Subscribe: Softpedia News - Security
http://news.softpedia.com/newsRSS/Security-5.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
android  apps  company  data  devices  google  hackers  infected  information  it’s  malware  new  security  time  users 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Softpedia News - Security

Softpedia News / Security



Softpedia News / Security



Published: Fri, 17 Nov 2017 19:46:09 +0000

Last Build Date: Fri, 17 Nov 2017 19:46:09 +0000

Copyright: 2001 - 2014 Softpedia. All rights reserved.
 



Warning: Multi-Stage Android Malware Makes It to the Google Play Store

Fri, 17 Nov 2017 07:46:00 +0000

Security company ESET has discovered at least eight applications that were infected with multi-stage Android malware and available in the Google Play Store. Before anything else, it’s important to know that Google has already been informed about these apps and has since removed them, but it’s essential to always watch out for more similar attempts as it’s apparently still possible for malware to make it to the Play Store. ESET says the apps were infected with Android/TrojanDropper.Agent.BKY malware and used a multi-stage approach to trick people into believing they downloaded clean apps. Using common names like world news and cleaner, these apps did not ask for any special permission, which in most cases is a sign of suspicious activity, and look just like a legitimate app with no clear indication of a possible infection. In the background, however, they download a diff...



The Internet Went Crazy Over a Sex Toy App “Secretly” Recording Lovemaking

Mon, 13 Nov 2017 12:10:00 +0000

Hong Kong-based sex toy company Lovense received some bad publicity the past weekend after someone on reddit accused the company of secretly recording users’ lovemaking sessions with the mobile app allowing for remote controlling of its vibrators. Basically, reddit user /u/tydoctor claimed he came across a .3gp file stored on his device that was “a full audio recording 6 minutes long of the last time I had used the app to control my SO’s remote control vibrator.” This way, the user claimed, Lovesense secretly created audio recordings of the sex sessions, obviously making people believe that the company was actually spying on people. And since spying is quite a hot topic these days, it’s ten times worse when it involves anything related to sex, so the discussion rapidly made the rounds, with more than 200 users chimi...



FBI Wants to But Can’t Hack the Phone of Texas Church Shooter

Wed, 08 Nov 2017 12:24:00 +0000

FBI agents who are investigating the Texas church shooting cannot access the information stored on the attacker’s phone because the device is encrypted and the agency doesn’t have the necessary resources to unlock it, an official said earlier this week. While the FBI did not reveal the brand or the phone model that shooter Devin Patrick Kelley was using, it’s believed it’s one of the new-generation flagships, as breaking into these phones has often been considered impossible, with parent companies paying particular attention to making devices harder to crack. Apple’s iPhone, for example, has been the subject of a several months-long dispute between the Cupertino-based technology giant and the FBI last year when investigators attempted to extract data from the device used by one of the attackers. The agency requested Apple’s help to unlock the iPhone, but the company refused to do it, claiming such a decision would compromise the security of all its customers.



The “New” Fappening: Maria Kanellis, Joseann 'JoJo' Offerman Nude Photos Leaked

Wed, 08 Nov 2017 12:05:00 +0000

It’s been a while since the last “The Fappening” leak, but a number of websites have recently posted batches of adult photos allegedly belonging to several WWE stars, including Maria Kanellis and Joseann 'JoJo' Offerman. Since no official statements have been provided until now by the WWE divas, it’s not known just yet how the content ended up being posted online. Photos that were published as part of the famous “The Fappening” saga were stolen from celebrities’ iPhones after hackers managed to break into their iCloud and Gmail accounts. Earlier this year, several other famous singers and Hollywood stars were targeted by similar disclosures, including Tiger Woods, Miley Cyrus, Anne Hathaway



