Remote access toolkits (RATs) for Android are nothing new, but until now they've mostly targeted the Asia region.
Now researchers at mobile security specialist Lookout have uncovered Dendroid, a custom RAT aimed at users in western countries. Dendroid’s author is selling the toolkit online with payment in virtual currencies like Bitcoin and even offers a warranty promise that it will remain undetected.
I’m still working-away on my IBM book and it is still a week from being finished (the well-known second 90 percent syndrome). The book, if I am allowed to sell it on Amazon, will cost a whopping $3.99 and will be worth the money. But I’m still a columnist of sorts so here are my thoughts on pCell, an impressive new technology for increasing performance of LTE mobile data networks. It was invented by WebTV founder Steve Perlman, introduced two weeks ago in New York (very impressive video here, but fast-forward to 5:30) and was the talk of the Mobile World Congress in Barcelona the following week. pCell is amazing. It is also probably a security nightmare waiting to happen.
This is not me being a bad-ass or somehow wanting pCell to fail. I think it is great and I want it to wildly succeed, but there are a couple things about pCell that have been going over the heads of most reporters, security being one of them. I’ve read all the stories about pCell and the word security doesn’t appear in any of them, none.
The increasing trend towards BYOD and mobile devices in the workplace leads to added risks, but employees are often unaware or feel it isn't their problem.
These are among the findings of a survey by security specialist Absolute Software which polled workers in companies with a 1,000 or more employees who use mobiles for work.
Independent testing group AV-Comparatives has released its 2014 Internet Security Survey.
The survey asked 5,845 users from around the world their views on security and reveals that when it comes to antivirus protection Americans like to get it for free whilst Europeans prefer to pay.
There are no details on new features, as we write, but the most obvious change so far is the simplified, subdued interface. Plain buttons highlight four key task areas -- "Scan", "Updater", "Reports" and "Virtual Keyboard", for Anti-Virus 2015 -- and clicking any of these causes a new task pane to fade into view.
It's often the case that the weakest link in any system's security is the person sitting in front of the screen.
As companies recognize this they're tending to invest more in training so that they can avoid threats rather than have to clean up after them. In a recent worldwide survey by Dell, 67 percent of security decision makers say they have increased funds for education.
Every day, right after I wake up, I check my email accounts to see who reached out during the night. This morning it was Twitter that grabbed my attention with an email informing me that my password has been reset.
The reason? "Twitter believes that your account may have been compromised by a website or service not associated with Twitter", says the email received from the social network. "We've reset your password to prevent others from accessing your account". This is not something that one wants to hear, is it?
Webcam porn! Spying! Cell phones! Bitcoin controversy! Just another normal week in the world of tech news! Bitcoin exchange Mt Gox disappeared offline amid concern about missing millions and then filed for bankruptcy. After panic spread through Mac users following the discovery of a serious SSL bug in Mavericks, Apple released an update that plugged the hole -- but it was also discovered that iOS 7 has a keylogging vulnerability. Microsoft released Service Pack 1 for Office 2013, but anyone using Office 365 will need to force the installation of newer updates in order to reap the benefits.
Security updates are all well and good for operating systems and applications, but it will do little to protect you against the wandering eyes of government agencies. As if everything we have already learned about the activities of the NSA et al, this week's revelations about what the UK's GCHQ has been getting up to is sure to raise ire. Not content with logging emails and web searches, the UK intelligence agency apparently spent a number of years tapping into the webcam chats of millions of Yahoo users. There may be little good news in this revelation, but it was at least slightly amusing to find that the surveillers were rather taken aback by the amount of pornographic content they encountered. It makes ya proud!
