U.S. House passes CISPA

By on April 26, 2012 at 7:00 PM.

U.S. House passes CISPA

The United States House of Representatives has voted to pass the controversial Cyber Intelligence Sharing and Protection Act (CISPA), talk of which has swept the Internet over the past few weeks. The House vote was moved up to Thursday night, and CISPA passed as 248 members of Congress voted for the bill and 168 voted against. The bill is sponsored by Representatives Mike Rogers (R-Michigan) and Dutch Ruppersberger (D-Maryland), and it now faces further modifications in the Senate if it is to avoid being vetoed by the White House. President Barack Obama has indicated that he intends to veto the bill if it makes it to his desk, noting that as it is written now, the legislation would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.” The American Civil Liberties Union issued a statement following the vote. “Cybersecurity does not have to mean abdication of Americans’ online privacy,” said ACLU legislative counsel Michelle Richardson. “As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.” More →

No Comments

Apple is 10 years behind Microsoft on security, expert says

By on April 26, 2012 at 5:35 PM.

Apple is 10 years behind Microsoft on security, expert says

Apple may be the most valuable company in the world, but when it comes to security, the Cupertino-based company doesn’t hold a candle to Microsoft. Kaspersky Lab co-founder and chief executive Eugene Kaspersky on Wednesday told CBR that Apple is a decade behind Microsoft in terms of computer security. “I think they are ten years behind Microsoft in terms of security,” Kaspersky said. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.” More than 600,000 Macs were infected by the Flashback trojan virus before it was discovered earlier this month and the exploit it used to infect OS X PCs was patched. “Apple will understand very soon that they have the same problems Microsoft had ten or 12 years ago,” Kaspersky said. “They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

More →

No Comments

Though risks are minimal, one in five Mac computers found to contain Windows malware

By on April 24, 2012 at 11:00 PM.

Though risks are minimal, one in five Mac computers found to contain Windows malware

Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below. More →

No Comments

Malware found to steal credit card data from hotel payment systems

By on April 20, 2012 at 8:20 PM.

Malware found to steal credit card data from hotel payment systems

Security firm Trusteer warned this week of a trojan that is capable of stealing an individual’s credit card information from hotels. The firm’s intelligence team discovered the remote access trojan being sold on underground forums for $280. The malware is designed to capture screenshots from point-of-sale applications that access credit card numbers and expiration dates. These systems are located on front-desk computers at hotels, and they are often unmanaged and do not contain anti-virus protections software that would stop a trojan of this type. The malware’s creators also include instructions on how to use VoIP-based social engineering to trick front-desk clerks into installing the trojan. More →

No Comments

Second Mac trojan discovered, also exploits Java vulnerability

By on April 16, 2012 at 1:15 PM.

Second Mac trojan discovered, also exploits Java vulnerability

The “Flashback” trojan virus affecting at least 600,000 Macs was discovered last week that is capable of intercepting passwords and other private data. The discovery prompted Apple to release a Java update for OS X users that removed a number of common variants of the virus. Securelist on Saturday found another Mac trojan that is also spread through Java exploits, however. The malware, called Backdoor.OSX.SabPub, can take screenshots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit. More →

No Comments

BlackBerry 7 rated most secure operating system

By on April 11, 2012 at 8:15 PM.

BlackBerry 7 rated most secure operating system

Trend Micro on Wednesday named Research In Motion’s BlackBerry 7 OS as the most secure mobile operating system in a new report titled “Enterprise Readiness of Consumer Mobile Platforms.” The security firm compared four of the top mobile operating systems — Android 2.3, iOS 5, Windows Phone 7.5 and BlackBerry 7 — and found the Waterloo-based company’s platform best met the demands of enterprise users. BlackBerry 7 scored a 2.89 rating, which was based on a number of factors including built-in security, application security, authentication, device wipe, device firewall and virtualization. RIM was followed by Apple’s iOS 5 with a 1.7 rating, Microsoft’s Windows Phone 7.5 with a 1.61 rating and Google’s Android 2.3 operating system with a 1.37 rating. Researchers from Trend Micro, Altimeter Group and Bloor Research praised the Blackberry 7 operating system for its corporate grade security and manageability, while the iPhone’s lack of removable storage and Windows Phone 7.5’s for overall performance were applauded. Google’s Android platform received negative comments, however, with researchers claiming the platform’s fragmentation has proven to be a barrier for enterprises. More →

No Comments

Major Android vulnerability gives apps access to sensitive data without permission

By on April 11, 2012 at 3:15 PM.

Major Android vulnerability gives apps access to sensitive data without permission

The security of the Android mobile platform has always been a topic of debate. Due to Google’s open ecosystem and less invasive app policing policies, researchers argue that the Google Play marketplace is home to numerous malicious apps. Reports have surfaced over the past few years that claimed even applications from legitimate companies — such as Facebook, Skype and Path — were exploiting Android permissions and secretly accessing data. Paul Brodeur of Leviathan Security had a simple question: what data can an app access when it has no permissions? What he found may be shocking. More →

No Comments

Security hole in Facebook and Dropbox apps leave iOS users vulnerable [updated]

By on April 6, 2012 at 1:15 PM.