Australian Singer Sia Prevents “The Fappening” by Leaking Nude Photo Herself

Tue, 07 Nov 2017 12:58:00 +0000

Australian singer Sia was this close to be involved in The Fappening stolen nude photos scandal after discovering that someone was planning to leak her intimate pictures to whoever was ready to pay. Sia, however, hasn’t tried to send an army of lawyers after those who wanted to post the photos, but instead did something a little bit unexpected: she leaked a nude picture herself, thus trying to make sure that hackers wouldn’t get any money for the alleged stolen content. According to her post, which you can find on the singer’s Twitter account, someone was trying to sell a batch of her nude photos and was offering one picture as a preview. “If you make the purchase, it will be unblurred and you will receive and [sic] additional 14 images,” the message that was allegedly sent by hackers to potential buyers read. “Here’s the photo, so you can keep the money” The 41-year-old singer, however, took everyone by surp...



Chinese Keyboard Maker Caught Tracking Typed Keys on Customer’s Computers

Tue, 07 Nov 2017 12:10:00 +0000

Chinese mechanical keyboard manufacturer MantisTek has allegedly included keylogging capabilities in the software application offered to customers of its GK2 model. Specifically developed to provide more customization options for RGB illumination and macros, the keyboard companion software can also track typed keys on the keyboard and send information to a server that’s being hosted on Alibaba Cloud. A component described as “cloud driver” appears to be responsible for recording the keypresses and sending them to IP 47.90.52.88, with the data then stored in two different locations, namely /cms/json/putkeyusedata.php and /cms/json/putuserevent.php. The worst thing is that the data is being transmitted unencrypted, which means that anyone who monitors the traffic of your Internet connection can intercept the logged information ...



WhatsApp Down in Several Countries – November 3, 2017

Fri, 03 Nov 2017 08:59:00 +0000

Instant mobile messaging app WhatsApp is down right now in several regions, with users unable to send or receive messages regardless of the mobile platform or the device they are using. WhatsApp is yet to acknowledge the outage and nothing has been shared on how long it would take to restore the service, but we’re seeing reports from part of Europe and India, with the United States not affected at this point. DownDetector indicates that a WhatsApp outage is indeed being experienced in Germany, the UK, part of Italy, Spain, and other European countries. Malaysia also appears to be affected, and so is part of China, Russia, Australia, and Turkey. At the time of publishing this article, the official Twitter account of WhatsApp hasn’t provided any details on the downtime, though the hashtag #WhatsAppDown is getting tens of new tweets every second, which confirms there’s indeed a problem in several regions.



BlackBerry Ready to Hack Its Users If the Government Wants It To

Tue, 31 Oct 2017 09:59:00 +0000

If you were still looking for a reason why BlackBerry is currently holding an insignificant market share in the mobile business, here you go. The company’s CEO has just confirmed that they’re ready to break customer encryption should they be asked by the government, basically admitting they are willing to compromise the security of any user at a time when other tech giants are fighting against law enforcement to prevent this from happening. Unlike Apple, Microsoft, and Google, which themselves have their own legal disputes with the US government, BlackBerry says that it’s willing to try breaking its encryption system and access user data, including here conversations, emails, and other details, when a court order is issued. “Yep, we’ll do it anytime” CEO John Chen, however, doesn’t see this as a...



USB Stick Disclosing London Airport Anti-Terror Security Systems Found in Street

Mon, 30 Oct 2017 13:21:00 +0000

This is not The Onion: someone accidentally found a USB stick containing no less than 2.5GB of unencrypted data detailing the security systems being used at London's Heathrow Airport. While it’s not yet clear how come all the data was transferred to this removable drive, a report from the Mirror, who has been handed over the USB stick by the man who found it in the Queen's Park area of London, reveals that the data included everything from the location of CCTV cameras to security patrols, tunnels, and even the route the queen uses to and from the airport. Furthermore, it appears the stick contained information on the ultrasound radar system being used by the airport to scan the surrounding perimeter and discover any threats such as explosive. Investigation already under way Little is known at this point about how t...



