Complex Android malware believed to have infected up to 4.5M smartphones in the U.S.

Android Malware: NotCompatible

As many as 4.5 million American Android smartphone users may have been fooled into somehow downloading a complex malicious program on their devices since January 2013, The New Yok Times reports, citing security company Lookout.

Continue reading...

WhatsApp starts encrypting instant messages on Android, iOS and other platforms coming soon

WhatsApp read receipts

WhatsApp, the most popular instant-messaging platform with more than 600 million users which Facebook snapped up for $16 billions earlier this year, has started to protect data with end-to-end encryption, The Wall Street Journal reports.

For the time being, text messages exchanged between Android users of WhatsApp are being encrypted by default, but it shouldn’t be too long until the company adds encryption to its iOS app.

Encryption protects users’ communications from governments and hackers alike by making the data unreadable as it travels between servers.... Read the rest of this post here

"WhatsApp starts encrypting instant messages on Android, iOS and other platforms coming soon" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Chinese authorities shut down WireLurker site, suspects arrested

iphone 6 plus usb

Chinese authorities arrested three individuals last Friday that are believed to have developed the “WireLurker” malware, according to a police post on Sina Weibo. The authorities were tipped off by Chinese security company Qihoo 360 technology. Additionally, the post says that authorities have also identified and shut down the website that was hosting and distributing the malware.... Read the rest of this post here

"Chinese authorities shut down WireLurker site, suspects arrested" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Hackers breach State Department’s unclassified computer network

State Department Computer Network Hacked

Hackers breached computers belonging to the State Department, The New York Times reports, making it the fourth attack targeting government computers in recent weeks. While it’s not clear who attacked these targets and for what purpose, the State Department, the White House, the United States Postal Service and the National Oceanic and Atmospheric Administration have all reported similar breaches recently.

Continue reading...

‘Dirtbox’ planes masquerade as cell towers to collect smartphone data in sophisticated spying ops

Dirtbox Spy Planes in U.S.

It’s no secret anymore that governmental agencies in the U.S. and other countries have access to sophisticated tools that allow them to track and collect data from smartphones and other devices without users knowing anything is happening, and The Wall Street Journal has uncovered yet another such operation which uses a special “dirtbox” technology installed in special planes that can mimic cell phone towers and fool smartphones into believing they’re connecting to a genuine carrier tower.

Continue reading...

Apple issues statement on Masque Attack, says it’s not aware of any affected users

Masque Attack (imasge 002)

Apple tonight broke its silence regarding Masque Attack, a recently discovered vulnerability in iOS. In a statement to iMore, the company says it encourages customers to only download apps from trusted sources and that it’s not currently aware of any users affected by the exploit.

Research security FireEye announced its discovery of Masque Attack on Monday. The malware installs itself through a phishing link disguised as a new app or game, and then masquerades as a legitimate app. Once installed, it can access login credentials, credit card info and more.... Read the rest of this post here

"Apple issues statement on Masque Attack, says it’s not aware of any affected users" is an article by
Make sure to follow us on Twitter, Facebook, and Google+.

Terrifying iOS 8 security flaw has forced the U.S. government to issue a warning

iOS 8 Security Flaw

On Thursday, the U.S. government released a statement for all iPhone and iPad users warning that a vulnerability in Apple's iOS mobile operating system could give hackers access to their private information, Reuters reports.

Continue reading...

Microsoft fixed a critical 19-year-old bug that affects every version of Windows

Microsoft WinShock Security Update

Microsoft on Tuesday issued a critical fix for a 19-year-old software bug that affects all existing Windows versions since Windows 95. IBM researchers discovered the bug this past May, and BBC reports that they “worked with Microsoft to fix the problem before going public.”

Continue reading...

Exploit lets attackers replace your iPhone’s apps with malware

iPhone family

Apparently, it's the season for novel iOS security exploits. Researchers at FireEye say they've discovered a vulnerability, nicknamed "Masque Attack," that lets malicious websites replace legitimate apps with malware. If ne'er-do-wells have an enterprise developer account or your device's universal device identifier, they can send you a request to install new software outside of the App Store. Since iOS doesn't double-check that the security certificates match when the app bundle IDs are the same, it lets the rogue code overwrite the real deal and swipe data (including from the original app). FireEye says it notified Apple about the exploit in July, but the technique still works the iOS 8.1.1 beta.

Filed under: , , ,


Via: 9to5Mac

Source: FireEye

BEWARE: Huge new security flaw found in iOS 8 poses major threat to users

iOS 8 Security Flaw

Researchers at California-based cybersecurity firm FireEye have detailed what they claim to be a major new security vulnerability that has been found in Apple's iOS 8 software. The security flaw, which they have dubbed "Masque Attack," reportedly allows an attacker to replace authentic apps on a target's iPhone or iPad with a similar app with the same appearance. Any data then entered into the app can be obtained by the hacker.

For example, an app that mirrors the look of a banking app on the user's phone can be installed, and then the target's username and password can be stolen when he or she tries to enter them in the malicious app.

Continue reading...