Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Phishing Apps Plague Google Play

May 12, 2016 by  
Filed under Computing

Comments Off on Phishing Apps Plague Google Play

Google’s attempts to safeguard the Android app store — Google Play — are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.

Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.

The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies’ websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don’t see their actual location.

In some cases attackers registered domain names that are similar to those of the impersonated online payment services, PhishLab Security Threat Analyst Joshua Shilko said in a blog post.

More recently, attackers used domain names similar to those of cryptocurrency companies, suggesting that the cryptocurrency industry is also targeted.

PhishLabs did not name the exact payment card companies and online payment services whose users were targeted by these fake apps. However, most of those companies provide links to their official mobile applications on their websites and users should always use those links instead of manually searching for them on the Play store.

“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” Shilko said.

The danger is that if phishers manage to routinely bypass Google’s review process and upload such apps to the Google Play store, their attacks might extend to other industries in the future.

Another problem is that even when these apps are detected by third-parties and reported, it can take several days for Google to remove them from the app store, leaving a sufficiently large window of opportunity for attackers. It’s not clear how attackers promote these fake apps or if they rely only on users finding them themselves, but in general phishing attacks are most effective during the first several hours after they’re launched.

Source- http://www.thegurureview.net/mobile-category/phishing-apps-continue-to-play-google-play.html

iOS Developers Warned About Taking Shortcuts

February 10, 2016 by  
Filed under Computing

Comments Off on iOS Developers Warned About Taking Shortcuts

Slapdash developers have been advised not to use the open source JSPatch method of updating their wares because it is as vulnerable as a soft boiled egg, for various reasons.

It’s FireEye that is giving JSPatch the stink eye and providing the warning that it has rendered over 1,000 applications open to copy and paste theft of photos and other information. And it doesn’t end there.

FireEye’s report said that Remote Hot Patching may sound like a good idea at the time, but it really isn’t. It is so widely used that is has opened up a 1,220-wide iOS application hole in Apple users’ security. A better option, according to the security firm, is to stick with the Apple method, which should provide adequate and timely protection.

“Within the realm of Apple-provided technologies, the way to remediate this situation is to rebuild the application with updated code to fix the bug and submit the newly built app to the App Store for approval,” said FireEye.

“While the review process for updated apps often takes less time than the initial submission review, the process can still be time-consuming and unpredictable, and can cause loss of business if app fixes are not delivered in a timely and controlled manner.

“However, if the original app is embedded with the JSPatch engine, its behaviour can be changed according to the JavaScript code loaded at runtime. This JavaScript file is remotely controlled by the app developer. It is delivered to the app through network communication.”

Let’s not all make this JSPatch’s problem, because presumably it’s developers who are lacking.

FireEye spoke up for the open source security gear while looking down its nose at hackers. “JSPatch is a boon to iOS developers. In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes,” the firm said.

“Specifically, if an attacker is able to tamper with the content of a JavaScript file that is eventually loaded by the app, a range of attacks can be successfully performed against an App Store application.

Courteys-TheInq

Can OSX Make Macs Vulnerable To Rootkits?

August 7, 2015 by  
Filed under Computing

Comments Off on Can OSX Make Macs Vulnerable To Rootkits?

The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.

Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.

The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.

Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.

The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.

This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.

“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.

The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.

An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.

Source

Acer Shifts Focus To IoT

June 18, 2015 by  
Filed under Computing

Comments Off on Acer Shifts Focus To IoT

Acer is still churning out PCs, but the Taiwanese vendor is far more bullish about the Internet of Things (IoT), a market the company doesn’t want to miss out on.

Acer held a news conference not for a new consumer product, but to promote an upcoming miniature PC that will be sold to developers.

The PC, called the aBeing One, will arrive in the third quarter, and is aimed at developers working in the IoT area. It’s designed to connect to smart home and wearable products, and act as a hub that can analyze incoming data from the devices.

The PC vendor has spoken to many IoT companies looking for an affordable hardware system they can develop on, said Robert Wang, a general manager with Acer.

“Fast-moving IoT developers keep running into this issue,” he said after Acer’s news conference. “Now they can buy from us.”

It’s a big change for the vendor, given that it once focused on selling consumer notebooks. However, with PC sales sagging and competition rife in the mobile devices area, the company has been shifting toward enterprise products.

