Tag Archives: Android

Security Never Sleeps- Microsoft Bugs, Android Patches

New Microsoft Kernel Bug Could Permit Malicious Modules

“Could bypass antivirus systems”

Security researchers have found a Microsoft kernel bug that may allow attackers to bypass antivirus systems and load in its own malware that infects users devices. The kernel flaw has been discovered in the PsSetLoadImageNotifyRoutine in all operating systems ranging from Windows 2000 to the most recent version of Windows 10.

AXA Insurance data breach hits 5,400 customers in Singapore

“Sensitive information likely obtained”

AXA Insurance has now revealed it has suffered a cybersecurity incident that compromised personal data of about 5,400 customers in Singapore. The breach affected users of the firms health portal including past customers according to data protection officer Eric Lelyon in a Thursday e-mail to customers. No other alerts or notices were posted on its website. The breach , according to Leylon, “exposed” the customer’s e-mail address, date of birth, and mobile number, which was used to transmit one-time passwords when users transacted on the portal.

Experts Find 2007 Variant of Malware Linked to French Intelligence

“Babar origins may have been found”

Palo Alto Networks researchers have discovered a 2007 variant of Babar, a malware program believed to have been developed by a covert French intelligence agency. The activities of the cyber espionage group known as the Animal Farm came to light in March 2014, when a French publication released a series of slides from united States NSA whistleblower Edward Snowden. The slides belonged to Canada’s Communications Security Establishment and they detailed an espionage campaign dubbed “Operation Snowglobe.”

Google Patches 81 Android Vulnerabilities With September 2017 Updates

“13 rated critical”

81 security vulnerabilities have been addressed in the September set of security patches for the Android platform. 13 had a severity rating of critical. The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Chicago Voters, Maersk Attack

Personal data of 1.8 million Chicago voters accidentally exposed by vendor

“Roughly 1.8 million affected”

Almost 2 million Chicago voters had their phone numbers, addresses, and partial social security numbers have been left exposed on a cloud-storage website. The site was maintained by the Omaha election-services company, and the sensitive information was left vulnerable until a cybersecurity researcher discovered it earlier this week.

Ukraine central bank warns of new cyber-attack risk

“Bank warns lenders of new malware”

Today the Ukrainian central bank has issued warnings to both private and state-owned lenders of the apparent spark of a new malware program making its way through the internet. Ukrainian security forces say this program resembles the NotPetya attacks, which ended up knocking out many global systems on June 27th as it spread rapidly through corporate networks of multinational firms and suppliers in Eastern Europe.

New Android malware that spreads via text can steal victims’ credit card details from other apps

“Even apps you trust might be unsafe”

Most of us have the good sense to not enter credit card details or other financial information into sketchy looking apps or websites out of fear of theft, but hardly anyone would do a doubletake on apps like Amazon. Alas, even our favorite applications may not be a sanctuary for our sensitive information, detailed by security firm Kaspersky Labs recent blog post. The blog claims that a new malware is able to quietly steal victims data when they are put into applications, as well as spy remotely on texts and phone calls

Cyberattack cost Maersk as much as $300 million and disrupted operations for 2 weeks

“Huge costs in goods transport”

A June attack that left shipping operations crippled worldwide, even briefly shutting down the Port of Los Angeles largest cargo terminal, has cost Danish shipping firm A.P. Moller Maersk between $200-$300 million as reported by the firm earlier this week. The unprecedented severity of the attack prompted workers to coordinate improvised communications via social media networks like Twitter, WhatsApp, and even post-it notes to get goods moving from ships to the shore again.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 192

GOOGLE FINDS AND BLOCKS SPYWARE LINKED TO CYBERARMS GROUP

“Android spyware blocked”

Google has discovered a new strain of Android malware, Lipizzan, that is able to surveil users text message, emails, calls, and much more. It has yet to appear on many devices, but experts say that it has all the telltale signs signs of a professional, targeted malware intending to attack users in wealthier nations.

Four-Star Kentucky Hotel: Data Breach Could Affect Guests

“Breach threatens customer information”

The Galt House hotel in Louisville, Kentucky has stated that an internal investigation revealed malware has been feeding off the payment processing systems. Any guests staying at the hotel between December 21, 2016 and April 11 are said to have possibly been affected.

Hackers are winning the war as companies worldwide fail on cyber security

“Too many firms are falling short in security”

A new report from Thycotic has shown that most companies worldwide are failing to accurately assess cyber security effectiveness. Survey criteria based on internationally accepted standards in ISO 27001 and best practices from industry experts provides a comprehensive way to define and measure IT security.

Gas Pump Skimmer Sends Card Data Via Text

“Can be detected with mobile devices”

Gas pump card skimming devices most often rely on Bluetooth connectivity to collect the stolen credit card data wirelessly. While often very effective, there is a very apparent downside. Bluetooth-based skimmers can be detected by any user with a bluetooth connected device, and investigators are starting to see these devices send stolen data via text message.

