There's a worrying trend amongst businesses who haven't yet been through some kind of IT related security issue. It's human nature to think bad things only happ...
Fansmitter can steal data through fans
- Carl Whalley 0 Comments
Uses the smartphones microphone
An ingenious hack has surfaced in a paper which shows a way to steal data from a PC/laptop using listening software on a smartphone, and malware controlling the cooling fans on the target system.
This convoluted setup wouldn't be of much interest if it wasn't for one particular trick it can pull off which almost none of the other malware attacks can - it targets air-gapped systems. Air-gapped is the term given to PC/laptops which are not connected to a network at all. Without a network connection, users assume remote hacks can't happen for obvious reasons.
Air-gapped systems are usually set up that way for good reason - they might hold classified military information, process sensitive financial transactions or operate industrial/medical critical infrastructure systems.
WhatsApp Gold: Do NOT install this
- Aldo Cutrer 0 Comments
It's a scam!
Popular cross-platform messaging app WhatsApp has been embroiled in a novel attack which cybercriminals are using to steal users data. A version is in the wild which claims to offer exclusive features, such as the ability to send hundreds of messages at once and is supposed to be "used by celebrities". It apparently offers other features that are not present on the standard version and is going by the name "WhatsApp Gold".
If you receive a message offering to install this app - don't! Experts are warning users to spread the message that this app is NOT from the legitimate WhatsApp developers and will infect their handsets.
The scam has actually been around a while, and smartphone virus watchers have alerted users that an earlier version called "WhatsApp Plus" tried the same thing. This time, however, the message seems to be getting pushed far wider, hence the need to inform users as soon as possible to be on their guard.
Godless: The Android malware that silently roots your device
- Carl Whalley 0 Comments
Hits Lollipop or earlier
Android users are on alert for a dangerous new family of malware which has been given the name "Godless", after being detected as ANDROIDOS_GODLESS.HRX.
Experts warn this is particularly worrying since it has the ability to root, and therefore gain complete control, over affected devices. Godless doesn't even use a single attack vector, instead making use of multiple explots and aiming at Lollipop or older - that equates to 90% of todays Android handsets.
Infected devices are turned into slave bots awaiting instructions from the attackers command-and-control system. Since these devices could be rooted, this means backdoors, keyloggers and any number of unwanted apps can be remotely installed.
On April 12th, 2016 the internet changed forever
- Carl Whalley 0 Comments
Let's Encrypt free SSL certificates now available for all websites
As the whole internet moves gradually towards total end-to-end encryption, Let's Encypt gave this process a massive boost on April 12th 2016 when they announced their free SSL certificate program left beta.
This is crucially important for various reasons. So many current and future attacks are immediately rendered null and void the instant SSL is enabled that it's worth doing as a matter of urgency.
Furthermore, Google recognize this so announced some time ago that if a site is SSL secured, it will feature higher in its search engine rankings. When determining how high a site gets, it uses various "signals", and with encryption joining mobile-friendliness it's something every site owner needs to be aware of.
Galaxy S5 battery explodes on video!
- William Damage 0 Comments
Hammer smash test
We've all heard the stories of cellphone batteries exploding, but not many have been caught on video in the wild.
Youtube user TechRax was conducting a torture test on a Samsung Galaxy S5 with a knife and a hammer when the battery literally exploded, spewing heat and chemicals all around.
His startled reaction is priceless, and most would say he got what he deserved, but now at least we can see exploding cellphone batteries are a real thing.
An extreme way to blast away viruses too!
Chinese hackers bribe mobile gaming company to plant viruses
- William Damage 0 Comments
Malware whitelisted
A sophisticated scam involving bribes, a legitimate anti-virus company, mobile apps and stenography has been uncovered in China.
This was not your usual malware attack.
In a multi-pronged operation, the first part was for the attackers to get Qihoo 360, the largest anti-virus company in China, to whitelist several malicious apps. They did this using social engineering techniques, which leveraged past business relationships in order to get them to abuse their trust.
The apps had to be on this whitelist because they had a very specific purpose in mind...
New iOS 9.3.1 Lockscreen Bypass - no passcode required!
- Carl Whalley 0 Comments
Hack uses Siri, Twitter and email search
Youtube user EverythingApplePro has demonstrated another iOS hack which works with the current live version (as at the time of writing) of iOS 9.
With a locked iPhone 6S Plus, he issues a simple Siri query which lets a user access a users photos and contacts. Securing this has proved a headache for Apple for years, and this latest hack just goes to show how difficult a task this is proving to be.
He stesses the trick is to get Siri to answer with an email, which then following through by tapping on it opens up the contacts app. Once in, the hacker can create new contacts and access the devices photos.
Samsung S7 goes in a washing machine for 50 minutes!
- William Damage 0 Comments
Don't try this at home
Here's an epic Samsung vs LG battle - but is it fair? Max Lee decided to test the waterproofing claim Samsung are making of the S7 and took a video for good measure.
Now whilst there are endless jokes about keeping your phone clean we could make, or not leaving it in your jeans, in the end this was actually a deliberate waterproofing test. Just to really give things a twist, the handset is powered up throughout its entire ordeal.
Well, it makes a change from the usual "dropping onto concrete" antics. Wonder what this would have done to the warranty...
Android Truecaller exposes 100 million users data
- Carl Whalley 0 Comments
Millions of devices hit
Truecaller has been around a while now, and unfortunately is no stranger to being on the receiving end of the bad guys attention.
This is largely due to its age and user base - over 100 million - and its profile, at one point even falling victim to the "Syrian electronics army".
Recently Cheetah Mobile Security Research Lab has discovered a remotely exploitable flaw in the system which allows the attackers to steal their victims sensitive information, as well as modify their application settings such as deleting a users blacklist, etc.
Apples iMessage security busted
- Carl Whalley 0 Comments
Keys cracked
Using brute force with a little extra know-how, a team from Johns Hopkins University led by professor Matthew Green has cracked an iOS flaw and retrieved the encryption key used.
iOS 9.3 beta is not affected, which is great news for users as the stable version is due for release any time now. Green quietly tipped off Apple in good time for this release, and although the current version is vulnerable, it's only with the use of a "nation-grade" level of cryptographers and equipment.
Green said "Even Apple, with all their skills - and they have terrific cryptographers - wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding backdoors to encryption when we can’t even get basic encryption right."
