Patching

Flaw Leaves 900M Android Devices Vulnerable

A security researcher claims to have uncovered a flaw in the Android security model that leaves almost all devices running the mobile operating system vulnerable to attacks and malicious software. Jeff Forristal, the Chief Technology Officer at Bluebox Security posted a description of the flaw on Wednesday. It affects Android devices running any version of the OS released in the past four years, starting with Version 1.6 (codename: “Donut” ) – a population of nearly 900 million devices. Discrepancies in how Android applications are cryptographically signed and then verified by Android allow a malicious attacker to modify the application package file (or APK) code without breaking the cryptographic signature. The implications of the flaw are huge. A malicious application installed on a vulnerable Android device could access any data stored on the device. For applications, such as mobile virtual private network (VPN), an attacker who could alter the application’s code or […]

Continue Reading

More Questions For Facebook On Extent Of Ghost Profiles

The security firm that disclosed a security hole in a Facebook feature that allows users to download their own data file says the social network giant still has questions to answer about the extent of the data breach. Writing on their blog, researchers at Packet Storm Security said that Facebook has underestimated the extent of the breach, which affected around six million users of the social networking site and an unknown number of non-Facebook users. Packet Storm says that Facebook’s analysis of the breach failed to account for ways in which it could be exploited, in an iterative fashion, to glean information on Facebook users beyond the individual pieces of data that may have been viewed by users who used the Download Your Information (DYI) feature. The firm also called Facebook to task for failing to notify non-users whose information was exposed in the incident. On Monday, Security Ledger wrote […]

Continue Reading

FDA: Medical Device Makers, Hospitals Need To Boost Cyber Security

The U.S. Food and Drug Administration (FDA) has issued guidance to medical device makers and hospitals that use their products to pay more attention to cyber security and the potential for cyber attacks on vulnerable medical instruments.   The FDA released its “Safety Communication for Cybersecurity for Medical Devices and Hospital Networks” on Thursday – the same day that the Department of Homeland Security’s ICS (Industrial Control System) CERT issued a warning about the discovery of hard coded “back door” passwords in some 300 medical devices from 40 separate vendors, including drug infusion pumps, ventilators and patient monitoring systems. The FDA said it expects device makers to “review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device. Hospitals were instructed to harden […]

Continue Reading

Google Adds Detection For Obad Malware

Just a follow-up to our story from last week on Obad, the new family of mobile malware that affects Google Android devices: In an e-mail to The Security Ledger on Friday, Google acknowledged the existence of the Trojan horse program and has updated its detection tools to be able to identify it. In an e-mail, a Google spokeswoman said that the malware, dubbed “Obad” by Kaspersky Lab, was not found on the company’s Google Play application store. The company  added detection for the new malware to its Application Verification Tool, which protects Android users who tried to download it from a third-party application store or browser. Obad, or Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan” that primarily acts as an SMS Trojan, surreptitiously sending short message service (SMS) messages to premium numbers. It was first described in a blog post by Kaspersky Lab researcher malware researcher Roman Unuchek last week. Unuchek […]

Continue Reading

New Malware Exploits Android Glitch To Block Removal

A new malicious program that runs on Android mobile devices exploits vulnerabilities in Google’s mobile operating system to extend the application’s permissions on the infected device, and to block attempts to remove the malicious application. Writing on securelist.com, Kaspersky Lab’s research blog, malware researcher Roman Unuchek called the newly discovered Trojan the “most sophisticated” malicious program yet detected that works with Android phones. He cited the Trojan’s advanced features, including complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices. Kaspersky said it has contacted Google regarding the malware and the alleged vulnerabilities in Android. Google was unable to confirm that prior to publication. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan.” Like most profit-oriented mobile malware, Obad is primarily an SMS Trojan, […]

Continue Reading
1 29 30 31 32 33 36