Skip to content

QUOTE

This article begs the question: “Why doesn’t google police its store an evaluate apps for potential malware?” So much of the crap on google play is infected with spyware. Oh wait, spyware, that is how google makes money selling your private info others so they can market more to you.

A new strain of Android malware is infecting an estimated 13,000 devices per day.

The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users’ sensitive data from Gmail accounts, security researchers at Check Point Software Technologies warn.

The malicious code creates a money-making sideline for crooks by fraudulently installing apps from Google Play and rating them on behalf of the victim.

Gooligan targets devices running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), collectively around 74 per cent of Android devices currently in use. Gooligan is installing at least 30,000 apps on breached devices every day, or more than 2 million apps since the malicious campaign began, according to Check Point.

Security researchers at the Israeli firm first encountered Gooligan’s code in the malicious SnapPea app last year. In August, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. About 40 per cent of these devices are located in Asia and about 12 per cent are in Europe. Hundreds of the email addresses compromised by Gooligan are associated with enterprises around the world.

Check Point has passed on its findings on the campaign to Google’s security team. “This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile products. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Gooligan spreads when victims download and install an infected app. Crooks are slinging the malware by tricking victims into following malicious links in phishing messages.

“If your account has been breached, a clean installation of an operating system on your mobile device is required,” Shaulov advised.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Russian hackers throw Trump victory party with new spear phishing campaign

Quote

Tied to DNC breach

Less than six hours after Donald Trump won the US presidential election, a new spear phishing campaign was launched by a Russia-based group. The group is apparently one of the two organizations connected to the breach at the Democratic National Committee, and it’s responsible for nearly a decade of intelligence collection campaigns against military and diplomatic targets.

Security firm Volexity refers to the group as “the Dukes” based on the malware family being utilized. According to a report by Volexity founder Steven Adair, the group is known for a malware family known as “the Dukes”—also referred to as APT29 or “Cozy Bear.” The Dukes’ primary targets in this latest round of attacks appear to be non-governmental organizations (NGOs) and policy think tanks in the US.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

IoT worm can hack Philips Hue lightbulbs, spread across cities

Quote

Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off.

The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF], exploits hardcoded symmetric encryption keys to control devices over Zigbee wireless networks. This allows the malware to compromise a single light globe from up to 400 metres away.

The worm can then spread from a single smart bulb to those nearby thanks to the use of these skeleton keys.

The attack is the handiwork of researchers Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of the Weizmann Institute of Science, Israel, along with Colin O’Flynn of Dalhousie University, Canada.

It triggered Philips to release a firmware patch for owners of its “Hue” connected bulbs. This is not without some risk as users must first set up the Philips Hue app in order to receive the automatic patches, and do so before attacks take place since the worm can easily override update attempts.

Comment: Why they call these smart devices is beyond me. Not have rock solid security is pure stupidity. Oh wait, we are talking of IoT security.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Trump’s taxing problem: The end of ‘affordable’ iPhones

Quote

In Trump’s view, Apple is emblematic of US manufacturers responsible for killing domestic jobs by buying components made and assembled overseas. The iPad employs chips designed in Britain by ARM, memory from South Korea’s Samsung and Japan’s Toshiba and Elpida Memory, with assembly by Foxconn in Taiwan.

But step back and Trump’s economic nationalism extends beyond the obvious target of Apple – it takes in a broad swath of tech firms large and small from “ordinary” US states and places.

Over in Trump-friendly Texas, Dell employs Samsung’s NAND in its storage devices with Massachusetts-based EMC also employing Sammy’s memory.

Up in the Hillary-Clinton-supporting northwest, Microsoft uses the Foxconn-like Pegatron in Taiwan to build its Surfaces, which also happen to employ Samsung’s SSD.

Technology firms across the US, not just Silicon Valley, are plugged into the global sourcing and integration of components.

The rise of IoT takes this into newer, smaller devices – no longer just the big stuff of enterprise or the shiny stuff in the hands of consumers.

US firms that are part of this global supply chain will pay more in tax.

Trump has proposed to tax goods from US companies made abroad and imported with a 35 per cent levy on goods coming from Mexico. He has also talked of a 15 per cent tax on “outsourcing jobs” and an apparent further 20 per cent tax for all imported goods.