Security hole in Facebook and Dropbox apps leave iOS users vulnerable [updated]

U.K.-based Android and iOS app developer Gareth Wright recently discovered a security hole in Facebook’s native mobile apps that can be used to steal a user’s personal information. Facebook’s Android and iOS apps do not encrypt login credentials, instead storing them in plain text files and allowing the information to be easily accessed and transferred over a USB connection, or more likely, through a malicious app. Wright explained in a blog post that Facebook’s plist file, or property list file containing personal data, is stored insecurely and not set to expire for 2,000 years. Once a plist file is copied to another device, one can simply open the normal Facebook app and will automatically be logged in the user’s account. Wright’s claims were confirmed by TheNextWeb, which also discovered that Dropbox’s iOS app includes the same security hole. The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer.

Update: Dropbox reached out to BGR regarding the issue, the company’s statement can be found after the break.  More →

No Comments

‘Anonymous’ hacks Chinese government, protest freedom and civil rights

By on April 5, 2012 at 7:10 PM.

‘Anonymous’ hacks Chinese government, protest freedom and civil rights

Notorious hacker group “Anonymous” on Thursday claimed responsibility for attacks on several government Web sites in China. The group has launched various Internet attacks on the country over the past week in response to what it believes to be strict and unfair laws. “All these years, the Chinese Communist government has subjected its People to unfair laws and unhealthy processes,” the group wrote on one Chinese website. “Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall.” The group goes on to warn that further attacks are on the horizon. “So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. Nothing will stop us, nor your anger nor your weapons. You do not scare us, because you cannot afraid an idea.” Anonymous also acknowledged the Chinese people directly, telling them to remain optimistic, “Don’t loose hope, the revolution begins in the heart.” More →

No Comments

New Android malware can remotely root phones

By on April 5, 2012 at 5:40 PM.

New Android malware can remotely root phones

Lookout Mobile Security on Tuesday published a report stating that a known malicious Android program has been updated with the ability to harm a device without depending on a user’s interaction. The new version of the “Legacy Native” (LeNa) app utilizes an exploit called GingerBreak to gain root permission on Android phones. The new variant of LeNa hides its payload just past the End of Image marker of an otherwise fully-functional JPEG. The malware is then able to communicate with a command and control server to install and launch packages unbeknown to the phone’s user. According to the report, this new version of LeNa is currently being distributed in a fake version of Angry Birds Space, but the malicious program is not believed to have made its way into the Google Play marketplace at this time. More →

No Comments

Microsoft says Xbox hacking claims are ‘unlikely’

By on April 5, 2012 at 3:05 PM.

Microsoft says Xbox hacking claims are ‘unlikely’

A report emerged last week from a security researcher claiming Microsoft’s Xbox lacked important security features that might protect owners who sell used consoles from having personal information stolen. Ashley Podhradsky of Drexel University claimed to have purchased a used Xbox console and used readily available hacking tools to recover the prior owner’s credit card number and other personal information. “Microsoft does a great job of protecting their proprietary information, but they don’t do a great job of protecting the user’s data,” Podhradsky said at the time. More →

No Comments

BlackBerry remains top smartphone in Washington

By on April 5, 2012 at 1:35 PM.

BlackBerry remains top smartphone in Washington

Research in Motion’s BlackBerry operating system has gone from being a leading smartphone platform to the struggling OS it is today. While adoption rates may be slowing with consumers and businesses, the same cannot be said for U.S. Government workers, a new report claims. The Washington Post on Tuesday reported that nearly half a million federal workers, including President Barack Obama, are still using BlackBerry phones. That number hasn’t dipped over the past few years despite RIM’s plummeting sales. “We appreciate RIM’s focus on security, which is paramount for government use,” said Casey Coleman, chief information officer at the General Services Administration. Some agencies are changing their policies and allowing workers to choose other smartphones, however, which may impact BlackBerry’s government market share moving forward. Coleman added that other platforms are proving equally secure, and that the GSA places “a priority on adoption where appropriate of innovative new technologies.” More →

No Comments

Visa drops Global Payments following theft of 1.5 million card numbers

By on April 2, 2012 at 6:35 PM.

Visa drops Global Payments following theft of 1.5 million card numbers

Following a massive security breach, Visa has dropped Global Payments from its registry of providers that meet data security standards, The Associated Press reported on Monday. Global Payments CEO Paul Garcia said that the company will continue to process Visa transactions, however being dropped from the registry “could give our partners some pause that they’re doing business with someone who experienced a breach.” Garcia fully expects his company to be reinstated once it has been issued a new report of compliance, although he declined to specify when that might happen. The CEO maintains that the situation is “absolutely contained” and is being fully investigated. Global Payments confirmed on Sunday that hackers stole credit card numbers belonging to as many as 1.5 million MasterCard and Visa customers, however cardholder names, addresses and Social Security numbers were not compromised. The company plans to set up a website to assist consumers who might have been affected by the breach. More →

No Comments