Best Antivirus for Android Phones

Wed, 25 Oct 2017 09:39:00 +0000

Android has often been targeted by malware writers across the world, with some infected apps even ending up in the Google Play store, so security solutions like an antivirus are becoming more popular among users of this particular mobile platform. Security institute AV-TEST performed a new research to determine the applications offering the best malware protection on Android, comparing them to Google’s own Play Protect in order to figure out if third-party solutions are better or worse. With Play Protect used as the starting point, it turns out that all security solutions included in the test performed better, though some of them provided pretty disappointing results. First and foremost, let’s start with the best. Six different security solutions for Android got the maximum score, namely the ones from Trend Micro, Symantec,



Google: Chrome’s Aggressive HTTPS Push Successful on Android, Mac, Windows

Sat, 21 Oct 2017 07:46:00 +0000

Google announced last year that Chrome browser would start flagging websites not using HTTPS to send sensitive user details like passwords or credit card data as “not secure” as soon as they were loaded, and the company now comes back to explain that this aggressive strategy is paying off. The search giant explained in an announcement today that adoption of HTTPS is growing at a fast pace across the world, with no less than 64 percent of the Android traffic now secure, versus 42 percent last year. Google says figures have improved on Mac as well from 60 percent last year to 75 percent in 2018, while on Windows HTTPS adoption increased from 51 percent to 66 percent. The company went on to reveal that out of top 100 websites right now, 71 of them are currently using HTTPS by default, and this is an increase from 37 percent last year. Mobile devices ac...



Google: Hack Top Android Apps and Get Paid

Fri, 20 Oct 2017 05:30:00 +0000

Google has launched another bug bounty program, yet this time it’s not aimed only at its own apps, but also at those developed by third-party companies and published on the Play Store. Google’s new effort is called Play Security Reward Program and calls for hackers to find remote code execution (RCE) flaws in specific popular Android applications running on Android 4.4 and newer. For the time being, only eight different developers have been approved for the program, namely Alibaba, Dropbox, Duolingo, Headspace, Line, Mail.ru, Snapchat, and Tinder, but Google says it’s working with more app makers to expand the program. While Google’s applications are also part of the new bug bounty program (though Google says you can submit them via the Google Vulnerability Reward Program), the company explains that submissions must include proof of concepts and demonstrate how an attacker can gain full control o...



Sockbot Malware Found in Eight Android Apps Published on Google Play

Thu, 19 Oct 2017 11:30:00 +0000

Apps infected with malware have once again made it to the Google Play store, and security company Symantec warns that they’ve been installed on at least 600,000 devices. The security vendor explained in a detailed analysis of the malware that apps were infected with Sockbot, which sets up a SOCKS proxy on each device and waits for commands from the author. Symantec says the primary objective of the apps was to generate ad revenue, but if needed, the malware could easily turn the infected device into a member of a larger botnet allowing even for DDoS attacks. Eight different applications posted on the Google Play have been confirmed as infected with Sockbot, and all of them have already been removed by Google. And yet, Symantec estimates that between 600,000 and 2.6 million devices have downloaded the infected apps. Generating ad r...



New Adobe Flash Vulnerability Lets Hackers Plant Malicious Software on Your PC

Mon, 16 Oct 2017 20:28:00 +0000

As long as Adobe's Flash Player plugin is still alive and installed on your personal computer, it will only cause damage to it. Adobe Flash is often described as a security vulnerability, as it it's full of security flaws and Adobe won't patch them as fast as they should. The latest, as reported by Reuters, is said to let hackers plant malicious software on your personal computer. The malware was discovered by security firm Kaspersky Lab and it's called FinSpy or FinFisher, which is usually used for surveillance by law enforcement agencies. According to the report, Kaspersky Lab was actively tracking a hacker group called BlackOasis, which apparently managed to install malici...



WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw

Mon, 16 Oct 2017 08:23:00 +0000

The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found. Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way to compromise these protocols sends everybody running for the fences. Let’s just remember the OpenSSL problem, for just a moment. Now, a similar problem has been identified in the WPA2 protocol that’s used by Wi-Fi networks. Whenever you connect your device to a Wi-Fi network, you are probably using the WPA2 security protocols, and you feel safe. Well, you shouldn’t feel safe at all. It turns out that the protocol is vulnerable and that communications between client and host can be intercepted. WPA2 has been KRACKed Security researchers have discovered a way to compromise the communications between a host and client ...



Israeli Spies Hacked Kaspersky, Discovered Tools Stolen from the US NSA

Wed, 11 Oct 2017 07:56:00 +0000

Israeli hackers who managed to break into the systems owned by Russian-based security vendor Kaspersky discovered hacking tools that were stolen from the NSA, according to reports that were published by The New York Times and The Washington Post. The Israeli officials then alerted intelligence agencies in the United States of a potential breach of their network, indicating a possible collaboration between Kaspersky and the Russian government. US officials, including the US National Intelligence Council, has already informed NATO allies that Kaspersky customer database and source code might have been exposed due to a collaboration with Russia’s intelligence agencies, which could have allowed Russian hackers to launch attacks in both Europe and the United States. Kaspersky, however, says that it’s not collaborating with Russia or any other government, also adding that it’s not aware of any bre...



Yahoo: All Our 3 Billion Users Were Hacked

Wed, 04 Oct 2017 09:33:00 +0000

The Yahoo hack saga continues, this time with more information provided by the company itself, who reckoned in a statement that more users were actually hacked in 2013 than it previously revealed. Yahoo said in September 2016 that 500 million accounts got hacked in 2013 as part of what it described as a state-sponsored attack, albeit absolutely no specifics on the hacking group or the country behind the breach were provided. Yahoo, however, released an updated statement in December to bump the figure to 1 billion, saying that it discovered evidence that twice as many accounts were hacked than it initially thought. 3 billion accounts compromised And now the company returns with another statement, revealing that its original investigation actually pointed to a wrong number. So the hack didn’t affect 500 million or 1 billion accounts, but 3 billion records, which represented the entire userbase of Yahoo at that time. This means that all Yahoo users ...



macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk

Mon, 25 Sep 2017 22:47:00 +0000

It would appear that Apple's recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked. Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system's new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions. "The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel," said Patrick Wardle in his



CCleaner Malware Targeted Intel, Microsoft, Google, More in Industrial Espionage

Thu, 21 Sep 2017 07:19:00 +0000

The recently discovered CCleaner malware was much more severe than previously suspected, as researchers find that it was designed for industrial espionage in companies such as Google, Sony, Intel, Microsoft, and many others. The CCleaner developers announced a couple of days ago that their application was modified to collect data from users and to grant control to hackers. This happened with a particular version and before it was made available for download, which makes things all that more interesting. The infected version of CCleaner was available for download almost a month before the malware was discovered. The initial assessment was that the goal of the hackers was to gain access to computers and to gather data. All that information was sent to a server, but i...



CCleaner Compromised to Gather and Transmit Information About Its Users

Mon, 18 Sep 2017 12:07:00 +0000

Piriform, the company that makes the popular CCleaner application, just announced that their application was hijacked and used to gather information about its users and send it to an unknown party. Hackers usually prefer to penetrate insufficiently secured servers and get the data they want in that manner, but that usually means that webmasters and programmers were not doing their job. Compromising the code for an application to gather information about user’s devices before that app is distributed is on a different level. Piriform hasn’t said anything about how their systems were penetrated or how the executable was modified before launch, but they did reveal everything that’s been going on, and it’s not a pretty sight. In fact, if you read the short description of the event, it’s even more terrifying. “An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address...