..

It’s therefore reasonable to expect the price of tech to increase domestically in the long term and for the cost to feed in internationally.

There is a “but”, however. Donald Trump himself. Given his propensity for verbal pugilism during the presidential campaign, it’s difficult to know what words were intended simply to score points and grab the sound bite and which was actual policy in the making

Comment
If companies invested a fraction of the amount of the cost to move overseas in training, then the landscape would be far different today. The likes of Apple just accelerate the race to the bottom and hollow out the middle class adding the income disparities that we see today.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Like with a Cloth or something?

Quote

August 2015 Hillary Clinton was asked, “Did you wipe your email server?” and she evasively replied, “Like with a cloth or something?” A year later we found out that “cloth” was BleachBit, a software application that deletes information “so even God can’t read it,” as Congressman Trey Gowdy announced August 2016.

  • After you have smashed your BlackBerry, don’t forget to wipe the fingerprints from your email server with this non-abrasive, soft microfiber Cloth or Something.
  • Thin, foldable size makes it easy to stash the Cloth or Something in burn bags.
  • 6″ x 6″ size quickly wipes even the biggest email servers with thousands of emails.
  • Buy an extra cloth for your VIP (VERY VIP) client.
  • Optionally autographed on the back by Andrew, creator of BleachBit.
  • Printed in the USA!
  • Guaranteed not to prove intent, or you will get a full refund paid when you are released from prison.
  • First-class shipping and handling is a flat rate of $2 per order.
  • Yes, this cloth is real, and you can really buy it.

Don’t wait for a subpoena: Order Now!

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

What Really Broke Dyn this week? IOT

Quote

Today a vast army of hijacked internet-connected devices – from security cameras and video recorders to home routers – turned on their owners and broke a big chunk of the web.

Compromised machines, following orders from as-yet unknown masterminds, threw massive amounts of junk traffic at servers operated by US-based Dyn, which provides DNS services for websites large and small.

The result: big names including GitHub, Twitter, Reddit, Netflix, AirBnb and so on, were among hundreds of websites rendered inaccessible to millions of people around the world for several hours today.

We’re told gadgets behind tens of millions of IP addresses were press-ganged into shattering the internet – a lot of them running the Mirai malware, the source code to which is now public so anyone can wield it against targets.

  • Dyn’s chief strategy officer Kyle York told The Register by phone that devices behind tens of millions of IP addresses were attacking his company’s data centers. 
  • A lot of this traffic – but not all – is coming from Internet-of-Things devices compromised by the Mirai botnet malware. This software nasty was used to blast the website of cyber-crime blogger Brian Krebs offline in September, and its source code and blueprints have leaked online. That means anyone can set up their own Mirai botnet and pummel systems with an army of hijacked boxes that flood networks with junk packets, drowning out legit traffic. 
  • One online tracker of Mirai suggests there at least 1.2m Mirai-infected devices on the internet, with at least 173,000 active in the past 24 hours. 
  • Mirai spreads across the web, growing its ranks of obeying zombies, by logging into devices using their default, factory-set passwords via Telnet and SSH. Because no one changes their passwords on their gizmos, Mirai can waltz in and take over routers, CCTV cameras, digital video recorders, and so on. 
  • York said the waves of attacks were separate and distinct – there are multiple bot armies out there now smashing systems offline. “We’re expecting more,” he added.

It is well known the Internet of Things (IOT) has very poor security. It could be improved if people would simply change the default password and manufactures write a mandatory change on a time basis. Not a cure all, but an improvement. But El Reg can saids it better

El Reg [ed. The Register] has been banging about IoT security for ages: Mirai is now targeting cellular gateways. Not enough is being done to patch insecure gadgets. Do gizmos need some sort of security-warning labels? The blame here is not with Dyn. It is not even with the owners of the hijacked devices.

It lies with the botnet operators – and, perhaps more crucially, the dimwit IoT manufacturers who crank out criminally insecure hardware that can be compromised en masse. Particularly China-based XiongMai Technologies, which produces vulnerable software and hardware used in easily hijacked IP cameras, digital video recorders and network-attached video recorders. These crappy devices were at the core of today’s attacks, according to Flashpoint.