That emphasis was apparent at this week’s Computex show in Taipei. Acer notebooks and tablets were still on display, but equal billing was given to itscloud computing business, which is starting to power IoT devices, not only from Acer, but also its clients.

In addition, Acer is hoping to pave the way for more third-party IoT devices. It has partnered with Canonical to install a version of Ubuntu on its aBeing product, so that the hardware can serve Ubuntu developers working on smart connected gadgets.

Source

Twitter To Track Mobile Users

December 11, 2014 by  
Filed under Around The Net

Comments Off on Twitter To Track Mobile Users

Twitter Inc has plans to start tracking what third-party apps are installed on users’ mobile devices so the social media company can deliver more tailored content, including ads, the company has revealed.

The feature, called “app graph,” will allow the company to see what other applications users may have installed on phones or other devices.

“To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in,” the company said on its site.

The posting also included instructions on how to turn the feature off. Twitter is not collecting data from within the applications, the posting noted.

Twitter, whose main service allows users to broadcast 140-character messages, has been searching for ways to re-invigorate user engagement and drive growth. As part of that effort, the company is considering creating additional mobile applications beyond its core messaging service.

Source

New Malware Targeting Apple Devices

November 19, 2014 by  
Filed under Computing

Comments Off on New Malware Targeting Apple Devices

Palo Alto Networks Inc  has uncovered a new group of malware that can infect Apple Inc’s  desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.

The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company’s Unit 42 division.

Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.

The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.

It’s unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books, Olson added.

But “they could just as easily take your Apple ID or do something else that’s bad news,” he said in an interview.

Apple, which Olson said was notified a couple weeks ago, did not respond to requests for comment.

Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.

Source

Mobile Security Threats Continue To Grow

October 15, 2011 by  
Filed under Smartphones

Comments Off on Mobile Security Threats Continue To Grow

According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That’s great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must prepare for the fact that the criminals will target these devices with attack exploits, spyware,
and rogue applications.

And while IBM’s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past year.

The group also sees a number of other troubling mobile security trends. First, when software flaws do surface, many mobile phone makers do not rapidly deploy software patches to devices; malicious apps are often distributed through third-party app markets. Another troubling trend is that some mobile malware can collect end user’s personal information for use in phishing attacks.

An example of vulnerabilities that would make such attacks possible are the two recent Android security flaws that were reported to affect popular handsets including the AT&T Samsung Galaxy SII and various HTC devices.

The security find announced by security researcher Trevor Eckhart, called HTClogger (logging tools introduced by handset maker HTC) that could leak email account information, user location, phone numbers, and messaging logs.

Handset maker HTC said, in a statement, that it is working to quickly issue an update to its customers. “HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly,” the company said.

Source….

Google Moves Quickly To Plug Data Leaks

May 24, 2011 by  
Filed under Smartphones

Comments Off on Google Moves Quickly To Plug Data Leaks

Google confirmed that it’s starting to roll out a server-side patch for a security vulnerability in most Android phones that could allow hackers to access important credentials at public Wi-Fi hotspots.

“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” said a Google spokesman in an emailed statement. “This fix requires no action from users and will roll out globally over the next few days.”

Google will apparently apply the fix to its servers since it does not need to push out an over-the-air update to Android phones.

Experts applauded Google’s fast reaction.

“It’s impressive how quickly Google fixed this,” said Kevin Mahaffey, chief technology officer and a co-founder of San Francisco-based mobile security firm Lookout. “Google’s security team, especially on Android, is very, very quick to deal with issues.”

Whatever Google is implementing will shut the security hole that three German researchers publicized last week.

According to the University of Ulm researchers, who tested another researcher’s contention last February that Android phones sent authentication data in the clear, hackers could easily spoof a Wi-Fi hotspot — in a public setting such as an airport or coffee shop — then snatch information that users’ phones transmitted during synchronization.

In Android 2.3.3 and earlier, the phone’s Calendar and Contacts apps transmit information via unencrypted HTTP, then retrieve an authentication token from Google. Hackers could eavesdrop on the HTTP traffic at a public hotspot, lift authentication tokens and use them for up to two weeks to access users’ Web-based calendars, their contacts and also the Picasa photo storage and sharing service.

Read More…