iOS 9.3 to fix serious iMessages encryption flaw

For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously.

Here, for instance, is what Apple’s website says about its approach to privacy when it comes to iMessages:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime,

> Read More

XcodeGhost continues to haunt users of the iOS App Store

One of the big malware stories of the last few days has been the discovery that legitimate developers had uploaded apps to Apple’s App Store, without realising that their code had been compromised.

The malicious code, known as XcodeGhost, managed to insert itself into the developers’ apps via a circuitous route.

> Read More

Tell us how to infect an iPhone remotely, and we’ll give you $1,000,000 USD

If there’s something which is in high demand from both the common internet criminals and intelligence agencies around the world, it’s a way of easily infecting the iPhones and iPads of individuals.

The proof that there is high demand for a way to remotely and reliably exploit iOS devices, in order to install malware that can spy upon communications and snoop upon a user’s whereabouts,

> Read More

Online extortionists reset Android PINs, take data on virtual drives hostage

In the last few years extortion has hit computer users, big time.

Consumers and businesses alike are finding themselves locked out of their computers, or prevented from accessing their valuable data, by ransomware attacks that demand a payment be made to online criminals.

But normally when these malicious attacks are described,

> Read More

Secure Alternatives to Android

In my previous post I discussed the flurry of Android vulnerabilities which have come to light over the last year or so. TowelRoot, Fake ID, Android Installer Hijacking, Stagefright, and Certifi-gate have been publicly announced. Some of them have been around in Android for years. Creating patches for your Android devices is a long complex path,

> Read More

Do Android Flaws Have You Looking for Alternatives?

Android security flaws have become more frequent in the news lately. At least one of them, Stagefright, has been quite severe. The worst part is now that these vulnerabilities have publicly disclosed, everyone including cybercriminals are aware of them. The details needed to compromise devices have been published by every level of media,

> Read More

Android users exposed to malware by installer hijacking vulnerability

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware.

In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware.

> Read More

Not Running Android KitKat? Hackers Could Steal Info from Your Phone

Security researchers at IBM have gone public about a critical security vulnerability in the Android operating system, that could allow hackers to remotely execute code on users’ devices and steal sensitive information.

The flaw, which was discovered nine months ago by researchers of the Application Security team at IBM but has only now been made public,

> Read More

How to Bypass PayPal Two Factor Authentication

One of PayPal’s primary mechanisms to protect accounts from being hacked may have been fundamentally flawed for years.

That’s the concern raised by security researchers who uncovered a method of bypassing PayPal’s two-factor authentication (2FA), the technology that is supposed to protect your account should your username and password fall into the wrong hands.

> Read More

Why the MDM Rush?

With mobile devices continuing to drive consumer and enterprise marketplace trends, there is no lack of Mobile Management Device (MDM) vendors to choose from—and one more just entered the market.

Lumension just rolled out Lumension Endpoint Management and Security Suite with Mobile Device Management v8.0. What sets it apart from the scores of other vendors?

> Read More

Past, Present and Future of Endpoint Security

In the throes of holiday shopping season, 110 million Target customers woke to the news that cleverly placed malware had pilfered their credit- and debit card numbers, along with other sensitive data. We aren’t yet certain who was behind the massive attack on Target and, evidently other large retailers, or how the heist was orchestrated.

> Read More