There's a worrying trend amongst businesses who haven't yet been through some kind of IT related security issue. It's human nature to think bad things only happ...
Silent 911 dialler much worse than previously thought
No user intervention needed
In October 2016, an exploit for iOS was discovered which caused iPhones to repeatedly dial 911 without any intervention from the user at all.
In some places, this hit so hard that the 911 emergency call center in one area was classed as being in "immediate danger" of losing service, and two more were also at risk.
The investigation into these incidents is now complete, and the results show it was much more serious than it first appeared.
The count of the number of calls made was first determined to be in the low hundreds, but it has now been established the number is massively higher. A single tweeted link was clicked on a total of 117,502 times - each click causing a 911 call to be made.
New Malware for Android asks users to submit a selfie
Acecard
Incredibly, new Android malware has been discovered which actually attempts to trick its victims into not only taking a selfie, but one of them holding a valid ID card such as a drivers license or passport. This is like the holy grail to id thieves, who are increasingly finding that government institutions, banks and other similar organisations such as utility companies are insisting on such proof before conducting business with their users.
Now let's be honest here, and a little discreet - it's only a "special" kind of user who's going to fall for such an obvious scam. We are, however, in the numbers game, and a tiny slice of a huge pie is still big enough to make it worthwhile for the bad guys.
Facebook and Twitter also use the "valid id" method to authenticate accounts which have had some kind of issue regarding security.
DualToy Trojan attacks both iPhones and Android devices
Sneaky
Over 8,000 different samples of a trojan being dubbed "DualToy" have been discovered in the wild after being initially identified in Jan 2015.
The unusual aspect to this malware is the mechanism it uses to hit it targets, which can be iOS or Android based.
The way it works is to first infect the Windows PC these devices are connected to via USB, then use the file transfer capabilities to deliver malware to the target, and it is capable of doing this to both Apple and Android devices. However, the good news is it is useless against those who keep everything up to date since it relies on weaknesses which were spotted and fixed several years ago.
Video shows Note 7 battery explode!
Samsung issues recall due to battery problems
Samsung's worst marketing nightmare came true this week when it had to issue a recall for its flagship Galaxy Note 7 smartphone.
Reports from the US and South Korea were coming in of the phone catching fire, or even exploding, during or soon after charging. They admitted the issues were fixed by replacing the battery but wanted to take no chances with customer safety issues.
The Note 7 was launched with great fanfare in 10 countries, but it was difficult to work out exactly which phones were affected because different companies supplied the batteries. Samsung said it would take two weeks to get new versions to customers, but urged them to return their current handsets as soon as possible.
iPhone Pegasus: "Worst iOS Smartphone Virus yet"
Clicking just one link is all it takes
Apple has released a patch to bring iPhone and iPad users up to iOS 9.3.5 specifically to kill malware known as "Pegasus".
The worrying issue regarding this malware isn't just the fact Apple devices were supposed to be immune to this sort of attack. It's the fact the user can't even easily detect if they are infected or not. Even worse, it's extremely low-level hiding capabilities meant no amount of encryption can protect them.
The spyware hides at system level and can access data before it is passed to other apps such as WhatsApp, which encrypts the data after Pegasus has seen it in the clear.
The software was allegedly created by Israeli firm NSO to target a Middle Eastern human rights activist. It's developers also discovered three new security flaws unknown to Apple.
Stagefright hits the iPhone
Uses the same attack vector as the Android version
The dreaded Stagefright vulnerability has now appeared in OSX and iOS, one year after it was first discovered on Android. Google has released dozens of patches throughout that time aimed at fixing it, the most recent being just this week.
The idea behind Stagefright, and the reason it is so hard to close down every variant, is that the target is the core multimedia handler present in the heart of the OS, which has by necessity special privileges in order to do its job of playing audio, video and showing images, etc.
Since the multimedia handler has to accept the media as data, the attacks arrive in the form of data which appears to be correctly formed, so that it gets to the handler in the first place, but in fact is specially crafted to carry just the right payload needed to trigger the attack.
Woah! Not so fast - Dodgy Pokémon Go copies can contain malware...
Massive hit app attracts the bad guys
All of a sudden, Pokémon Go is everywhere! It's bigger than Tinder and about to topple Twitter in the number of daily users.
This is fantastic news for Nintendo, whos fortunes have been flagging recently and really needed the shot in the arm this game gave them. However, as with all things app-wise, with such a massive user base the malware guys suddenly get very interested too, and they have been quick to jump on the craze with a hacked version for Android found in the wild.
The APK discovered contained the "DroidJack" remote access tool (RAT) which enabled the attacker to gain complete control over their smartphone or tablet. It was first discovered by researchers at Proofpoint.
7 Ways to stay safe using free WiFi
Digital hygiene
Free public WiFi can be a lifesaver. Your device can be out of the range of a mobile signal more often than you think, for example in underground stations or large buildings. Most tablet users don't even have a choice. Often you'll be alerted to a full-strength WiFi hotspot just itching for you to use it which claims to be "free".
Like anything in life, however, there is no such thing as a free lunch. "Free" anything usually wants something back in return and WiFi is no different. However, there is the risk of extra danger - not all hotspots are created equally.
Some of the dangers are not immediately obvious. Here we show 7 ways you can minimize the risks when using these free WiFi hotspots.
Fansmitter can steal data through fans
Uses the smartphones microphone
An ingenious hack has surfaced in a paper which shows a way to steal data from a PC/laptop using listening software on a smartphone, and malware controlling the cooling fans on the target system.
This convoluted setup wouldn't be of much interest if it wasn't for one particular trick it can pull off which almost none of the other malware attacks can - it targets air-gapped systems. Air-gapped is the term given to PC/laptops which are not connected to a network at all. Without a network connection, users assume remote hacks can't happen for obvious reasons.
Air-gapped systems are usually set up that way for good reason - they might hold classified military information, process sensitive financial transactions or operate industrial/medical critical infrastructure systems.
