Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Mobile Security Threats Continue To Grow

October 15, 2011 by  
Filed under Smartphones

Comments Off on Mobile Security Threats Continue To Grow

According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That’s great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must prepare for the fact that the criminals will target these devices with attack exploits, spyware,
and rogue applications.

And while IBM’s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past year.

The group also sees a number of other troubling mobile security trends. First, when software flaws do surface, many mobile phone makers do not rapidly deploy software patches to devices; malicious apps are often distributed through third-party app markets. Another troubling trend is that some mobile malware can collect end user’s personal information for use in phishing attacks.

An example of vulnerabilities that would make such attacks possible are the two recent Android security flaws that were reported to affect popular handsets including the AT&T Samsung Galaxy SII and various HTC devices.

The security find announced by security researcher Trevor Eckhart, called HTClogger (logging tools introduced by handset maker HTC) that could leak email account information, user location, phone numbers, and messaging logs.

Handset maker HTC said, in a statement, that it is working to quickly issue an update to its customers. “HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly,” the company said.

Source….

AES Encryption Cracked

August 24, 2011 by  
Filed under Computing

Comments Off on AES Encryption Cracked

CRYPTOGRAPHY RESEARCHERS have identified a weakness in the Advanced Encryption Standard (AES) security algorithm that can crack secret keys faster than before.

The crack is the work of a trio of researchers at universities and Microsoft, and involved a lot of cryptanalysis – which is somewhat reassuring – and still does not present much of a real security threat.

Andrey Bogdanov, from K.U.Leuven (Katholieke Universiteit Leuven), Dmitry Khovratovich, who is full time at Microsoft Research, and Christian Rechberger at ENS Paris were the researchers.

Although there have been other attacks on the key based AES security system none have really come close, according to the researchers. But this new attack does and can be used against all versions of AES.

This is not to say that anyone is in immediate danger and, according to Bogdanov, although it is four times easier to carry out it is still something of an involved procedure.

Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.

“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. “Because of these huge complexities, the attack has no practical implications on the security of user data.” Andrey Bogdanov told The INQUIRER that a “practical” AES crack is still far off but added that the work uncovered more about the standard than was known before.

“Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are,” he said.

He added that the advance is still significant, and is a notable progression over other work in the area.

“The result is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” he explained. “Cryptologists have been working hard on this challenge but with only limited progress so far: 7 out of 10 for AES-128 as well as 8 out of 12 for AES-192 and 8 out of 14 rounds for AES-256 were previously attacked. So our attack is the first result on the full AES algorithm.”

Read More…

SpyEye Poses Risk To Banking Defenses

August 1, 2011 by  
Filed under Internet

Comments Off on SpyEye Poses Risk To Banking Defenses

Financial institutions are facing more trouble from SpyEye, a piece of malicious software that steals money from customers online bank accounts, according to new research from security vendor Trusteer.

SpyEye is a dastardly piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second.

In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.

Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area suddenly logs in from St. Petersburg, Russia.

SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying to mimic — albeit in an automated way — how a real person would navigate a website.

Read More…..

“TDL-4″ Botnet Is Practically Indestructible

July 7, 2011 by  
Filed under Computing

Comments Off on “TDL-4″ Botnet Is Practically Indestructible

A new and improved botnet that has infected more than four million computers is “practically indestructible,” software security experts say.

“TDL-4,” the name for both the bot Trojan that infects PCs and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said and others agree.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”

Golovanov and Stewart based their assessments on a variety of TDL-4′s traits, all which make it an extremely tough character to detect, delete, suppress or eradicate.

Because TDL-4 installs its rootkit on the Master Boot Record (MBR), it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

Further,what makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

“The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky, ”The TDL guys are doing their utmost not to become the next gang to lose their botnet.”

Read more….

Acer Is The Latest Victim Of Computer Hacking

June 16, 2011 by  
Filed under Computing

Comments Off on Acer Is The Latest Victim Of Computer Hacking

Taiwanese PC manufacturer Acer is investigating a cyber hacker attack that stole customer data from its Packard Bell division in Europe, the company said.

Acer said the security breach was limited to customers’ names, addresses, phone numbers, emails, and system serial numbers. No credit card data was stolen, it said. Acer provided no other details about the breach, and said the investigation was ongoing.

News of the breach was reported several days ago, after a hacker group called Pakistan Cyber Army claimed to have stolen the personal data of about 40,000 people from an Acer server in Europe. Acer did not comment on the attack at the time.

The Hacker News had published screen shots of the personal data and some of the source code that was stolen in the security breach. It also said that the Pakistan Cyber Army would issue a press release detailing more about their motives. But so far, no new information has surfaced from the hacking group.

Read More….

Cell Phones Can Be Dangerous

June 5, 2011 by  
Filed under Smartphones

Comments Off on Cell Phones Can Be Dangerous

It appears that an Australian brain surgeon has called the latest report in reference to the report on the potential harmful effects of mobile phones as a wake-up call to users and the telecommunications industry.

Dr Teo, said he was “pleased” that at last there came conclusive proof that mobile phones caused brain tumours. He also went on to say that the report should serve as a ”wake up call’ that should alert both the public and the mobile phone industry to the link between mobile use and cancer.”

As you know a report was released by the World Health Organisation’s cancer research wing that said radio frequency electromagnetic fields generated by cell phones are “possibly carcinogenic to humans” and heavy usage could lead to a possible increased risk of glioma, a malignant type of brain cancer.

Read More…

Hackers Go After WordPress

March 6, 2011 by  
Filed under Around The Net

Comments Off on Hackers Go After WordPress

We found out Bloggers using the WordPress platform was shutdown by a DDos attack yesterday that apparently affected many blog sites.

 The DDos  hostilities began in the morning and lasted for a couple of hours. The estimates on the DDos attack was thought to be “multiple Gigabits per second and tens of millions of packets per second”, according to sources, WordPress is working with their providers to prevent such acts from ever taking place again.WordPress the attack is over, though in Chicago, Dallas and San Antonio. The good news is that the site is back up.  However, while the attack was in progress sources say it was on of the “largest” the organization has ever seen. Even centersThe attack unfortunately hit main three data. Read More…..

Hacker Writes Trojan For Apple’s Mac

March 1, 2011 by  
Filed under Computing

Comments Off on Hacker Writes Trojan For Apple’s Mac

As Apple’s popularity continues to increase, so too does the malicious interest of hackers in their famed products. Researchers at Sophos say they’ve uncovered a new Trojan horse program written for the Mac.

It’s called the BlackHole RAT (the RAT part is for “remote access Trojan”) and it’s pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There’s even a YouTube video demo of the program that details what its capable of doing.

Sophos hasn’t seen the Trojan used in any online attacks -it’s more a bare-bones, proof-of-concept beta program right now – but the software is pretty easy to use, and if a criminal could find a way to get a Mac user to install it, or write attack code that would silently install it on the Mac, it would give him remote control of the hacked machine. Read More….

« Previous Page