Security researcher examines MacKeeper, says sensitive data for more than 13 million accounts easily accessed

Posted by:
Date: Monday, December 14th, 2015, 08:34
Category: Hack, News, security, Software

MacKeeper-Logo

And yet more reasons have surfaced as to why you’d want to punch the entire staff of MacKeeper in their heads.

A security researcher claims that extremely poor security has allowed him to access sensitive data for more than 13 million MacKeeper accounts.

White-hat researcher Chris Vickery, who has previously exposed data breaches at MLB, ATP, Slipknot and a network of K-12 charter schools in California, posted the following to Reddit:

I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech […] stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.

(more…)

Adobe renames “Flash Professional CC” to “Animate CC”, begins to veer away from Flash towards HTML5

Posted by:
Date: Wednesday, December 2nd, 2015, 05:24
Category: iOS, News, security, Software

an_appicon_192

One of Steve Jobs’ wishes finally came true as Adobe begins to veer away from Flash and adopt HTML5.

Adobe has announced plans to rebrand its Flash Professional CC software as Animate CC to acknowledge a growing shift away from Flash.

The company explained than a third of content created in Flash Pro CC uses HTML5, leading the company to rename the software to “accurately represent its position as the premier animation tool for the web and beyond.”

As such, the name of Flash Professional CC has been changed to Animate CC, which Adobe said will feature updates for the software, including improved drawing, illustration, and authoring support and integration with Adobe Stock and Creative Cloud Libraries.

(more…)

Instagram changes APIs, feed access to third-party apps following discovery of malware

Posted by:
Date: Wednesday, November 18th, 2015, 07:45
Category: Developer, iOS, News, security, Software

instagram-logo-png

In the wake of a security breach, you make changes.

Following the recent discovery of the InstaAgent malware, which was Instagram passwords from users, Instagram has instituted much stricter rules for accessing its API, effectively killing off a large number of apps that read Instagram feeds.

Over on its developer web site, Instagram explained that its API is changing, the way it distributes its feed is changing and the current API is being shut down. The company offered the following comment:

We’ve updated our Platform Policy to explicitly list the use cases we will support moving forward. These include apps and services that:

Help individuals share their own content with 3rd party apps, such as apps that let you print your photos and import an Instagram photo as a profile picture.

Help brands and advertisers understand and manage their audience, develop their content strategy, and get digital rights to media. Established apps in this space may apply for our newly announced Instagram Partner Program.

Help broadcasters and publishers discover content, get digital rights to media, and share media using web embeds.

(more…)

Apple, Google remove InstaAgent app after password-stealing malware detected

Posted by:
Date: Thursday, November 12th, 2015, 12:19
Category: Android, iOS, News, security, Software

trojanhorse

This is the joy of the war against malware.

Both Apple and Google have removed the InstaAgent app from their respective app stores after it was discovered that the app was storing users’ Instagram usernames and passwords in an unencrypted form, before sending them on to unknown servers.

InstaAgent, which tied in with Instagram, had become a popular download in the App Store’s free software section.

(more…)

Security firm FireEye reports updated XcodeGhost loose in the wild, possibly infecting genuine iOS apps with malware

Posted by:
Date: Wednesday, November 4th, 2015, 08:23
Category: iOS, News, security, Software

xcodeghost

The XcodeGhost thing may have reared its ugly head again, this time in a different form.

Security firm FireEye stated via a blog post that a variant of the XcodeGhost code, which has been known to inject malware into genuine apps, is still out there. The firm stated that it has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

The company offered the following statement:

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.

(more…)

Apple cites that it’s “impossible” to unlock iPhones running iOS 8 or later for authorities

Posted by:
Date: Friday, October 23rd, 2015, 13:41
Category: iOS, iPhone, Legal, News, privacy, security, Software

applelogo_silver

The legal/encryption squabble continues.

On Wednesday, Apple, representing itself in a New York court, took sides regarding backdoor access to iPhone encryption and stated that the company could not unlock iPhones running iOS 8 or higher even if it wanted to.

Apple called the request to access an encrypted iPhone “impossible to perform” on more than 90 percent of devices running iOS 8 and up.

(more…)

Apple posts guide to activating, deactivating Private Browsing in iOS 9

Posted by:
Date: Monday, September 28th, 2015, 08:45
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

ios9logo2

This could come in handy.

Recently, Apple posted full instructions as to how to activate and deactivate Private Browsing in iOS 9. Private Browsing mode protects your private information and blocks some websites from tracking your behavior. Safari won’t remember the pages you visit, your search history, or your AutoFill information.

(more…)

Apple to begin providing better Xcode development tool hosting for Chinese developers in wake of XcodeGhost incident

Posted by:
Date: Thursday, September 24th, 2015, 07:22
Category: Developer, News, security, Software

Xcode6_2x

In the wake of developers downloading a malware-filled copy of your development tools and inadvertently uploading tons of malware-filled apps to the App Store, it helps to put some money into infrastructure and make sure the slow download speeds for the genuine version of the development tools are sufficient, thus removing the need to download the fake version in the first place.

Apple’s Phil Schiller, the company’s senior vice president of worldwide marketing, said on Tuesday that steps are being taken to prevent any such occurrence of the conditions that caused the XcodeGhost issue in the future.

The source of the tainted apps was a program called XcodeGhost, a counterfeit version of Xcode, the platform used by developers to create programs for iOS and Mac. Developers in China often download Xcode from local sites due to the slow download speeds associated with sourcing it officially from Apple’s US servers. The spurious version of Xcode was slipped in amongst the authentic ones on Chinese sites and downloaded by many programmers, unbeknownst to them.

(more…)

XcodeGhost malware affecting hundreds of iOS apps, Apple pulling infected versions from App Store

Posted by:
Date: Monday, September 21st, 2015, 07:06
Category: iOS, iPad, iPhone, News, security, Software

appstorelogo

This is where things get a bit messier.

Apple has admitted that it is App Store integrity was compromised as apps were secretly infected by fake Xcode tools before submission to the App Store. The company has now officially acknowledged the problem and is now removing apps affected by the malware from the App Store.

Developers were inadvertently submitting malware by using counterfeit versions of Xcode, Apple’s development software, to submit apps. The fake Xcode, dubbed XcodeGhost, would inject malicious code into otherwise-legitimate apps during the submission process.

The malware seems to have infected hundreds of apps on the App Store, Apple releasing the following statement:

(more…)

Palo Alto Networks cites XcodeGhost malware’s presence in 39 iOS apps

Posted by:
Date: Monday, September 21st, 2015, 07:47
Category: iOS, News, security, Software

xcodeghost

Well, this is kind of a mess.

Research associate Palo Alto Networks has posted an analysis on a novel malware XcodeGhost that modifies Xcode IDE to infect Apple iOS apps. The report mentions that at least two popular iOS apps were infected. We now believe many more popular iOS apps have been infected, including WeChat, one of the most popular IM applications in the world.

The malware itself seems to stem from the fact that some iOS developers use crowd-sourcing techniques which adds to their apps being more vulnerable.

As last count, roughly 39 iOS apps were infected, some of which are extremely popular in China and in other countries around the world, comprising hundreds of millions users.

(more…)