Apple

Podcast: Project Prism – Has Uncle Sam Gone Rogue?

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS | https://www.securityledger.com/subscribeIt was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS).  While neither guest was surprised to read about the government’s monitoring of cell phone […]

Privacy Bombshell: NSA Given Access To Facebook, Apple, Microsoft, Others

If you haven’t had a chance to check out the Washington Post story on The National Security Agency’s (NSA’s) and FBI’s widespread program of wire tapping, which leads directly into the servers of nine leading U.S. Internet companies, including Facebook, Microsoft, Google and Apple. The classified program, dubbed PRISM, dates to 2007 and the administration of George W. Bush and authorizes the nation’s top spy agency to peer deep into the servers of  popular social networking sites, compiling audio, video, photographs, e-mails, documents and connection logs. Together the information could enable intelligence operators to track an individual’s communications, movements relationships over time. The classified program came to light following the leak of a classified presentation for NSA staff, dated April 2013, that describes the program as critical and a leading contributor of intelligence to President Obama’s daily briefing. While a small cadre of members of Congress were briefed on the program […]

mobile malware by platform

New Malware Exploits Android Glitch To Block Removal

A new malicious program that runs on Android mobile devices exploits vulnerabilities in Google’s mobile operating system to extend the application’s permissions on the infected device, and to block attempts to remove the malicious application. Writing on securelist.com, Kaspersky Lab’s research blog, malware researcher Roman Unuchek called the newly discovered Trojan the “most sophisticated” malicious program yet detected that works with Android phones. He cited the Trojan’s advanced features, including complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices. Kaspersky said it has contacted Google regarding the malware and the alleged vulnerabilities in Android. Google was unable to confirm that prior to publication. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan.” Like most profit-oriented mobile malware, Obad is primarily an SMS Trojan, […]

Mercedes

Traffic Safety Agency Calls Vehicle Cyber Security Standards

The U.S. Government’s lead agency for vehicle safety has told Congress that more research into “vehicle cyber security” to address the threats to a coming generation of networked automobiles that connect to the public Internet and to each other. In testimony before Congress on Thursday,  David Strickland, the chief Administrator for the National Highway Traffic Safety Administration (NHTSA) told a Senate Committee that the electronics systems are “critical to the functioning” of modern autos, and are becoming increasingly interconnected, leading to “different safety and cyber security risks.”  The agency is requesting $2 million in the 2014 budget to research “vehicle electronics and emerging technologies” with an eye to developing requirements for the safety and reliability of vehicle controls. “With electronic systems assuming safety critical roles in nearly all vehicle controls, we are facing the need to develop general requirements for electronic control systems to ensure their reliability and security,” Strickland […]

BadNews Android Applications

BadNews: Mobile Attackers Pivot To Malicious Ads

The identification over the weekend of a large-scale outbreak of mobile malware dubbed “BadNews” is bad news, indeed for millions of Android device users, who downloaded applications from the official Google Play application store that connected their devices to a malicious advertising network, dubbed “BadNews.” The discovery of the malware-infected apps, which were downloaded between two- and nine million times, suggests a new wrinkle in the mobile malware space, with attackers turning to honest-seeming mobile ad networks to push out malicious links and collect information on compromised devices. “This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network,” wrote Lookout’s Marc Rogers on the company blog. He speculated that the new tactic may reflect improved security on the Google Play app store following the introduction of the Bouncer malware scanner. Lookout said that the company notified Google, which removed the […]