Cyber security not a priority for most sectors, study finds

“Little concern despite huge losses”

A recent study from Savoy Stewart has shown that although data breaches cost UK firms almost £30bn last year, cyber security is still not a big concern for industry sectors. Just 60% of directors or senior managers in finance and insurance consider it a high priority, with data taken from 1,500 firms.

Enjoy your read? Check out our other content here.

10Fold-Security Never Sleeps- 185

Dow Jones is the latest company to expose customer records on a cloud server

“2.2 million records left unsecured”

DowJones & Co. are the latest in a sequence of large firms to leave massive amounts of private customer data on unsecured cloud servers. Similar to the Verizon error recently, Dow Jones consumer data was found publicly in an Amazon Web Service S3 bucket discovered by Chris Guard of UpGuard Inc.

GhostCtrl malware silently haunts Android users, hijacking functionality

“Versatile remote access Trojan growing in infection”

Researchers have found GhostCtrl, a highly adaptable trojan malware that steals sensitive information and is capable of performing ransomware attacks. The backdoor is part of a massive campaign that involves RETADUP.A, according to Trend Micro.

A Single Extreme Cyberattack Could Cost the U.S. More than Hurricane Katrina

“U.S. Economy incredibly vulnerable”

An increase in global ransomware attacks has prompted Lloyds of London to publish a report on the state of danger that the U.S. faces in regards to cybersecurity. Published with Cyence, the report speculates that the U.S. stands to lose as much as $121.4 billion.

The best of Black Hat: The consequential, the controversial, the canceled

“Review of the acclaimed conference”

Black Hat has gained a reputation over two decades as a conference that demonstrates much of the cutting-edge research in information security and industry trends that began in Las Vegas and has extended to annual events globally. This year, the event also had its share of controversy stemming from last minute cancellations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 179

‘NotPetya’ Hackers Demand $256,000 In Bitcoin To Cure Ransomware Victims

“One of biggest attacks leaves many with a big bill”

Some of the largest industrial firms were infected by the ‘NotPetya’ ransomware and those responsible are demanding 100 Bitcoin, or about $256,000, to decrypt the victims files. A post on Pastebin by an anonymous user said: “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).”

Fake WannaCry Ransomware Uses NotPetya’s Distribution System

“Distributed through the same channel”

The NotPetya malware was not the only bug to make its way through the M.E.Doc last week. A WannaCry variant that ended up being a fake, FakeCry, was delivered with the same mechanism. Kaspersky found that FakeCry was delivered to the M.E.Doc users on June 27th, the same day as the NotPetya spread. The security firm says that it was run as ed.exe by the parent process ezvit.exe, which led Kaspersky to believe that it utilizes the same delivery system as NotPetya.

Android Ransomware Mimics WannaCry

“WannaCry interface similarities in SLocker”

Windows systems were hit by a ransomware that had an interface mimicking the WannaCry malware last month. TrendMicro security researchers found that one of the first Android ransomware families to encrypt files in exchange for payment, Slocker, has had a major upgrade. SLocker has been seen before, but was offline for a while after the creator had been arrested just days after its initial release.

CopyCat malware infected 14 million outdated Android devices

“Fradulent ad revenue collected”

A new Android malware strain dubbed, CopyCat, has injected itself into over 14 million outdated devices globally. The malware hijacks applications to display fradulent ads, according to CheckPoint researchers. On Thursday, the security firm claimed that most victims were in Asia, but over 280,000 U.S. devices were also affected. Google was tracking the malicious software for the better part of two years, but third party app downloads, phishing attacks, and other avenues make the infection difficult to contain.

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 162

BitKangoroo Ransomware Deletes User Files

“Currently poses limited threat” 

BitKangaroo, a new ransomware program making rounds on the web, deletes files if cash payments are not made within a certain time period. While the prospect of the new software is dangerous, its creator does not seem to be particularly skilled. It is currently capable of affecting only files saved in the Desktop folder, but given time may be able to be developed into a much more competent threat.

The Long Tail of the Intel AMT Flaw

“Exploitable firms may need time to apply patches”

Many Intel chips containing the recently disclosed critical privilege escalation security vulnerability in AMT firmware may leave many enterprises using the product exposed to remote attacks. Analysts recommend thise with the product in use take time to apply firmware patches, as the vulnerabilities can leave users devestated for a reasonably long time.

SLocker Ransomware Variants Surge

“Over 600 unique versions now circulating”

Android malware plague SLocker has increased in number by over six times over the last six months, with over 600 variants in use by cybercriminals on the web.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 147

“Huge security hole in many products”
The second largest world producer of IoT devices, Dahua, has released a software update that has gaping security deficiencies in several of popular products including DVR’s and cameras. These internet connected gadgets are vulnerable to login bypasses and remote access to various systems. Additionally, code is available online that would allow exploitation of massive numbers of these types of ‘smart’ devices online by one user, creating DDoS attack concerns among security researchers.
“General technology concerns ease”
The stockpiling of zero-day vulnerabilities by various intelligence agencies to use in offensive capabilities for cyber battle is not quite as dangerous as once predicted, says a new RAND study. Tactical benefits accrued from the collection of the data result in greater outcomes from public disclosure.
 