Until there is a standards crackdown, and vulnerable devices are pulled offline, this will continue on and on until there is no internet left.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Cracking the Code

I was recently asked for the first 4 digits of my SSN on an insurance application. I refused. I was told the usual answer “no ever has had a problem with this before.” well that does not surprise me. The security IQ of the average business in my estimation barely registers. This is especially true for small and medium businesses, although as seen, even their larger brethren are pretty bad. Anyway I digress. It is not just this hapless insurance company. Doctors offices continue to be notoriously bad. 1 month ago I tried to make an appointment with a doctor and they asked for my full SSN. Of course I refused. I made it all the way to the CEO of the practice and this fool simply repeated over and over it was their policy as their software used it as a unique identifier. Idiots.

How easy is it to guess SSN’s?

Quote

Researchers have found that it is possible to guess many — if not all — of the nine digits in an individual’s Social Security number using publicly available information, a finding they say compromises the security of one of the most widely used consumer identifiers in the United States.

Many numbers could be guessed at by simply knowing a person’s birth data, the researchers from Carnegie Mellon University said. ….read more

My advice – refuse to give your SSN to anyone. And guard your birth-date also, especially online. Use a fake birth-date for any site requesting it.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Criticize Donald Trump, get your site smashed offline from Russia

Quote

Newsweek Cuban connection story enrages miscreants

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba.

The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but quickly realized that something more sinister was afoot.

The site was being bombarded by junk traffic from servers all around the world, but the majority came from Russia, the editor in chief Jim Impoco has now said.

“Last night we were on the receiving end of what our IT chief called a ‘massive’ DoS [denial of service] attack,” he told Talking Points Memo.

“As with any DDoS [distributed DoS] attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything. We are still investigating.” ….As with any DDoS attack, finding the culprit is nearly impossible. But it appears that the article has pissed off a lot of people who control many Russian servers.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Security analyst says Yahoo!, Dropbox, LinkedIn, Tumblr all popped by same gang

Quote

Says five-strong ‘Group E’ may have lifted a billion Yahoo! records, sells to states

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world’s biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.

The claims, made to The Reg by recognised threat intelligence boffin Andrew Komarov, pin the world’s largest hacks on “Group E”, a small Eastern European hacking outfit that makes cash breaching companies and selling to buyers including nation states.

Komarov told The Register the group is behind a laundry list of hacks against massive household tech companies including the breach of Yahoo!, Dropbox, LinkedIn, Tumblr, and VK.com among other public breaches.

The analyst says the same hacking group has breached other major tech firms but would not be drawn on revealing the names of the affected companies nor the number of compromised credentials. Komarov has reported those breaches which are not on the public record to police.

He goes further and says much of the reporting concerning the Yahoo! breach was inaccurate, and suggests the number of affected credentials could be as high as one billion, double what was reported.

Group E had, according to Komarov, breached Yahoo! and sold the massive data haul through a recognised hacker identity who served as a broker.

It was then sold to a unnamed nation-state actor group.
….
Komarov, an established threat intelligence man formerly of Intelcrawler before its acquisition by Arizona-based security firm InfoArmor, is one of a handful of cybercrime intelligence analysts who closely monitor closed crime forums and dark web sites.

He fingers a Russian-speaking criminal hacking identity known as Tessa88 as the broker used by the two hacking groups.

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *

Quote

AT&T is getting rid of Internet Preferences, the controversial program that analyzes home Internet customers’ Web browsing habits in order to serve up targeted ads.

“To simplify our offering for our customers, we plan to end the optional Internet Preferences advertising program related to our fastest Internet speed tiers,” an AT&T spokesperson confirmed to Ars today. “As a result, all customers on these tiers will receive the best rate we have available for their speed tier in their area. We’ll begin communicating this update to customers early next week.”

Data collection and targeted ads will be shut off, AT&T also confirmed.

Good news at last on privacy

Leave a Comment

Hide Comment Form

Add a Comment

Your email address will not be published. Required fields are marked *