5 mobile security threats you should take seriously in 2018

IDGNS Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $21,155 per day, according to a 2016 report by the Ponemon Institute. While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That's thanks...

Read more »

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out. As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”. RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction. Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system. In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave...

Read more »

Uber, Ok Cupid and Fitbit password leaked by internet security firm

Uber, Ok Cupid and Fitbit password leaked by internet security firm California internet security firm Cloudflare helps 6 million websites push their content around the internet. It suffered a bug that saw hundreds of thousands of webpages leaking personal data. ... dailymail: 'Uber, Ok Cupid and Fitbit password leaked by internet security firm' → [Read details] Are you at risk of being hacked? A security bug has leaked the passwords and private messages of MILLIONS of Uber, Ok Cupid and Fitbit users for months  Bug in security firm's software led to leaked passwords and private messages Hundreds of thousands of sites have been affected by the leak  Cloudflare said that the bug has now been fixed and all exposed data secured There is no sign yet that the leak had been...

Read more »

Alert (TA16-336A) Avalanche (crimeware-as-a-service infrastructure)

Systems Affected Microsoft Windows Overview “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche. Description Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct...

Read more »

‘AVALANCHE’ NETWORK DISMANTLED IN INTERNATIONAL CYBER OPERATION

On 30 November 2016, after more than four years of investigation, the Public Prosecutor’s Office Verden and the Lüneburg Police (Germany) in close cooperation with the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice and the FBI, Europol, Eurojust and global partners, dismantled an international criminal infrastructure platform known as ‘Avalanche’. The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated...

Read more »