“Malicious software not part of official ROM”
Check Point Software Technologies posted a blog last Friday detailing the installation of malware of several android devices sold to two firms. The malware was added somewhere along the supply chain, but was not included by the official ROM made by the manufacturer. Many of the phones affected with a ROM using system privileges, meaning that a complete re-installation of all software programs to remedy the problem.
Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 128

Here’s The Evidence Russia Hacked The Democratic National Committee

“More evidence found by Crowdstrike”

New Russian ties to the Democratic National Committee hacks have been observed by security researchers at Crowdstrike. One of the alleged telling signs is the maintenance of a hidden communication channel that allows for the continued theft of data after the initial breach, in the case of the case of the DNC done by Fancy Bear, a software consistent with Russian operatives.

Google’s new “Android Things” OS hopes to solve awful IoT security

“Hopes to encompass several Android vulnerabilities”

Developers can now build a smart devices using Android APIs and Google Services, applying IoT elements to the typical Android development toolkit. Developers can also now utilize the Google Weave protocol to communicate between devices like Google Cloud Vision.

Typo led to Podesta email hack: report

“March email allegedly led to mass breach”

John Podesta, Hillary Clinton’s campaign manager, had reportedly responded to a fake password reset email from Google that his IT staff had reported was authentic. The following data thefts resulted in a large scale smear upon the candidates campaign and Podesta’s reputation throughout the 2016 election cycle.

New Critical Fixes for Flash, MS Windows

“Patches to plug critical issues”

The new Adobe Flash Player patch fixes 17 serious security concerns currently being utilized by cyber criminals. Microsoft update hits on at least 42 issues reported over the last period, associated with Windows and other software’s.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 124

Personal email is becoming less personal as hackers, government eye access

“Stakes are higher than ever for data security”

Privacy expert Claire Gartland has been warning of increased risks towards user data of electronic messaging services, most recently with her appearance on CNBC’s ‘On The Money.’ Under the context of the recent United States Presidential Election season, Gartland emphasized the exponential increase in the hacking of public figure hacks and leaks of sensitive information.

Millions exposed to malvertising that hid attack code in banner pixels

“Millions exposed to potential danger”

Malicious ads attacking embed codes in banner pixels have left many mainstream website users at risk of fraud and security concerns. The script remains concealed in the alpha channel that defines the transparency of the pixels. This makes it very difficult for even experienced ad networks to detect. After the malware assesses that adequate security measures are not in use that can detect its presence, the script can redirect the browser to sites that host exploitation in the users security.

Security News This Week: A Botnet Takes Down Nearly a Million German Routers

“New variant detected”

The same botnet malware that temporarily took down several popular websites just a few weeks ago, dubbed Mirai, has returned this week with devastating results. Over 900,000 routers from customers of German ISP Deutsche Telekom were affected and cut off from access to the web. This fuels growing concerns over a new reality of cyber-attacks that may not be preventable.

Latest Android security update fixes Dirty COW, GPS vulnerabilities

“Provides attack mitigation”

Per the monthly updates Android releases, serious security concerns have been addressed for customers. The most recent of these is a privilege escalation vulnerabilities that has been exploitable for over nine years (The Dirty COW, or copy-on-write), since the creation of Linux.

10Fold- Security Never Sleeps- 121

Software in Android Phones Can Send Data to China, Experts Warn

“Secret backdoor allows for information comprise”

Security firm Kryptowire has discovered a secret vulnerability in Android phone software that sends personal data to cybercriminals in China. Information that is sent to the unauthorized third-party is capable of collecting texts and even geographical location.

Flaws Found in Lynxspring SCADA Product

“Defects detected in operating software”

Researcher Maxim Rupp has uncovered glaring vulnerabilities in the automation and management solution providers JENEsys operating system. The BAS Bridge was found to be the most problematic, which connects integration efforts between Modbus TCP/RTU and BACnet IP. Ethernet devices.

New Android Spyware for Governments Found on the Internet

“Originated in Italy, has spread far further”

Malware hunters have observed a new high risk malware that was originally marketed to governments and police forces on the loose on the internet. Researchers released a report Monday that discusses the malicious software’s capabilities, which include recording of video and audio, toggle GPS functions, and steal data from nearly any desired area of the device.

PlayStation Hack Denied Following Complaints From Gamers

“Many players locked out of their accounts”

Over the last two days over one hundred PlayStation Network users have been locked out of their accounts and contacted the Sony Twitter account with complaints. Sony has released a statement to the BBC that PSN has not been compromised had not been hacked amid concerns that the accounts affected had been hijacked, saying; “We routinely monitor for irregular activity, and if such activity is detected, we may sometimes reset passwords of affected accounts to protect users and their account information.”