10Fold – Security Never Sleeps – 11

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: VTech educational toys have been hacked and 5m children had their information and potentially pictures stolen. Researchers have discovered an ongoing phishing campaign that is using Dropbox as a delivery platform. A new strain of malware is affecting both iPhone and Andriod devices, this particular strain hijacks credit card information and intercepts SMS messages in effort to reset online passwords. Blackberry announced today that it will be pulling out of the Pakistan market after not agreeing to allow the Pakistan government a backdoor access to their enterprise messaging products.

VTech Hack Puts Spotlight On Vulnerabilities Of Connected Toys – Publication: Financial Times – Reporter name: Hannah Kuchler

VTech, which specializes in educational toys, has confirmed that the data of 5m parents and their children were stolen. But the company would not say whether the hacker had obtained the photos, audio files and chat messages, as it continues to investigate. The hacker has not been identified but Motherboard, the technology news site which originally reported the attack, published redacted images and other files that it said the attacker had passed to it. The site added that the hacker said he had downloaded 190GB worth of photos.


Phishing Blast Uses Dropbox To Target Hong Kong Journalists – Publication: CSO – Reporter name: Steve Ragan

Researchers at FireEye have disclosed an ongoing Phishing campaign that’s using Dropbox as a delivery platform. The campaign is ran by a group that researchers have named “admin@338” and it’s targeting media organizations in Hong Kong that publish pro-democracy materials. The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall – which abuses Dropbox storage services as a command and control (C2) hub.


Singapore Consumers Warned Of Malware Targeting Mobile Banking Services – Publication: ZDNet – Reporter name: Eileen Yu

Once downloaded onto the mobile device, the malware hijacks credit card information and intercepts SMS one-time passwords to make fraudulent online purchases, warns Association of Banks in Singapore. The malware affects both Apple iPhones and Android smartphones, particularly those that have been rooted or jailbroken, the Association of Banks in Singapore said (ABS) in a statement Tuesday. The industry group has 158 members comprising both local and foreign banks.


BlackBerry Says No To Pakistani Backdoor Gambit – Publication: Ars Technica – Reporter name: Sean Gallagher

In response to a demand for backdoor access to its enterprise messaging products, BlackBerry is completely pulling out of the Pakistan market. The announcement comes as a ban on providing BlackBerry Enterprise Services over mobile networks in Pakistan was due to take effect today.