Huge Bluetooth Attack Exposes 8 Billion Devices via Bluetooth on All Platforms

Thu, 14 Sep 2017 08:10:00 +0000

BlueBorne is a new way of attacking and getting complete control of the desktop, mobile, and IoT platforms using a Bluetooth vulnerability. Bluetooth is a communication and data exchanging standards that present in pretty much all of the today's devices. The total number is estimated at over eight billion, which means that there are a lot of targets out there ready to be hacked. The vulnerability has been identified by a company named Armis Labs, which has detailed all the ways a user can be hacked, no matter the platform they are using. This means that it doesn’t really matter if you’re on a Windows, Linux, or Mac OS, not to mention all the mobile variants. Basically, if you have a Bluetooth, you’re exposed. The best protection is updating the OS or closing the Bluetooth The BlueBorne attack vector allows a hacker to remotely enter your operating system without the need to have it paired or even to be set on dis...



Google Services, Gmail, YouTube Go Down Worldwide

Tue, 12 Sep 2017 15:50:00 +0000

Google’s services went down a few minutes ago, with Gmail, YouTube, Google Maps, and others currently unavailable to users in several regions. While no specifics are available right now, Google said in a reply on Twitter to someone who reported the outage that “we’re aware of this and looking into it.” Google directs users to the G Suite Status Dashboard, but for the time being, the service only points to an issue with Google Drive. The official Google Maps Twitter account also confirmed that “we’re aware of the issue and our team is working on a fix. Appreciate your patience.” Google says a fix is on its way As far as the regions that are affected go, it appears that particular issues have been reported in Russia, Central Europe, Japan, and the American East Coast. Right now, everything seems to be working correctly here in Romania and the same thing for users in Italy, Spain, and France. Issues are also being confirmed in the United Kingdom, t...



Google’s September 2017 Android Patches Fix Over 80 Vulnerabilities

Fri, 08 Sep 2017 09:35:00 +0000

Google has released this month’s security updates for its Android mobile OS, fixing a total of 81 vulnerabilities in the platform with two different packages. The company’s September 2017 patch rollout includes two security patch level strings, one of which is labeled as 2017-09-01 and the other one flagged as 2017-09-05. The second includes the fixes that are part of the first, but Google says that this way Android partners can quickly fix a subset of vulnerabilities on their devices. Specifically, the 2017-09-01 security patch level addresses 30 vulnerabilities, out of which no less than 10 are marked as critical and another 15 with a high security risk. Google says that the majority of Android versions are affected, including the newly-released Oreo. Google points out the most severe vulnerabilities could allow attackers to execute arbitrary code on an unpatched device using crafted files. Th...



Samsung Paying Hackers Up to $200,000 to Breach Its Devices

Thu, 07 Sep 2017 10:01:00 +0000

Samsung is the latest company that launches a bug bounty program, with the South Koreans paying as much as $200,000 to whoever discovers a critical software vulnerability that would make it possible to compromise one of its devices. The found vulnerabilities must affect Samsung Mobile devices, services, applications developed and signed by Samsung or third-party companies that are specifically developed for Samsung. All devices need to be fully up-to-date and the impacted services must be currently active. The list of devices includes the most recent models, like the S8, S7, and Note 8, but also older models released in 2016, like the J3 and the A5. The Samsung Galaxy S6 is also included in the program. “We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” Sam...



OurMine Says It Hacked WikiLeaks, WikiLeaks Says No Hack at All

Fri, 01 Sep 2017 09:43:00 +0000

Hacking group OurMine has managed to hijack the official page of whistleblowing site WikiLeaks, but despite reports of a server hack, it turns out the attack was actually just a simple DNS spoof. The WikiLeaks homepage was replaced with a black background on Thursday, with hacking group OurMine leaving a message to mock the organization led by Julian Assange and Anonymous hackers for undermining its hacking abilities. “Hi, it’s OurMine ( Security Group ), don’t worry we are just testing your… blablablab, Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you? Anonymous, remember when you tried to dox us with fake information for attacking wikileaks? There we go! One group beat you all!” the message posted by OurMine read. WikiLeaks: Servers not breached But despite claims that WikiLeaks suffered a breach of servers, the organization explained in a series of tweets that the defaced website was the result of a ...



