PCVARK malware strain surfaces for the Mac, opens door for additional malware to be installed

Posted by:
Date: Tuesday, August 23rd, 2016, 05:00
Category: macOS, News, security, Software

trojanhorse

A new strain of Mac malware has gone into the wild and is worth being a bit wary around.

The strain, discovered by Malwarebytes, is know as “PCVARK” and is labeled as “Advanced Mac Cleaner” online. Once activated, the installer places a trojan called “Mac File Opener”, which behaves in the following way according to Thomas Reed of Malwarebytes:

(more…)

Department of Justice reports 400% increase in ransomware attacks since 2015

Posted by:
Date: Monday, August 22nd, 2016, 05:52
Category: News, security, Software

trojanhorse

You need to be careful out there.

Ransomware attacks have apparently quadrupled over the last year according to the U.S. Department of Justice. The agency reported that the attacks have now escalated to approximately 4,000 per day. Typical ransomware payments range from $500 to $1,000, according to cyberrisk data firm Cyence Inc., but some hackers have demanded as much as $30,000 in an attack that crippled a large portion of the hospital’s computer systems.

Hollywood Presbyterian Medical Center in Los Angeles paid roughly $17,000 to unlock files in February, following an attack that crippled a large portion of the hospital’s computer systems.

In the Hollywood Presbyterian Medical Center hack, cybercriminals broke into a server in late January. After two weeks of reconnaissance, they struck on a Friday night, when the hospital’s tech staff was off, encrypting data on 850 computers and 150 servers and rendering documents unreadable, according to Steve Giles, the hospital’s technology manager.

(more…)

Exodus Intelligence announces bounties up to $500,000 for zero-day vulnerability flaw discoveries in iOS 9.3 and higher

Posted by:
Date: Thursday, August 11th, 2016, 13:18
Category: Hack, iOS, News, security, Software

hackicon

Forget the $200,000 bounty Apple is offering for information regarding zero-day vulnerabilities in iOS, a new security firm is offering up to $500,000 per discovery.

On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.

These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iOS devices.

(more…)

Pokemon Go updated, adds experimental new Tracker feature among changes

Posted by:
Date: Tuesday, August 9th, 2016, 07:18
Category: iOS, News, privacy, security, Software

Pokemon-GO-Icon

The good news is that Pokemon Go just received a hefty update and is now up to version 1.3.0.

The bad news is that this game seems to be tracking its players in impressive new ways.

A series of leaked screenshots from the new experimental “Tracker” program seems to be showing Pokemon Go players near specific PokeStops.

(more…)

Apple to launch Bug Bounty program, will pay up to $200,000 to hackers, cryptographers and researchers depending on bugs found

Posted by:
Date: Friday, August 5th, 2016, 07:27
Category: Developer, Hacks, iOS, macOS, News, security, Software, TvOS, Watch OS

apple-bug-bounty-program

Ok, this is pretty neat.

Yesterday at the Black Hat conference, an annual event designed for the global InfoSec community, Apple’s head of security engineering Ivan Krstic announced the launch of a bug bounty program that will see Apple paying money to individuals who discover major bugs and security flaws in the company’s software.

Many major technology companies like Google and Microsoft offer bug bounty programs to encourage people to discover and report major vulnerabilities, but until now, Apple has declined to provide a similar program.

The new program is part of an effort to open Apple’s software up to hackers, researchers and cryptographers who want to improve upon it and Apple will be offering up to $200,000 to researchers depending on the bug discovered. Secure boot firmware components will earn $200,000 at the high end, while smaller vulnerabilities, like access from a sandboxed process to user data outside of the sandbox, will earn $25,000.

(more…)

iOS researcher finds WhatsApp leaves traces of conversations behind

Posted by:
Date: Friday, July 29th, 2016, 16:05
Category: iOS, News, privacy, security, Software

whatsappicon

Well, at least the world of tech security isn’t boring.

Upon examining disk images taken from the most recent version of the app, iOS researcher Jonathan Zdiarski discovered that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.

In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.

(more…)

Edward Snowden announces forthcoming prototype of device to prevent iPhone radio transmission

Posted by:
Date: Friday, July 22nd, 2016, 12:36
Category: Hack, Hardware, iPhone, News, security

snowdenprototype

Edward Snowden may be in exile from the U.S., but that doesn’t seem to be slowing him down.

Snowden, who once met with reporters in a Hong Kong hotel room to spill the NSA’s secrets and famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras, has released plans to announce a prototype for a device that could stop this kind of surveillance.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas and they say it could offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed.

In short, this could stop the transmission and thus better protect the user’s privacy.

(more…)

Apple releases iOS 9.3.3, watchOS 2.2.2 and tvOS 9.2.1 updates

Posted by:
Date: Tuesday, July 19th, 2016, 12:51
Category: iOS, iPhone, News, security, Software, TvOS, Watch OS

applelogo1

In addition to Apple’s OS X 10.11.6 El Capitan update on Monday, Apple also released updates for iOS, watchOS and tvOS.

While Apple users are looking forward to the next major operating system updates, Apple is still working on the currently released products. On Monday, the company released OS updates for iOS, OS X, watchOS, and tvOS.

The iOS 9.3.3 update includes “bug fixes and improves the security” of your iOS device. The company’s online document details updates for Calendar, CoreGraphics, FaceTime, Safari, and more.

(more…)

Pokemon Go 1.0.1 update released, offers game fixes, limits Google account access scope

Posted by:
Date: Tuesday, July 12th, 2016, 12:48
Category: iOS, News, security, Software

pokemongo

In the wake of some controversy, Pokemon Go has just received an update for its iOS version that should hopefully calm the waters. The update works to fix the issues that have surfaced after it was revealed that the game holds full access to Google accounts and fixes the scope of this access. Users should also no longer have to re-enter their credentials after they’ve been forcefully logged out, and the some issues with crashes should be resolved as well.

The fixes come in the wake of the game having literally full access to a Google account upon login. Per the dialog, the application could “…see and modify nearly all information in your Google Account”. Today’s update remedies the situation when logging into the application with a Google account. Users are now presented with a view that clearly defines what enabling the account access does. The access requests the ability to know who the user is through their Google account, to view the email address, and nothing else. This should help alleviate some of the security concerns brought up in the past few days.

(more…)

Pokemon Go developer Niantic under fire for “full access” to Google accounts, states fixes coming soon

Posted by:
Date: Tuesday, July 12th, 2016, 08:05
Category: iOS, iPhone, News, security, Software

pokemongo

If you’re looking to install Pokémon Go on your iOS device, you might want to wait a few days.

Amid revelations that the popular Pokémon Go game for iPhone offers universal access to Google accounts, Google and Niantic have said that user emails and other sensitive data are not being harvested, and that a pair of fixes are incoming.

Early Monday, analytics firm architect Adam Reeve claimed that installing Pokémon Go and using a Google account to play the game granted full access to linked accounts on both Android and iOS, without informing the user. The apps, per the Google Play description, “can see and modify nearly all information in your Google Account” but “can’t change your password, delete your account, or pay with Google Wallet on your behalf.”

(more…)