There's a worrying trend amongst businesses who haven't yet been through some kind of IT related security issue. It's human nature to think bad things only happ...
AceDeceiver infects Apples App Store
- William Damage 0 Comments
This one infects non-jailbroken iOS devices
For 7 months from July 2015, three apps were lurking in Apples App store which were infected with the AceDeceiver malware. They posed as innocent-looking wallpaper apps which provided the attacker with a fake authorization code to use in their exploits.
A Windows app called "Aisi Helper" claimed to help users with various routine functions such as optimization and backups, in fact was a trojan which went on to infect connected iOS devices. The malware was able to harvest the users Apple IDs and passwords, forwarding them onto their servers.
Once the attackers obtained the fake ID credentials, even though Apple became aware of the problem and removed the original infected Apps fro their App Store, it was too late because the credentials were being used to install fake apps on iOS devices. This usually needed them to be jailbroken, but as far as the device was concerned the credentials were valid, so non-jailbroken devices are vulnerable.
Stagefright is worse than you thought
- Carl Whalley 0 Comments
Back from the dead with a vengance
This sounds just like a cheesy 80's horror flick where the villain "dies" at the end only to return even stronger in yet another sequel. It seems Stagefright, or more accurately the family of malware which exploits a vulnerability in Androids low-level media playback system of the same name, just won't lie down no matter how much you throw at it.
We wrote about this last year when we showed a video of it in action, and also, embarrasingly for Google, again when they screwed up a fix for it. Perhaps their difficulties back then are reflected in this new outbreak.
This variant of the Stagefright attack vector is called "Metaphor" and it is claimed vulnerable devices can be infected when they merely vist a specially crafted web page. As before, it's delivered in the form of a video file which the user doesn't even have to press play to activate since it will begin playing all by itself. Ouch.
Mazar SMS virus hits Android
- Carl Whalley 0 Comments
Spread by simple link in SMS
Android users are being warned of a new virus, spread by SMS, termed "Mazar".
The message is "You have received a multimedia message from +[country code] [sender number] Follow the link *link here* to view the message.", but the link takes the user to malware which immediately infects the device when clicked.
First spotted in Denmark, there are already 100,000 reported infections. Russian language handsets are deliberately unaffected, which suggests the virus originates in that country. There is no word on how far the virus has spread across the world as of yet.
Hollywood hospital hacked: $17,000 paid in ransomware
- William Damage 0 Comments
Malware locked staff out
A nightmare scenario which sounds like it came straight out of the pages of some new Hollywood blockbuster just happened for real, in Hollywood. On Feb 5th a hacker locked staff out of a hospital computer and demanded a ransom before letting them back in.
The hospital was the Hollywood Presbyterian Medical Center, and the staff were locked out via the use of malware which encrypted the data on the infected computers. Only the hacker could release the data by giving the hospital the unique key used to scramble it.
Chief Executive Allen Stefanek said the quickest and most efficient way to restore normal operations was to pay the ransom. The hacker was undoubtedly relying on the fact this was a hospital, and would have to do whatever it took to get back up and running as quickly as possible.
You're repairing it wrong
- William Damage 0 Comments
"Error 53" bricks iPhones not officially repaired
There's no warning and no fix for users who get the "Error 53" message. This is caused by Apples latest iOS update detecting the handset has been repaired by someone other than Apple.
Users who have had the home button repaired, which contains the fingerprint recognition system, by a "non-official" repair shop, or who have been unlucky enough to get it damaged but still be able to use the phone, are reporting this after the update.
Reports have surfaced of the phone working perfectly for weeks, even months before this update, so users are certain it was caused by a recent change by Apple.
Apple bought the company that disclosed Thunderstrike
- Carl Whalley 0 Comments
That's one way to do it
Years ago there was a famous shaver advert where the guy proudly declared he liked the product so much he bought the company. Often in sports you see something similar, but not quite with the same intent - a player on another team is so good he's bought and never fielded, in effect taking him out of the league all together.
When news of Thunderstrike 2 broke, Mac users went into a panic fearing the worm could silently modify their firmware, which meant even a full OS reinstall couldn't remove it. However, the developers behaved responsibly and it turns out that didn't go unnoticed by Apple. Just two months after this news, their security firm - LegbaCore - has been bought by them and the team is working on hardening Apple firmware against exactly this kind of attack.
Google patches Nexus devices
- Carl Whalley 0 Comments
More Mediaserver fixes
The troubled Mediaserver issues are rumbling on. Google just released a batch of patches which contain fixes to further vulnerabilities found, plus WiFi and kernel remote code execution problems. Builds LMY49G and later contain the patches and you can check if your device is affected here.
5 critical, 4 high and 1 moderate
Two of the critical fixes, CVE-2016-0801 and CVE-2016-0802 are to counter attacks against the Broadcom WiFi driver. This requires the attacker and victim to be on the same network, but is classed as critical because it doesn't need the users involvement at all.
Android two-factor authentication compromised
- Editor 0 Comments
Android.Bankosy
Malware known as "Android.Bankosy" has been identified by Symantec which attacks the SMS password two-factor authentication processes used by many online banking systems. Even the automated voice calls, which can be used as an alternative to the SMS method, can be intercepted by the attackers.
The malware has the ability to enable silent mode whilst locking the handset - this means the user is unaware they are being targeted.
Initially disclosed in 2014, variations of this malware have been detected which try to get the victim to enter their payment card details which are then forwarded on to the attackers,
The Bankosy trojan relies on a popup window which overlays a legitimate application, such as one for an online bank.
Siri PIN bypass discovered
- Editor 0 Comments
Video shows simple to bypass PIN lock
A trivial way to get into a PIN-protected iPhone, running iOS9, without knowing the PIN at all has emerged which is available to anyone with physical access to the handset. Apples iOS9 had only been out for a week before a video appeared showing how it's done, making use of Siri and the onboard clock.
The way it works is to enter an incorrect passcode a few times, then tap Siri right at the same time as the final attempt, which gives access to other applications such as the clock. However, the clock gives the user the ability to share via SMS, which in turn means access to the users contacts, view photos etc.
Apple: Now malware is in the App Store
- Editor 0 Comments
Hits hundreds of apps in Chinese App Store
Apples famous walled garden came tumbling down in China as news emerged of hundreds of apps it serves to trusting users being riddled with malware. This is particularly embarrassing for Apple, who take the opposite approach to Google when it comes to its App store by claiming every app allowed in is scrutinized by humans and various other procedures to ensure this never happens.
iPhones and iPads are equally affected in what Reuters are claiming is "Apples iOS App Stores first major attack".
Apple claim to have removed all apps known to be affected from the Chinese app store. They have not given advice to users regarding how they could determine if any of the apps they have installed are affected.