10Fold – Security Never Sleeps – 49

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerApple is opposing a judge’s order to help the FBI break into the iPhone of one of the San Bernardino, California, shooters, calling the directive “an overreach by the U.S. Government.” A function performing domain-name lookups called getaddrinfo(), contains a buffer overflow bug that allows attackers to remotely execute malicious code. A Hollywood hospital has been struck by ransomware- a malicious software program that locks down the computer networks and holds them for ransom. A new malware called “Mazar” has been identified that can affect Android devices- the malware is said to be so powerful that it can gain access to personal information of the user.

Apple opposes judge’s order to hack San Bernardino shooter’s iPhone Publication: CNN Reporter name: Evan Perez and Tim Hume

Apple is opposing a judge’s order to help the FBI break into the iPhone of one of the San Bernardino, California, shooters, calling the directive “an overreach by the U.S. Government.” A public letter signed by Apple CEO Tim Cook and published Tuesday, warns that complying with the order would entail building “a backdoor to the iPhone” which is something Apple considers too dangerous to create. CEO Tim Cook continues on to state that such a move would be an unprecedented step, threatening the security of Apple’s customers- and that no reasonable person would find that acceptable. He ends the letter by saying, “We believe it would be in the best interest of everyone to step back and consider the implications.”


Massive web vulnerability puts devices at risk Publication: ITProPortal Reporter name: Phoebe Jennelyn Magdirila

A catastrophic flaw in one of the Internet’s core building blocks may bring a huge amount of apps and hardware devices vulnerable to attacks, according to researchers. A function performing domain-name lookups called getaddrinfo(), contains a buffer overflow bug that allows attackers to remotely execute malicious code. It can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers when they’re exposed to man-in-the middle attacks where the adversary has the ability to monitor and manipulate data passing between a vulnerable device and the open Internet. To contradict the vulnerability, maintainers of glibc released an update that is recommended for anyone responsible for Linux-based software or hardware that performs domain name lookups. Red Hat Linux distribution had also independently discovered the bug and was working on a fix, according to Google researchers. 


Hackers Are Holding a Hollywood Hospital for Ransom Publication: Fortune Reporter name: Robert Hackett

A Hollywood hospital has been struck by ransomware- a malicious software program that locks down the computer networks and holds them for ransom. Hackers targeted the IT systems at Hollywood Presbyterian Medical Center. The systems have been offline for more than a week since the hospital president and CEO Allen Stefanek declared an “internal emergency” on February 5th. The hackers have demanded more than $3 million in Bitcoin in order to unlock the affected data. Hospital officials told NBC that they have looped in the FBI and Los Angeles Police Department and have hired computer forensics experts to investigate the attack. 


Android Malware Alert: Mazar Can Steal Personal Data, Delete Everything Present on Device Publication: IB Times Reporter name: Anvinraj Sivanandan

A new malware called “Mazar” has been identified that can affect Android devices. The malware is said to be so powerful that it can gain access to personal information of the user. It also has the ability to delete all the data present on the device. According to BBC, a Danish security company called Heimdal has found the new malicious malware that can access admin rights of the user and steal personal data. Mazar can spread to other devices through SMS. The malware can read, send and delete text messages and it can also make phone calls even to premium numbers. The malware has already infected nearly 10,000 Android devices in Denmark, however, it is not known how many devices have been infected outside of Denmark.