TweakTown NewsRefine News by Category:
The Apple iOS mobile operating system has a major security flaw that leaves a large portion of iPhones and iPads vulnerable to security breaches by cybercriminals looking to hijack devices and steal sensitive information.
The "Masque Attack" exploits the Apple enterprise/ad-hoc provisioning system, and is a powerful vulnerability that cybercriminals can easily exploit. Apple is working to fix the bug after being informed by cybersecurity experts in July, FireEye said.
Here is what the FireEye blog notes: "Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet. That means the attacker can steal user's banking credentials by replacing an authentic banking app with malware that has identical UI."
Companies from small and medium businesses to enterprise organizations are aware how damaging a data breach could be, but still aren't doing enough to prevent them. Analyzing everything from how files are saved and stored, evaluating third-party providers, and real-time security monitoring are all important steps to keeping data more secure, whether on-prem or in the cloud.
To make matters worse, targeted attacks are expected to rise in 2015 - as organized groups test network security procedures, and then compromise vulnerable companies as they see fit.
"Hackers have so many things working their favor, from anonymous currencies and "Dark Web" sites which allow them an easy way to turn stolen information into real cash, to the nightmare it is to not only find them, but to have any real success in prosecution and recovery due (to) the global nature of the problem and the tangled mess of foreign jurisdictions," said Joe Caruso, Global Digital Forensics (GDF) CEO and CTO.
Millions of consumers in the United States have been affected by retailer data breaches, as cybercriminals compromise in-store point of sale (POS) terminals. It seems consumers are so used to hearing about data breaches that some of them simply ignore the news, and don't want to change their behaviors to help keep their personal information secure.
In addition to using a credit card when possible, frequently checking online banking accounts help find any discrepancies - with some financial industry experts recommending the use of a monitoring tool.
"Remaining alert to the risk of fraud and choosing a secure payment method reduce potential consequences of security breaches," said Nick Bryan, President of OpenSky. "Credit cards continue to remain one of the most secure ways to shop because of the power of financial institutions behind them to protect funds and personal information."
The recent report from Palo Alto Networks that disclosed the WireLurker malware targeting Apple iOS and Mac OS X was a sudden wakeup call to users. Even though it was isolated to China, and Apple has blocked the malware, cyberattackers are finding new ways to compromise iPhones and Mac OS systems. The company has done a great job to keep its software ecosystem secure, especially if devices aren't jailbroken, but cybercriminals are becoming more sophisticated in their research strategies.
Here is what Ryan Olson, Palo Alto Networks intelligence director, recently told eWeek: "We will continue to see new malware for both Mac OS X and iOS, and they will incrementally get better and better. I would be most worried about high-value targets," with a focus on government officials and political rivals.
Cyberattacks targeting Google Android and Microsoft Windows will remain more prevalent, but Apple users - many of them used to being relatively secure - could also be caught off guard when major security issues are released in the wild.
Former NSA contractor Edward Snowden has been vocal regarding the current state of surveillance, with governments increasingly using technology to snoop on users. Snowden said FBI director James Comey's statement regarding using front-door, legal intelligence gathering as nothing more than "rhetoric, noting "there is no real difference."
"One of the most significant things that was not well understood about the events of last year was that it's not entirely about surveillance," Snowden said. "We have seen a trend towards governments that are affording themselves, in secret, greater powers and more and more authority without the consent or awareness of the public."
The FBI, NSA and GCHQ believe they need to be proactive - using questionable tactics against a wide net of Internet users - and that will continue to upset many privacy experts and regular Internet users.
Just a couple days after Palo Alto Networks spilled the beans on the WireLurker malware targeting Apple iOS and Mac OS devices, Apple has blocked infected apps so they will be unable to run on devices. The company didn't provide specifics into how the malware is being blocked, but did recommend users run anti-malware security software - and only download apps from the official Apple App Store.
The company confirmed it is "aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching."
WireLurker is the first known malware that spread to a large number of users that didn't jailbreak their devices - and shows cybercriminals are just as anxious to compromise Apple products as Google Android and Microsoft Windows.
The FBI has shut down Silk Road 2.0, operated by 26-year-old programmer Blake Benthall from San Francisco, running the site under the name "Defcon." The website was operated via Tor and sold $8 million worth of marijuana and narcotics per month, supplying 150,000 active users, according to reports.
"As alleged, Blake Benthall attempted to resurrect Silk Road, a secret website that law enforcement seized last year, by running Silk Road 2.0, a nearly identical criminal enterprise," said Preet Bharara, Manhattan U.S. Attorney. "Let's be clear - this Silk Road, in whatever form, is the road to prison. Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don't get tired."
Trying to launch Silk Road 2.0, regardless of initial success, was likely going to end up in the crosshairs of federal authorities. If someone wants to try to launch a successor, they will need to find new techniques to stay anonymous - at the cost of running a smaller, more secretive operation - that would likely eat into profits.
Several companies have approached AVG Technologies to discuss a potential buyout, according to anonymous sources. At least one technology company is in the mix, but it appears private-equity firms are at the front of the pack, but names of interested suitors were not made available. If a deal is finalized, it could happen within the next few months, but it's also possible AVG Technologies will sit out and wait for a better deal.
AVG reportedly has at least 187 million active users, including PC users, along with Apple iOS, Google Android, and Microsoft Windows Phone mobile users.
The need for enhanced cybersecurity software has given the sector a major boost - and with companies and consumers becoming more aware of cyberattacks - there is money to be made for companies looking to sell.
The Pirate Bay co-founder Peter Sunde is serving an eight-month prison sentence in Sweden after being captured earlier this year. It's no surprise to hear each person involved in the creation - and early operation of the popular website - have faced copyright offenses and assorted legal troubles over the years.
Sunde is vegan, so trying to eat food in prison has been a constant struggle, including suffering from iron and vitamin deficiencies. "I'm down 16kg so far... but it's slowed down," Sunde recently said. "There isn't much left. I don't know how I'll feel in three years, looking back at all this."
Sunde will likely be released later this month from prison, but he's unsure what lies ahead - The Pirate Bay continues to be a major hub for Internet users - though he will likely have to find a legitimate profession to avoid further legal trouble.
The WireLurker malware targets Apple iOS devices and Mac OS, and has been out in the wild for the past six months, according to Palo Alto Networks. The malware spreads by installing malicious third-party applications to iOS devices that are connected to a Mac OS-powered machine by USB connection. The malware is isolated in China at the moment, originating from the Maiyadi App Store - many of the apps aren't Apple approved.
The malware was found in 467 apps through the Maiyadi App Store - almost all of the Mac OS apps - with more than 356,000 downloads.
"You are unlikely to be hit with this malware unless you are using a third-party OS X app store and changed default OS X Security & Privacy settings to 'allow apps downloaded from: Anywhere," said Marc Maiffret, security firm BeyondTrust's CTO.