information stolen from them, further malware planted upon them, or be used to spread more malware or launch spam campaigns and denial-of-service attacks.
Continued : http://grahamcluley.com/2014/10/mac-malware-botnet-reddit/
- Collapse -
Mere days after a government crackdown on a spyware manufacturer comes the startling revelation that law enforcement agencies have been purchasing commercial spyware themselves and handing it out to the public for free.
Police departments around the country have been distributing thousands of free copies of spyware to parents to monitor their children's activity, a fact that's come to light in the wake of a federal indictment this week against the maker of one commercial spyware tool on wiretapping charges.
The tool being distributed by agencies, known as ComputerCOP, has been purchased in bulk by more than two hundred police departments in thirty-five states as well as by sheriff's offices and district attorneys. It's designed to search computers for files and videos based on a keyword dictionary that comes with the software and also can log every keystroke on a computer, sending some of that data—in an unsecured manner—to a server belonging to the company that makes the software.
Continued : http://www.wired.com/2014/10/cops-giving-parents-spyware/
Related: Local US cops distributing questionable, unsafe spyware to families
- Collapse -
Graham Cluley @ Tripwire's "State of Security" Blog:
We all make mistakes. I know that sometimes I have made some real howlers, and lived to regret it, but at least we can try to learn from our past screw-ups, put it down to experience and move on.
It's the same when it comes to computers. Many of us probably remember the first gut-wrenching time that we realized we hadn't backed up our data and promised ourselves never to make the same mistake again, or realized that we were playing dangerously by using the same password in multiple places - only to hear on the news that one of the sites had been hacked.
In today's information age, where information about computer security threats and easy-to-use tools are at our fingertips, there shouldn't be much excuse for making some of the Security 101 errors that have plagued users and companies in the past.
Continued : http://www.tripwire.com/state-of-security/security-data-protection/ithemes-plaintext/
- Collapse -
"Apple just released a patch for Shellshock, a bug that could give hackers access to Macintosh computers, but a security specialist says Apple fixed only two out of three security holes."
That's Beardsley writing about that in the link given.
Bob
PS. And this doesn't tackle the other issues with bash and the other shells.
- Collapse -
"A Linux/Unix-based vulnerability, Shellshock, has an impact that reaches far beyond one operating system."
As with Heartbleed, Windows users can't ignore this threat. But the most difficult aspect of this outbreak is determining which devices are actually vulnerable.
A vulnerability in the Bash Linux/Unix shell
Your PC might be pure Windows, but chances are high that you have devices in your home running on Unix or Linux. I know I do — my Western Digital My Cloud networked backup drive, routers, Kindles, iPhones, and iPads all run some form of Unix/Linux. (Worse still, Unix and Linux are core operating systems on many enterprise-computing and storage systems.)
Those non-Windows devices were relatively safe from malware — until now. As has been widely reported, the GNU Project's Bourne Again Shell (Bash; more info) was found to be vulnerable. Bash is a text-based, command-line utility or Unix shell used by numerous versions of the Linux/Unix operating systems.
If installed as the default command-line shell, Bash can make a system vulnerable to malicious remote attacks. The method of attack includes various network tools that execute scripts — from Telnet and Secure Shell (SSH; more info) sessions to Web requests.
Continued : http://windowssecrets.com/newsletter/what-shellshock-means-to-you-and-me/#story2
- Collapse -
Users of the Joomla content management system have been on a patching roller coaster the past 24 hours with one set of patches for critical vulnerabilities being pulled last night before being re-issued today.
The Joomla update, bringing the CMS up to version 3.3.6, is a security update addressing a high priority remote file inclusion vulnerability and a denial-of-service vulnerability of lesser severity, Joomla said.
The latest update was released at noon ET today, less than a day after a previous update was pulled back.
Continued: http://threatpost.com/joomla-re-issues-security-update-after-patches-glitch/108637
Related: Joomla update fixes high risk bug that could lead to site compromise
- Collapse -
Cybercriminals have spammed out messages claiming that recipients are at risk of having their unread messages on Facebook deleted.
The reason? To lure you into clicking on a link sent out by pill-pushers, that could end up making a hole in your pocket.
Here's a typical example of an email that has been spammed out, claiming to come from "Facebook Administration": [Screenshot]
You haven't been to Facebook for a few days, and a lot happened while you were away.
Continued : http://grahamcluley.com/2014/10/facebook/
- Collapse -
"The tool will help prospective buyers of used iPhones and iPads to determine if the devices were lost or stolen"
If you're looking to buy a used iPhone, iPad or iPod touch device, Apple is now offering an online tool to let you first check if it's been locked down by the previous owner, which could indicate that it was actually stolen or lost.
The service is available on the iCloud website and doesn't require authentication. It allows users to input the IMEI (International Mobile Station Equipment Identity) or serial number of any iOS device to see its Activation Lock status.
Activation Lock is a feature first introduced in iOS 7 as part of the Find My iPhone service on iCloud. Once it is turned on, the device is locked down and the user needs to input the Apple ID and password associated with it in order to be able to use it again.
Continued : http://news.techworld.com/security/3574967/is-that-used-ipad-actually-stolen-apple-creates-tool-for-would-be-buyers-to-check/
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic