SideStepper: Bypassing the iOS Gatekeeper to Attack iPhone and iPad Devices

 
Check Point disclosed details about SideStepper, a vulnerability that can be used to install malicious enterprise apps on iPhone and iPad devices enrolled with a mobile device management (MDM) solution. The Check Point mobile research team presented details about this vulnerability at Black Hat Asia 2016 in Singapore on April 1, 2016. Click here to download the report. What is SideStepper? SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making ...

Over the Garden Wall: Enterprise Apps Are An Unguarded Path Into iOS

 
iOS is supposed to be a secure environment where only certified code can run. That's why Apple uses its app review to scrutinize each and every app before it makes it onto the App Store. However, there are other paths to distribute apps to iOS devices without going through Apple’s review. The first is using developer certificates. Each user is entitled to one developer certificate which can be used to test apps on a real iOS device. The second and more common way is by using enterprise certificates. Apple created the Developer Enterprise Program so businesses could develop and deploy their own apps for internal use. These apps can be distributed quickly and directly to devices, ...

Unsecure Routers Pose a Serious Risk to Small Businesses

 
Today, business cannot operate without an internet connection. Business leaders are more empowered than ever with the resources attainable with the internet, and by keeping security in mind, businesses can make the most of the internet while knowing their data is secure. For many small businesses their survival is dependent on the internet, making it that much more important to have security top of mind. Small and Medium Businesses often find themselves between a rock and a hard place in terms of security. They understand the necessity of implementing security solutions but cannot afford the full advanced security measures large enterprises implement to protect their sensitive data which ...

Check Point Threat Alert: SamSam and Maktub Ransomware Evolution

 
Executive Summary New and evolving ransomware campaigns, dubbed ‘SamSam’ and ‘Maktub’, use techniques not commonly observed in previously known ransomware. SamSam spreads by targeting and infecting servers that contain unpatched vulnerabilities. Maktub and Samsam do not communicate with a C&C server to encrypt files on an infected computer. SamSam’s primary target is the healthcare industry.   Description SamSam ransomware has an unusual infection method. Instead of spreading by spam/phishing emails, it scans for vulnerable servers with unpatched software. Unlike other ransomware campaigns, there is no need for any user action such as clicking on a certain link ...

Security Management Innovation in Financial Services

 
The financial industry is one of the leaders in adopting new technology to service and protect its customers, and recent developments in technology have given the industry countless opportunities to do so even more. Digital systems are now the beating heart of many areas of the financial services business, opening up new communication links across all channels, including mobile and social engagement with customers and suppliers. However, these advancements also have the ability to expose companies to potential risk. Unfortunately, we don’t have to go very far to find news of cyberattacks against financial institutions. Practically everywhere we look, we see the media reporting the ...

In The Wild: Mobile Security Observations from the Check Point Research Team

 
Special thanks to malware analysts Nikita Kazymirsky and Hod Gavriel who contributed to this blog post. Mobile malware learns fast. Many times, these malwares imitate behaviors and trends first seen in the PC world. However, mobile users are much less aware of mobile malware than PC malware. This allows mobile malware to gain momentum and to achieve its malicious intent. This week we saw mobile malware that successfully implemented techniques that up until now had been seen almost exclusively in the PC world. DataLust Android Malware Joins the Ransomware Mayhem Ransomware is a growing phenomenon all over the world, as in Kentucky where another hospital has been taken hostage. But ...

New TeslaCrypt Ransomware Spikes on Leap Day, Attempting to Catch Users Off-Guard

 
In reviewing recent anomalies in our threat traffic, Omri Givoni, who heads up our Threat Prevention Cloud Group, noticed a spike of more than 100,000 events in our detections on leap day, February 29th, 2016. Zeroing in on the event, we isolated one SHA1 7429b5b4c239cb5380b6d7e4ffa070c4f92f3c79, which strangely did not show any incidents either before or after that date.   A quick examination showed this was indeed a unique campaign based on a new TeslaCrypt variant, which on the leap day would have been detected by only four AV vendors according to VirusTotal.   Why do a spike campaign? Ransomware infections are now the top trend in the eyes of customers and security ...

Over the Garden Wall: Jailbreaking Is A Threat to Consumers and Enterprises

 
With good reason, Apple is sensitive about the integrity and security of iOS which is purpose-built as a closed and protected environment. This design gives iOS strict control of any code executed on an iPhone or iPad. There are, however, several ways used to bypass Apple’s security by design. One of these methods is jailbreaking. Some users may want to implement additional features and app on their devices, but to do so they need a jailbreak to exploit the iOS and gain root privileges. These privileges allow them to download and install additional apps and to control their devices fully. Unfortunately,  this also removes the built-in security features of iOS too. Users seeking ...

Lessons learned from the uKnowKids breach

 
Nothing is as important as our children. We will do anything we possibly can to protect them. Some parents even use apps to make sure their kids are safe, but this can turn out to be a double-edged sword. Recently, the database of the uKnowKids app was breached, and sensitive user information was leaked. But while the app is intended to protect kids, there’s no way to ensure it’s used for this purpose. In the past, we’ve seen various legitimate “spy phones” apps sold and abused by malicious actors. Many apps, uKnowKids among them, can collect tons of sensitive information about devices and users. In fact, according to a report published in Dark Reading, out of over 315,000 ...

Optimizing Security Management with Unified Policy

 
Today, cyber security is becoming more complicated as organizations’ networks are increasingly dynamic and often extend beyond the perimeter. In addition, a company’s security profile has transformed to encompass all aspects of the work environment – applications, documents, electronic data, public and private clouds, virtualized environments, users, and endpoints and mobile devices. All business units must be protected, managed and monitored. As a result, security administrators are implementing multiple point products and multiple management consoles (often from disparate vendors) resulting in complicated policies, lack of policy controls and poor visibility of security events. ...