New WikiLeaks Dump Uncovers CIA Malware Infecting Windows Boot Sector

Thu, 31 Aug 2017 11:28:00 +0000

WikiLeaks has just revealed another secret CIA project used to compromise Windows systems, this time targeting the operating system boot sector to then allow for deploying more payloads. Codenamed project Angelfire, the hacking tools were aimed at Windows XP and Windows 7 and consisted of 5 different tools that worked together to compromise a system. First of all, it’s Solartime, a malware component whose primary goal is to modify the boot sector to load a second module called Wolfcreek and consisting of a set of drivers that enable dumping other payloads like drivers and applications. A third component is called Keystone and was specifically deployed by the CIA because it allowed agents to deploy additional malware on the infected systems, while the fourth is called BadMFS and represented a file system storing all the other components encrypted and obfuscated. And the last one is Windows Transitory File System, which WikiLeaks says was designed as an alternative...



Instagram Confirms Hack of High-Profile Accounts Due to Security Bug

Thu, 31 Aug 2017 09:13:00 +0000

Instagram has confirmed that a security bug in the service allowed hackers to access and steal private information of high-profile users with verified accounts, including phone numbers. While no specifics were provided on the bug itself, Instagram said in a statement for TIME that exploiting the bug allowed hackers to access personal information of users, including the email addressed they configured with the service and phone numbers that were used for two-factor authentication. Instagram confirms that at least one hacker who discovered the bug used it to breach accounts and reach the personal information of high-profile users, but no specifics were provided as to who was targeted by the hack. “We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information — specifically email address and phone number — by ...



Google Bans 300 Infected Android Apps Used in WireX DDoS Attacks

Wed, 30 Aug 2017 08:39:00 +0000

Security researchers have uncovered new malware targeting Android devices, which are then being used as part of the WireX botnet to launch DDoS attacks against a series of targets. Content delivery network provider Akamai came across the malware when investigating an attack launched against a client in mid-August, revealing that the first signs of DDoS attacks based on the Android malware infection were spotted on August 2. The infection, however, was only in its early stages at that point, so the malware only became more prominent when the number of targets increased and more devices were compromised. The malware that’s used to infect Android devices has been injected into various apps from popular categories, including video players, ringtone tools, and resource managers, which are particularly searched for on Android. Once infected, a device was u...



Selena Gomez Hacked, Justin Bieber Nude Photos Posted Online

Wed, 30 Aug 2017 07:28:00 +0000

Selena Gomez is the latest celebrity that got hacked, with a bunch of nude photos of Justin Bieber posted on the singer’s Instagram account. While the majority of celeb hacks targeted iCloud accounts as part of the famous Fappening saga, in the case of Selena Gomez the target was her Instagram account, which somehow got breached on Monday. No leak took place this time, as it typically happened in the Fappening scandal, but the hacker did post a bunch of nude photos of Justin Bieber that were quickly removed after the singer regained access to account. The nude photos, however, are not part of a stolen photo dump, as they were previously posted online in 2015 when Selena Gomez and Justin Bieber were dating. Censored photos were at that point published by several blogs and tabloids, but uncensored versions also reache...



Buying an Apple MacBook for Just $1 Is Actually Possible Due to a Security Flaw

Mon, 28 Aug 2017 09:25:00 +0000

Buying super-expensive devices like Apple’s MacBook with just $1 is actually something that can be done due to a vulnerability in SAP POS systems, a research published by security firm ERPScan demonstrates. The company has detailed in a YouTube video how a security flaw in the SAP POS Xpress Server can be abused to modify the price of a specific product, intercept payments, and collect financial information such as the details of a card that’s being used at a specific time. The vulnerability resides in the SAP POS Xpress Server which handles the payments made through in-store SAP POS systems and the research shows that an attack has big chances to be successful because the implementation misses multiple authorization checks on the server side. Patches already released The security firm says that in order for a hacker to breach the SAP POS system, the attack must be launched from the same...