Mobile Scareware – Bringing Scary Back (Social Engineering Ep. 3)

 
With this entry, we continue our series on common methods of social engineering that target mobile devices. This time around, we discuss “Scareware”. For our first post, on Malicious Mobile Advertising For our second post, on Fake Apps How Does a Scareware Attack Work? Scareware attacks are based on the victim initiating the download of malware after receiving some form of fake message or notification, falsely alerting them that their device is infected and requires “a security app”. These notifications typically use mobile advertising platforms in order to present themselves to the user. ...

Bleeding-in-the-Browser – Why Downplaying of Reverse Heartbleed Risk for Mobile is Dangerous to the Enterprise

 
For the past few weeks, we’ve been researching methods to protect our customers from Heartbleed. Some researchers downplay client-side Heartbleed attacks and believe them to be improbable due to the required scenarios for an attack and vulnerabilities limited to Android 4.1.1 devices. We believe that client-side Heartbleed attacks could be easily executed and that Enterprises should take steps to manage that risk now. To show how simple it is to exploit a device  we have put together a short video to illustrate this.   The video here was done using a device running Android OS 4.1.1 (Jelly Bean) ...

Weekly Mobile Security News Roundup – Are your Mobile Apps Exposing Sensitive Data?

 
For the first time in several weeks, this week’s summary isn’t dominated by the OpenSSL vulnerability - Heartbleed. While Heartbleed may not breaking news anymore - we still recommend making it a priority to ensure your enterprise is protected. You can find out more here. This week’s items serve as another reminder of the different ways an app or a device can expose sensitive data. WhatsApp Location Vulnerability A vulnerability in WhatsApp that can enable an attacker to intercept a victim’s shared locations. Although WhatsApp have acknowledged this, it is yet to be fixed. When ...

Fake Applications: Why mobile users can’t judge a book by its cover. (Social Engineering Ep. 2)

 
The second post from our series on the different mobile security aspects of social engineering covers another major threat, Fake Applications. Fake apps owes much of its success to users’ susceptibility to pressure, repetition and other methods of social engineering. For our first entry on mobile social engineering - malvertisements - click here. Fake apps have proven to be one the most significant methods of distributing mobile malware. Attackers can create carbon copies of the entire app, copy the app’s icon or even just attach malware to the legitimate version of the app. Either way, the apps appear to be legitimate, with relevant ...

Weekly Mobile Security News Roundup – Heartbleed Leaves Mobile Users Vulnerable to Attacks

 
Another week of mobile security news has been mostly dominated by the after effects of the discovery of Heartbleed. It’s becoming apparent that fears regarding the magnitude of the event weren't exaggerated. With Heartbleed based PC attacks already being reported, this issue is still evolving. This week also exposes new threats with Android icon hijacking, Flash SMS flaws in iOS and a Samsung Galaxy S5 biometric hack leaving their owners and their Paypal accounts at risk. Lacoon’s Customers are Secure Against Heartbleed Lacoon MobileFortress can ensure that your enterprise mobile ...

Heartbleed Product Update – Lacoon Customers Are Protected

 
Lacoon Releases MobileFortress Product Update for Heartbleed - Providing customers with the first solution able to detect and protect their mobile devices from Heartbleed so they can confidently continue to do business   In our previous post, we talked about the OpenSSL vulnerability discovered last week, aptly named Heartbleed because, among other things, it allows the exploit of SSL heartbeats. Documented as CVE-2014-0160, Heartbleed could impact more than 65% of the Internet, as well as many mobile devices and apps. We also developed an easy to use application for testing if a mobile device is vulnerable. Check out that post to learn more.  To get ahead of the ...

Is your Mobile Device Vulnerable to the Heartbleed Bug? Test it now.

 
Heartbleed has taken the Internet by storm, affecting both PC and mobile users. Heartbleed is a serious flaw in the method used by more than two thirds of the Internet to secure communications between users and the servers. The problem with mobile exacerbates as even when fixes are available for users, the patching process is long and not under the control of admins or end-users. What exactly is Heartbleed? The Heartbleed bug is a serious vulnerability in the OpenSSL cryptographic software library. This library is widely used within vendors products, services and sites to secure web browsing (i.e whenever you see a padlock in your browser or the url begins with HTTPS), as well as used ...

Weekly Mobile Security News Roundup

 
This week’s roundup is dominated by Heartbleed – a significant SSL encryption vulnerability. Heartbleed has been taking the Internet by storm and affects both PC and mobile users. The problem exacerbates as even when fixes are available for mobile users, the patching process is long and not under the control of admins or end-users. Heartbleed – SSL Encryption vulnerability The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This library is widely used to secure web browsing (i.e. the underlying software behind SSL, in action when you see https://) ...

Social Engineering – Why mobile users are their own worst enemy

 
Social engineers have been using various devious methods to fool people for a long time. Social engineering, i.e the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is almost as old as crime itself and has been used in many ways for decades. In the online and mobile generations, social engineers try to fool unsuspecting users into clicking on malicious links and/or giving up sensitive information by pretending to be an acquaintance, trusted authorities or even just a recognisable app. By doing so, an attacker can manipulate users into disregarding their normal ...

Microsoft Ends Support of Windows XP, Internet Explorer 8 and Office 2003

 
10 April 2014   The Issue:   Starting April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP, Office 2003 and Internet Explorer 8. Without additional security updates, organizations should consider these PCs may be at risk for new vulnerabilities and malware.   Microsoft is advising users with these versions of software to update to newer versions of software to get the most up to date security protections. However, updating all PCs to newer versions of software can be a difficult task for organizations and require interim solutions to protect organizations from emerging threats.   What Can Be Done: ...