alt=
203x44-linked-in
News  General
DualToy

Sneaky

Over 8,000 different samples of a trojan being dubbed "DualToy" have been discovered in the wild after being initially identified in Jan 2015.

The unusual aspect to this malware is the mechanism it uses to hit it targets, which can be iOS or Android based.

The way it works is to first infect the Windows PC these devices are connected to via USB, then use the file transfer capabilities to deliver malware to the target, and it is capable of doing this to both Apple and Android devices. However, the good news is it is useless against those who keep everything up to date since it relies on weaknesses which were spotted and fixed several years ago. 

News  Android
Note 7 battery explodes on camera!

Samsung issues recall due to battery problems

Samsung's worst marketing nightmare came true this week when it had to issue a recall for its flagship Galaxy Note 7 smartphone.

Reports from the US and South Korea were coming in of the phone catching fire, or even exploding, during or soon after charging. They admitted the issues were fixed by replacing the battery but wanted to take no chances with customer safety issues.

The Note 7 was launched with great fanfare in 10 countries, but it was difficult to work out exactly which phones were affected because different companies supplied the batteries. Samsung said it would take two weeks to get new versions to customers, but urged them to return their current handsets as soon as possible.

News  Apple
iPhone Pegasus

Clicking just one link is all it takes

Apple has released a patch to bring iPhone and iPad users up to iOS 9.3.5 specifically to kill malware known as "Pegasus".

The worrying issue regarding this malware isn't just the fact Apple devices were supposed to be immune to this sort of attack. It's the fact the user can't even easily detect if they are infected or not. Even worse, it's extremely low-level hiding capabilities meant no amount of encryption can protect them.

The spyware hides at system level and can access data before it is passed to other apps such as WhatsApp, which encrypts the data after Pegasus has seen it in the clear. 

The software was allegedly created by Israeli firm NSO to target a Middle Eastern human rights activist. It's developers also discovered three new security flaws unknown to Apple.

News  Apple
iPhone Stagefright

Uses the same attack vector as the Android version

The dreaded Stagefright vulnerability has now appeared in OSX and iOS, one year after it was first discovered on Android. Google has released dozens of patches throughout that time aimed at fixing it, the most recent being just this week.

The idea behind Stagefright, and the reason it is so hard to close down every variant, is that the target is the core multimedia handler present in the heart of the OS, which has by necessity special privileges in order to do its job of playing audio, video and showing images, etc.

Since the multimedia handler has to accept the media as data, the attacks arrive in the form of data which appears to be correctly formed, so that it gets to the handler in the first place, but in fact is specially crafted to carry just the right payload needed to trigger the attack.