xCodeGhost To Wreak Havoc On IOS Devices
Comments Off on xCodeGhost To Wreak Havoc On IOS Devices
A security firm has released a list of ongoing and incoming threats that cover a range of things from Apple’s iOS to the Internet of Things (IoT).
In its third report this year, Quick Heal warns that Apple users in particular better brace themselves for impact as more and more malware writers who’ve earned their stripes targeting Android users turn their attention to iOS.
“As the number of iPhone owners rises across the world, iOS has become a new potential target for Android malware authors and hackers. It is expected that Android malware will soon be altered to attack iOS users as well, and jailbroken iOS devices will be the first wave of targets for these attacks,” explained the firm (PDF).
“Recently, the ‘XcodeGhost’ malware was found on the Apple App Store and this is just the beginning of such attacks.”
In a section on wearables, Quick Heal predicts hackers will increasingly target fitness trackers, something that other security researchers have already warned about.
A lot of space in the report is reserved for Android-flavoured threats, and users are offered advice on protecting themselves such as if there is an option to use a password over a touch sign-in, then you ought to take it.
“A group of researchers have discovered a serious security flaw in the Android Lollipop version running on devices right now. This flaw allows attackers to bypass the lockscreen of an Android smartphone by using a massive password and thereby exposing the homescreen,” it explains.
“The attack essentially works by opening the in-built camera application and afflicts people using a password to protect their Android device and lock their screen.”
The most significant Android threat is a rascal called Android.Airpush.G, which claims 30 percent of the bug pool and is the kind of adware thing that makes you want to take a hammer to your phone screen. The second most prominent issue is Android.Reaper.A, which can haul in a large data harvest when in place.
Quick Heal is not the only security company in town, and a post on the Symantec website also seems set to put the fear into the Apple user community. That post, read it here – if you dare, says that the Mabouia ransomware is capable of causing a problem for Mac and PC users alike.
Fortunately, Mabouia is a proof-of-concept attack that a researcher shared with both Apple and Symantec. Symantec says that the PoC effort achieves at least one first.
“Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept. Macs have nevertheless already been targeted by ransomware in the form of browser-based threats,” it explained.
“For example, in 2013, researchers at Malwarebytes discovered browser-based ransomware that targeted Safari for Mac users through a malicious website. The website directed Windows users to a drive-by download, while Mac users were served JavaScript that caused Safari to display persistent pop-ups informing the user their browser had been “locked” by the FBI for viewing illegal content.”
Source-http://www.thegurureview.net/computing-category/will-the-xcodeghost-malware-wreak-havoc-on-ios-devices.html
Did Apple Have Issues With iOS 9
Apple has officially released iOS 9, but in the first hour users reported that they were unable to grab the 1GB download.
“Software Update Failed,” the message read on iPhones and iPads. “An error occurred downloading iOS 9.”Computerworld confirmed the problem, initially seeing it on multiple iOS 8 devices. But after several subsequent attempts, the download successfully started about an hour after Apple issued the upgrade.
Similar reports of early problems were posted on Apple’s own support forums and elsewhere on the Internet. “Not a very helpful error,” wrote someone identified as “yanic” on the former.
Others countered with snark. “Strangely, this is not a ‘limited time offer,’ said “stedman 1″ on the same thread, likely referring to Microsoft’s Windows 10 free upgrade offer, which is valid for one year. “The software will be available tomorrow, and the next day, and next week.”
Some advice ended up being more helpful. “You are facing an overloaded server which is pretty typical of the first day a software revision comes out,” contended “Ralph Landry1″ on a different discussion thread.
Several iPhone owners who had said that they were unable to download iOS 9 returned to the same forum threads to report they had gotten the upgrade later.
Apple’s track record with iOS releases has been mixed. Last year’s iOS 8 roll-out seemingly started off smoothly — there were few initial complaints about getting the upgrade — but many soon griped that 8′s large size forced them to wipe apps and content from their devices before they could install the new OS.
iOS 9′s size and the free space requirements for installation were both reduced to address that problem of last year. The free space demand for iOS 9 fell to 1.3GB to 1.8GB from last year’s 4.5GB to 5GB.
Source-http://www.thegurureview.net/consumer-category/users-reporting-problems-upgrading-to-apples-ios-9.html
Darkode Hacking Forum Shut Down
Law enforcement agencies from 20 countries collaborated to cripple a major computer hacking forum, and U.S. officials filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.
Darkode.com on is displaying a message saying the site and domain had been seized by the FBI and other law enforcement agencies.
Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”
Five of the defendants face charges in Hickton’s district.
Darkode allowed hackers and other cybercriminals to sell, trade and share information and tools related to illegal computer hacking, the law enforcement agencies alleged.
Before becoming a member of Darkode, prospective participants were allegedly vetted through a process that included an invitation by a member, the DOJ said in a press release. The prospective member then pitched the skill or products he or she could bring to the forum.
Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware, the DOJ said.
The takedown of the forum and the charges announced Wednesday came after the FBI’s infiltration of Darkode’s membership.
Cisco Warns Of Bug In Virtual App
Cisco has warned of a default Secure Shell vulnerability in three of its virtual applications.
The flaw could allow attackers to decrypt traffic exchanged in the services, and has been detailed in a Cisco security advisory.
It affects Cisco’s Web Security Virtual Appliance (SMAv), Email Security Virtual Appliance and Security Management Virtual Appliance, which are already commercially available.
Cisco said that it “is not aware of any public announcements or malicious use of the vulnerabilities”, but warned that attackers who got hold of the private keys could decrypt communications with a man-in-the-middle attack.
The default private encryption keys were preinstalled on all three of the products, a move which is considered bad security practice.
“Successfully exploiting this vulnerability on Cisco SMAv allows an attacker to decrypt communication toward SMAv, impersonate SMAv, and send altered data to a configured content appliance,” the advisory said.
“An attacker can exploit this vulnerability on a communication link toward any content security appliance that was ever managed by any SMAv.”
Cisco has released a patch which deletes the preinstalled SSH keys and explains how customers can correct the problem.
The Cisco-sa-20150625-ironport SSH Keys Vulnerability Fix comes as part of several product upgrades, and must be manually installed from a command line interface.
Cisco’s advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after 25 June.
Cisco revealed details of a new point of sale attack earlier this year that could part firms from money and customers from personal data.
The threat, called PoSeidon by the Cisco team, came at a time when eyes were on security breaches at firms like Target.
Cisco said in a blog post that PoSeidon is a threat that has the ability to breach machines and scrape them for credit card information.
Yet Another Retailer System Hacked
Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.
The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.
The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.
“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.
The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.
In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.
Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.