Following the news about LevelDropper, an app in Google Play Store hides malware capable of rooting the user’s device in order to install unwanted applications. David Jevans, VP, Mobile Security at Proofpoint commented below. David Jevans, VP, Mobile Security at Proofpoint: “Consumers cannot tell if an app has malware; however, if you use a consumer Android anti-malware tool then you can have better odds at seeing things as they are discovered. If your phone is infected, follow the usual Android app removal process. However, if you have an app like this that roots your phone, you must wipe your phone entirely and re-install…
Author: ISBuzz Team
Forcepoint Security Labs has discovered a current and ongoing compromise on the very popular Russian site Sprashivai[.]ru.Receiving an estimated 20 million visitors per month and ranked as the 240th most popular website in Russia, Sprashivai[.]ru has been compromised and is silently redirecting users to the RIG Exploit Kit (EK) which is dropping the SmokeLoader (aka Dofoil) malware. Simply visiting the site is enough to end up with malware being executed onto the user’s machine leading to plug-ins which contain malicious functionality such as credential stealers and click fraud components. Carl Leonard, Principal Security Analyst, Forcepoint commented below. Carl Leonard, Principal Security Analyst at Forcepoint:…
Following the news that Google has defeated a lawsuit from parents who claimed the search giant was illegally tracking the online activity of children, Paul Bischoff, researcher at Comparitech.com, commented below on how you can stop Google tracking you and your children. Paul Bischoff, Researcher at Comparitech.com: “A US Federal court this week struck down an appeal made by parents who accused Google of illegally tracking the online activity of their children. The unanimous decision states Google is not liable for planting cookies on computers used by children, which collect data used to send them targeted advertisements. Google won’t be forced to halt…
New research from mobile security and management expert Wandera has found that the official UEFA Euro 2016 Fan Guide App is leaking users’ personal data. Analysis of the data traffic patterns from enterprise mobile devices reveals that highly personal user credentials, including usernames, passwords, addresses and phone numbers, are being transferred over an insecure internet connection. The app, which has more than 100,000 downloads, could therefore provide an access point for hackers to access, and potentially steal, valuable user data. Wandera’s analysis of the Euro 2016 app took place between 25th May and 24th June 2016 and relates to both the iOS…
The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting at least 136,000 users globally. A report on the ransomware threat landscape, conducted by Kaspersky Lab, also found that the majority of attacks are based on only four groups of malware. The report covers a full two-year period which, for reasons of comparison, has been divided into two parts of 12 months each: from April 2014 to March 2015, and April 2015 to March 2016. These particular timescales were chosen because they witnessed several significant changes in the mobile ransomware threat landscape.…
Toothbrush? Check. Towel? Check. Computer, smartphone, tablet? Check. If you are one of those travelers who can’t hit the road without having all the tech gadgets in their suitcase, then you should also be aware of the risks that lurk in the “shadows” of public internet connections, online banking and shopping on the road. But don’t worry, there are ways to protect yourself from sticky hands of cybercriminals. ESET experts have put together a short guide to help you travel safely and keep all your data and devices protected: Make sure that your laptop and mobile devices run a fully…
Security researcher Chris Vickery has discovered an unprotected World-Check database containing two million details about people and organisations suspected of being involved in terrorism, organised crime and money laundering, among other offences. Although much of the data is aggregated from the public domain, the Data Protection Act requires personal information to be kept secure, regardless of whether it has been collated from public sources. Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian commented below. Luke Brown, VP and GM EMEA, India and LatAm at Digital Guardian: “Organisations have a duty of care, not to mention legal obligation, to protect…
Following the news about the noodles & company is probing a credit card breach that is said to have hit several of its 500 stores. IT security experts commented below. Brad Bussie, Director of Product Management, STEALTHbits Technologies: “Anti-virus and anti-malware are unable to keep pace with the emerging threats, and we are seeing that daily with company breaches. The thing to remember about malware is that it needs a delivery mechanism. Payment card systems and point of sale systems should be completely isolated and hardened to create a minimal attack surface. Organizations that allow removable devices, internet browsing, and email…
Utility companies nationwide are angst-ing about Friday. Not because it’s a long weekend, but because July 1 marks the end of the extended deadline for compliance – imposed by the Federal Energy Regulation Commission (FERC) – with NERC’s(N. American Electric Reliability Corp.) Critical Infrastructure Protection (CIP) V5 standards. Why is this important? Organizations in NERC’s jurisdiction serve more than 334 million people, and includes users, owners, and operators of the bulk power system. America’s energy plants and other critical infrastructure are immensely dependent on technology, yet legacy devices in our nation’s power grids don’t even have the memory necessary to be upgraded Our national power…
Think about what you could do with five dollars. You could get dinner for yourself at McDonald’s, so long as you don’t upsize the fries. You could buy a toy for a dog. You could get half of a low quality haircut. Or you could take a website offline, causing both short term and long term repercussions for a business. Unfortunately, that’s the reality. Five dollars could allow a person to severely impact a business, but not get the large size fries with a fast food value meal. It’s called DDoS for hire, and it’s a big problem that’s only…