There's a worrying trend amongst businesses who haven't yet been through some kind of IT related security issue. It's human nature to think bad things only happ...
DualToy Trojan attacks both iPhones and Android devices
Sneaky
Over 8,000 different samples of a trojan being dubbed "DualToy" have been discovered in the wild after being initially identified in Jan 2015.
The unusual aspect to this malware is the mechanism it uses to hit it targets, which can be iOS or Android based.
The way it works is to first infect the Windows PC these devices are connected to via USB, then use the file transfer capabilities to deliver malware to the target, and it is capable of doing this to both Apple and Android devices. However, the good news is it is useless against those who keep everything up to date since it relies on weaknesses which were spotted and fixed several years ago.
Video shows Note 7 battery explode!
Samsung issues recall due to battery problems
Samsung's worst marketing nightmare came true this week when it had to issue a recall for its flagship Galaxy Note 7 smartphone.
Reports from the US and South Korea were coming in of the phone catching fire, or even exploding, during or soon after charging. They admitted the issues were fixed by replacing the battery but wanted to take no chances with customer safety issues.
The Note 7 was launched with great fanfare in 10 countries, but it was difficult to work out exactly which phones were affected because different companies supplied the batteries. Samsung said it would take two weeks to get new versions to customers, but urged them to return their current handsets as soon as possible.
iPhone Pegasus: "Worst iOS Smartphone Virus yet"
Clicking just one link is all it takes
Apple has released a patch to bring iPhone and iPad users up to iOS 9.3.5 specifically to kill malware known as "Pegasus".
The worrying issue regarding this malware isn't just the fact Apple devices were supposed to be immune to this sort of attack. It's the fact the user can't even easily detect if they are infected or not. Even worse, it's extremely low-level hiding capabilities meant no amount of encryption can protect them.
The spyware hides at system level and can access data before it is passed to other apps such as WhatsApp, which encrypts the data after Pegasus has seen it in the clear.
The software was allegedly created by Israeli firm NSO to target a Middle Eastern human rights activist. It's developers also discovered three new security flaws unknown to Apple.
Stagefright hits the iPhone
Uses the same attack vector as the Android version
The dreaded Stagefright vulnerability has now appeared in OSX and iOS, one year after it was first discovered on Android. Google has released dozens of patches throughout that time aimed at fixing it, the most recent being just this week.
The idea behind Stagefright, and the reason it is so hard to close down every variant, is that the target is the core multimedia handler present in the heart of the OS, which has by necessity special privileges in order to do its job of playing audio, video and showing images, etc.
Since the multimedia handler has to accept the media as data, the attacks arrive in the form of data which appears to be correctly formed, so that it gets to the handler in the first place, but in fact is specially crafted to carry just the right payload needed to trigger the attack.
Woah! Not so fast - Dodgy Pokémon Go copies can contain malware...
Massive hit app attracts the bad guys
All of a sudden, Pokémon Go is everywhere! It's bigger than Tinder and about to topple Twitter in the number of daily users.
This is fantastic news for Nintendo, whos fortunes have been flagging recently and really needed the shot in the arm this game gave them. However, as with all things app-wise, with such a massive user base the malware guys suddenly get very interested too, and they have been quick to jump on the craze with a hacked version for Android found in the wild.
The APK discovered contained the "DroidJack" remote access tool (RAT) which enabled the attacker to gain complete control over their smartphone or tablet. It was first discovered by researchers at Proofpoint.
7 Ways to stay safe using free WiFi
Digital hygiene
Free public WiFi can be a lifesaver. Your device can be out of the range of a mobile signal more often than you think, for example in underground stations or large buildings. Most tablet users don't even have a choice. Often you'll be alerted to a full-strength WiFi hotspot just itching for you to use it which claims to be "free".
Like anything in life, however, there is no such thing as a free lunch. "Free" anything usually wants something back in return and WiFi is no different. However, there is the risk of extra danger - not all hotspots are created equally.
Some of the dangers are not immediately obvious. Here we show 7 ways you can minimize the risks when using these free WiFi hotspots.
Fansmitter can steal data through fans
Uses the smartphones microphone
An ingenious hack has surfaced in a paper which shows a way to steal data from a PC/laptop using listening software on a smartphone, and malware controlling the cooling fans on the target system.
This convoluted setup wouldn't be of much interest if it wasn't for one particular trick it can pull off which almost none of the other malware attacks can - it targets air-gapped systems. Air-gapped is the term given to PC/laptops which are not connected to a network at all. Without a network connection, users assume remote hacks can't happen for obvious reasons.
Air-gapped systems are usually set up that way for good reason - they might hold classified military information, process sensitive financial transactions or operate industrial/medical critical infrastructure systems.
WhatsApp Gold: Do NOT install this
It's a scam!
Popular cross-platform messaging app WhatsApp has been embroiled in a novel attack which cybercriminals are using to steal users data. A version is in the wild which claims to offer exclusive features, such as the ability to send hundreds of messages at once and is supposed to be "used by celebrities". It apparently offers other features that are not present on the standard version and is going by the name "WhatsApp Gold".
If you receive a message offering to install this app - don't! Experts are warning users to spread the message that this app is NOT from the legitimate WhatsApp developers and will infect their handsets.
The scam has actually been around a while, and smartphone virus watchers have alerted users that an earlier version called "WhatsApp Plus" tried the same thing. This time, however, the message seems to be getting pushed far wider, hence the need to inform users as soon as possible to be on their guard.