Apple's 'good enough' security response: why it’s not going to change, isn’t fair, but doesn’t matter anyway
Apple’s handling of the recent "goto fail" vulnerability has brought about another round of the usual criticisms that we’ve heard from the security research community for years. In this most recent episode, Apple’s decision to provide security updates for iOS devices while leaving the vulnerability unpatched on Mac OS X for four days and giving no clear sign of the company's intentions has revived the oft-repeated criticisms that Apple isn’t transparent in its security response, isn’t timely, and doesn’t engage with the researcher community positively. Often the criticism will point to Microsoft as an example of what Apple doesn’t do and should.
I’m a ten year veteran of the Microsoft Security Response Center (MSRC), and I and my colleagues have said much the same things about Apple’s security response. In fact, one of my colleagues, Stephen Toulouse, made news in 2006 by calling on Apple to implement some of the many programs that Microsoft had put together. For us, it was always particularly frustrating to see Apple essentially get a pass on behavior that would lead to huge outcries if Microsoft did it. Think of the outcry if there was an SSL/TLS vulnerability that enables man-in-the-middle attacks affecting Microsoft Windows and Internet Explorer that’s unpatched for four days with no information from Microsoft. Now, compare that with what we saw with Apple. Forgive the pun but its Apples to oranges, really and Apple gets off easy every time.
Service Pack 1 has just started to roll out to Office 2013 users, but Office 365 users have been left out in the cold. You might think that as a subscriber your software is kept constantly updated -- and this is true to a point. But talking to Paul Thurrott, Microsoft reveals that a "handful of updates are totally new in SP1" and these have not all made their way to Office 365 yet. Unless you follow the little trick that Paul has shared, that is.
Unlike many applications Office 365 does not have a built-in means of forcing an update check -- so we have to force a forced update! The steps are very quick and simple to follow, and you can grab yourself a copy of SP1 in next to no time.
It sounds like something from a James Bond film -- or something from a creepy news story about a landlord stalking one of his tenants -- but the headline relates to a real story. We're all only too aware of the activities of the NSA and other governmental agencies monitoring the telephone and internet activities of people around the world, but the latest revelations see things taking a turn for the seriously sinister.
The UK intelligence agency GCHQ, between 2008 and 2010, tapped into the webcam chats of millions of Yahoo users.
We reported earlier this week on how financial organizations are at risk from third parties with compromised security.
It seems that the same thing applies to software. The latest review by IT security specialist Secunia shows that third-party programs are responsible for 76 percent of the vulnerabilities discovered in the 50 most popular programs in 2013.
The latest breed of virus is airborne. We're not talking about a 24 hour bug that does the rounds at the office, but a computer virus. A team of researchers at the University of Liverpool, UK, demonstrated how a virus known as Chameleon was able to spread undetected over Wi-Fi by exploiting vulnerabilities in access points.
For town and cities where there are large numbers of routers and access points in close proximity, this represents a serious security risk as there is potential for a terrifying number of infections to be made in very little time.
BYOD is in full swing, but most businesses are not prepared for it. In order to maintain a high level of security, companies that embrace the movement, or want to, have to change, or adapt, their existing policies to accommodate the wave of devices their employees are bringing in, which is not what 55 percent of them are doing, according to a study issued last week.
Samsung is among the few mobile devices manufacturers to take an active role in ensuring its products are BYOD-ready and enabled straight off the bat. Its response to the movement is Knox, a solution the company released one year ago, to augment the Samsung for Enterprise program. And, now, the successor arrives to beef up Knox even further.
Due to its low market share, Windows Phone is not a popular target for malware writers, which gives users a sense of security. Whether that is genuine or false it remains to be seen, but, for the time being, the platform can be considered devoid of any malware.
Like iOS, Windows Phone limits what users, and apps, can do to increase security, which is also one of the reasons why malware is not running rampant. This is achieved through a number of dedicated features, like sandboxing. However, the operating system cannot keep users from visiting the darker corners of the InterWebs, or keep them safe from potential risks while doing so. Russian security company Kaspersky has decided to take matters into its own hands, and help those who navigate to suspicious or unsafe websites, by launching Safe Browser.