Wipe Leaves Crumbs, Android App Tampering, SMS iPhone Crash – Mobile Security Weekly

 
Both iOS and Android had several problematic issues this week, making it clear (once again!) that device vendors are failing millions of users from a security perspective. We also reiterate the fact that there are many different areas of “the mobile ecosphere” that can be the source of major security issues.   Factory Reset Leaves Android Master Cookie Crumbs A new  study reveals just how much data and information remains on an Android device after a factory reset. According to the research performed on 21 Android smartphones from five vendors running Android versions v2.3.x to v4.3, the factory reset function on most Android phones doesn’t work properly and more than 340 ...

CapTipper – Malicious HTTP Traffic Explorer

 
The Problem   In recent years, the Internet has experienced a large number of “drive-by” attacks, mostly by exploit kits. Exploit kits are a type of malicious toolkit which exploit security holes, such as insecure or outdated software applications, for the purpose of spreading malware. When a victim visits a website whose server has been compromised, he or she is redirected through various intermediary servers until they land at the server hosting the exploit kit. From there, the exploit kit can gather information from the victim’s system to determine which exploit to use, and then download and execute the malware on the victim’s computer.   The complication for the ...

Stopping the Next Massive Cyberattack – Step 2: Segmentation

 
When it comes to cybersecurity, conducting a thorough assessment of your current environment to identify potential weaknesses in your security network is only the first step toward a stronger security infrastructure. The next step is to segment the network. Segmentation is the process of separating a network into multiple sections, or segments, to better protect information and improve security.   Many organizations continue to function within a flat network, creating an open environment where all information is accessible to everyone. In a flat network, security is only implemented around the perimeter of the system, and sensitive data is freely shared under the assumption that ...

Safari Bugs Buzzing, South Korea Spie on Teens, Apple Watch Time Out – Mobile Security Weekly

 
The world of mobile security has been going in many different directions over the last two week. From state-sponsored monitoring tools to Apple Watch security issues, or even more classic problems with iOS security, mobile security certainly never stays still for long as threats grow and spread. A New Safari Bug Has Buzzed Into Town Researchers have published details of a serious bug within Safari,  both on iOS and OSX. The bug enables attackers to perform address-spoofing to trick Safari users on iPhone, iPad or Mac into thinking they are visiting a known or trusted site, when in fact, their browser is connected to an entirely different address (a malicious credential-stealing site for ...

Check Point Threat Alert: Logjam

 
Executive Summary A major flaw was discovered with SSL and was named "Logjam". The flaw affects a number of fundamental web protocols. 8.4% of the Top 1 Million domains were initially vulnerable. SK106147 - Check Point Response to Logjam Vulnerability.   DESCRIPTION The vulnerability affects an algorithm called the "Diffie-Hellman key exchange" which allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection. The attack allows a man-in-the-middle to downgrade security of connections to a lower level of encryption — 512 bit — which can be read and attacked with relative ease. This allows the attacker to read and ...

Storm Kit – Changing the rules of the DDoS attack

 
Background Distributed denial of service (DDoS) is one of the most commonly used cybercriminal methods. It’s easy, cheap and difficult to trace, and “service providers” can be found throughout the “dark” Web. As a result, the impact on e-commerce and other online business can be tremendous. According to a recent survey by Neustar, a DDoS attack can cost a victim organization as anywhere from $10,000 to $50,000 per hour in lost revenue. Depending on the industry, the damage can reach as high as $2 million a day, or more than $100,000 per hour in revenue. A typical massive DDoS attack involves a large botnet: a network of compromised computers, usually personal end points ...

Analysis of the Havij SQL Injection tool

 
Havij, an automatic SQL Injection tool, is distributed by ITSecTeam, an Iranian security company. The name Havij means “carrot”, which is the tool’s icon. The tool is designed with a user-friendly GUI that makes it easy for an operator to retrieve the desired data. Such ease of use may be the reason behind the transition from attacks deployed by code-writing hackers to those by non-technical users. Havij was published during 2010, and since its, release several other automatic SQL Injection tools (such as sqlmap) were introduced. However, Havij is still active and commonly used by both penetration testers and low level hackers.     Havij traffic is easily ...

The 1st Step to Stopping the Next Massive Cyberattack: Assess

 
Given the ever-increasing sophistication of cybercrime methods, organizations must employ advanced assessment tools and practices to reduce or eliminate security gaps. The first step to a successful security posture is to know what your current security network looks like. It’s hard to strengthen a security foundation when you don’t know where the weaknesses are.   A comprehensive assessment will evaluate the current security network in all areas, from network architecture and security infrastructure and policy to monitoring capability and incident response readiness. It will identify potential vulnerabilities and highlight gaps in security resources, capabilities, and ...

The Microsoft Help File (.chm) May Enslave You

 
 “Microsoft Compiled HTML Help” is a Microsoft proprietary online help format that consists of a collection of HTML pages, indexing and other navigation tools. These files are compressed and deployed in a binary format with an extension of .CHM (compiled HTML).   Check Point researcher Liad Mizrachi has conducted research showing that .chm files can be used to execute code on a victim computer running Microsoft Windows Vista, and higher.   Check Point has discovered cyber criminals that are using this technique to spread malware and carry out attack campaigns using social media and spam mail.   Microsoft has not yet developed a patch to block this ...

Android Under Attack! – Mobile Security Weekly

 
While perhaps not emulating last week’s massive haul of mobile security hazards, this week’s stories still pack a hefty punch. The stories reraise the issue of inherent problems with the basic architecture of the modern mobile device as well as the ecosphere within which it exists (i.e App stores and other basic services). Researchers:  Secret Ad Trackers Inside 1000s of Android Apps Security researchers have released a report after testing a group of 2,000 apps from the Google Play Store and finding that they connect to 250,000 different URLs from 2,000 different top-level domains. This in itself is quite intriguing - it essentially means user data is ...