Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim’s traffic of major websites such as Google, Facebook and Twitter to a device controlled by the attacker. Once done, cyber crooks can steal victims’ valuable personal data, such as email IDs, login credentials and banking information as well as can deliver malware to the targeted mobile device. San Francisco-based mobile security firm Zimperium detailed the threat in a Thursday blog post, revealing that the DoubleDirect technique is being used by attackers in the wild in attacks against the users of web giants including Google, Facebook, Hotmail, Live.com and Twitter, across 31 countries, including the U.S., the U.K. and Canada.
|
Scooped by
Gust MEES
|
Untersucht wurden 2107 Apps für iOS von 601 Herstellern. Die HP-Tochter bewertet die entsprechenden Android-Anwendungen jedoch als ebenso anfällig. Zahlreiche Apps setzten keine Verschlüsselung ein und schützten die Nutzerdaten nicht angemessen.
Two security vulnerabilities have been discovered in Apple's new mobile operating system, less than 24 hours after launch.
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Der Vorwurf des Hacker-Kollektivs Antisec gegen das FBI wiegt schwer: Auf einem FBI-Laptop habe man eine Datei mit Millionen Seriennummern von iOS-Geräten gefunden. Die Ermittlungsbehörde dementiert. Mehr erfahren: http://www.tageblatt.lu/nachrichten/story/13507432
|
Scooped by
Gust MEES
|
Mobile variants of the commercial FinFisher trojan target BlackBerry, Windows Mobile, Symbian, Android and iOS devices. The commercial FinFisher FinSpy spyware trojan was created by Gamma International, and its development is believed to take place in Germany. The company sells its trojan toolkit – which is thought to currently support all major operating systems including Linux, Mac OS X and Windows – to governments for use by security agencies. Until now, relatively little was known about the mobile variant of the trojan. Based on the available code samples, Citizen Lab is convinced that the mobile trojans it analysed are a mobile variant of FinSpy. The trojan is believed to be capable of monitoring rooms through silent calls, downloading files, tracking a user's location, and forwarding phone calls, SMS text messages and emails. FinSpy can also apparently intercept BlackBerry Messenger messages. The trojan typically infects smartphones via specially crafted emails. The iOS variant requires iOS 4 or later and is executable on all iPad models, on iPhone 4 and 4S devices, and on third and fourth generation iPod Touch devices. The app installs in the background, downloads further code, and injects this code into the startup routine, anchoring itself deep into the system. The researchers found "FinSpyV2" references in the binary. As the binary contains a valid developer certificate and an ad-hoc distribution profile, iOS devices accept it without the need for a jailbreak. The certificate was issued to Martin Münch – the managing director of Gamma International's German subsidiary.
In a first, Apple manager scheduled to take stage Thursday at Black Hat to discuss security technologies in iOS... Beyond Flashback, research has shown that Macs are carrying malware unbeknownst to users. A security scan of 100,000 Macs found 3 percent infected with Mac-capable malware, according to anti-virus vendor Sophos. When Windows malware was included, one in five Macs were found to be harboring some type of malware. While the Mac has been the primary target, hackers are taking notice of iOS. This month, Kaspersky Lab reported finding an iOS Trojan that uploaded a user's address book to a remote server. Spam messages with a URL to the application, called "Find and Call," were sent from the server to all the users' contacts. For years hackers focused on Microsoft Windows PCs instead of Apple products, which had a fraction of the market share. Today, ===> Apple's success in selling the iPhone and iPad have made it the world's most valuable company and its products a potentially lucrative target for cybercriminals. <=== Read more: http://www.csoonline.com/article/712227/all-eyes-on-apple-with-it-set-to-take-security-public?utm_source=dlvr.it&amp;utm_medium=twitter
A serious bug was discovered recently in the Facebook and Dropbox applications on iOS and Android that could cause users to have their private information stolen.
Facebook login credentials could be lifted from smartphones because the site is not encrypting the sensitive data on iOS and Android devices.
Via Gust MEES
|
|
Scooped by
Gust MEES
|
Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.
Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University.
An academic team at BU uncovered the flaws, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking. A paper on the issues (PDF) was presented Wednesday at the 19th Privacy Enhancing Technologies Symposium. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth
|
Scooped by
Gust MEES
|
L’iPhone 5S a été mis à mal par une équipe de Corée du Sud, qui a réussi à profiter d'une combinaison de deux bugs dans Safari pour en prendre le contrôle. Le Samsung Galaxy S5 non plus n'a pas réisté aux assauts des hackers. Deux équipes ont profité de failles dans la gestion du protocole NFC pour en prendre le contrôle. le Nexus 5 a lui aussi été piraté via NFC, grâce à une technique étonnante, qui a consisté à forcer un appairage Bluetooth entre deux appareils.
Another day, another privacy vulnerability found in iOS. When will Apple learn that a lockscreen should really, properly, lock the phone?
Via Gust MEES
|
Scooped by
Gust MEES
|
Die NSA hat laut einem Medienbericht Arbeitsgruppen für jedes große mobile Betriebssystem. Die Angreifer können Kontaktlisten, SMS, E-Mail und Aufenthaltsorte auslesen.
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device. Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices. ===> This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated: - Navigate to Settings - Select General - Select About. The version after applying this update will be “5.1.1″. <=== To apply as quick as possible, please! Read more...
News has recently surfaced over an Android and iOS security hole, but that story has been mixed up as to where the vulnerability exists. Siting problems with Facebook's mobile ...
Via Gust MEES
Apple’s iOS mobile platform, like its desktop-and-notebook sibling Mac OS X, has garnered a reputation for strong security. ===> But as new holes in iOS's security crop up, this reputation may be exposed to less-than-friendly fire. <=== GM: NOBODY is perfect!
Via Gust MEES
|
iOS 14 legte offen, dass Instagram die iPhone-Kamera unerwartet aktiviert. Die App habe in diesen Fällen nichts aufgezeichnet, so die Facebook-Tochter.
Learn more / En savoir plus / Mehr erfahren:
http://www.scoop.it/t/securite-pc-et-internet/?&tag=Instagram