One Man in the Middle Compromises 76 Popular iPhone Apps

Andrew Orr In the News

An iOS app analysis service has found that 76 popular iPhone apps are confirmed to be vulnerable to the silent interception of TLS-protected data. Beware of these popular iPhone apps During testing, developers of verify.ly a mobile app analysis service found issues with many popular iPhone apps. Here are the details we have so far: 76 popular iPhone apps let a secret man-in-the-middle attack to be performed on connections that should otherwise be protected by TLS (HTTPS). This MitM vulnerability lets data be intercepted and manipulated. According to Apptopia, there has been …

SSHowDowN Flaw Found In Internet of Things Devices

Andrew Orr In the News

Content ivery network Akamai found a security flaw, SSHowDowN, affecting over two million devices. The company says multiple clients have become targets. Further Reading New Router Hack Discovered That Targets Port 7547 Don’t Lo, But Your Wi-Fi Router Is Spying On You SSHowDowN Flaw Akamai found a way [PDF] in which hackers can exploit a particular weakness in OpenSSH (CVE-2004-1653). Millions of internet-connected devices use crypto. An attacker can use these flaws to take over these devices. Then combine their power into a single attack, like a botnet. This particular hack has a …

Tordow 2.0 Is Android Malware That Targets Your Bank Account

Andrew Orr Informative Internet Guides

A new piece of Android malware, dubbed Tordow 2.0 targets peoples’ bank accounts. The platform that it appears on? Android. Here’s how to protect yourself. Further Reading Android Phones Found To Have BackDoor To China New Android Malware Called Dirty Cow Can Root Phones Tordow 2.0 First discovered in September 2016, security firm Comodo reports that the malware got a big update this month, making it scarier than ever. Tordow is a mobile banking Trojan that specifically targets Android devices. Comodo first found the malware affecting people in Russia. The …

How To Stay Safe Browsing From Public Wi-Fi Networks

Andrew Orr Informative Internet Guides

Earlier this week we told you about a public Wi-Fi threat called Evil Twin Hotspots. Even if you do not encounter these, using insecure public Wi-Fi is risky. Here’s how to stay safe. Further Reading Use A VPN To Defeat Evil Twin Hotspots Public Wi-Fi Hotspots More of a Threat Than You Think Insecurity You might be surprised at all of the wicked things that hackers can do to someone connected on an insecure Wi-Fi connection. There are three general ways in which an attacker can exploit public Wi-Fi: Man-in-the-middle …

Stagefright 2.0 Discovered By Google, Here’s What You Need To Know

Andrew Orr In the News

About a year after an Android exploit named Stagefright made heads, Google researchers found another exploit that is just as dangerous. Further Reading Android Users Get New Security Notifications How To Boost Your Privacy On Android Stagefright 1.0 Stagefright is a collection of exploits. It affects version 2.2 Froyo and later. It lets an attacker “perform arbitrary operations” on a person’s device. This is achieved through remote code execution and privilege escalation. The most common way to do this is by sending a victim a special MMS message. The attack affects …

VPN Passwords Recovered From NSA Hack

Andrew Orr In the News

Earlier this week, a group calling themselves the Shadow Brers hacked a group linked to the NSA called the Equation Group. Researchers have been poring over the released data, discovering multiple exploits and vulnerabilities. Now it seems they have found an attack that can extract VPN passwords from certain Cisco products. Further Reading Here’s why the United Arab Emirates outlawed VPNs Microsoft Accidentally Leaks Backdoor In Secure Boot The NSA Hack One or hackers going by the name of “Shadow Brers” (SB) claims to have hacked a group believed to be linked to the …

Apple-FBI back in court, but why?

Mathew Sayer In the News

An iPhone 5S belonging to a New York meth dealer has brought Apple and the US government back together in court. The same piece of legislation that fuelled March’s high-profile legal dispute, the All Writs Act of 1789, was brought out to play again. But things aren’t as straightforward as they could be. The phone in question is running iOS7, meaning that it does not have the sort of “go dark” encryption capabilities that James Comey was whining about last year. There is a common hack that is up to …

Elections are the Latest Playgrounds for Social Engineers

Mathew Sayer In the News

In a previous post, we examined how House of Cards was using hacking as an essential plot point in upcoming elections. An interview published on March 31 in Bloomberg with Andrés Sepúlveda tells the real story of how hackers are being used to sway elections in Latin America. The message within the interview shows a stark paradigm shift in how elections are fought thanks to the Internet. Sepúlveda is currently serving a 10-year sentence in Colombia for espionage and hacking. In the interview, he claims to have been involved in …

Anonymous Targets ISIS: Operation Paris

Michael In the News

The cyber vigilante group has set their sights on a new target this week. Anonymous has developed quite a name for itself by interfering in everything from Scientology to the Ferguson protests. They have been such a force to reckon with that they are often considered the pioneers of hacktivism. Now, they have set their sights on a much larger, and dangerous, target: ISIS. Anonymous Launches Operation Paris Truly, Anonymous has come a long way from the trolling individuals that once roamed on 4Chan image and message boards. Their usual …

China Makes Hacking Arrests on Behalf of US

Michael Policy

A report by the Washington Post this week revealed a promising development between China and US. Ellen Nakashima and Adam Goldman’s article made the case that the Chinese government is indeed willing to play ball alongside the US in combating commercial cyber theft. For the past several years the US has repeatedly placed blame on the Chinese for several large hacking endeavors. Not the least of which is the Office of Personnel Management (OPM) hack in which attackers stole over 21 million federal workers information including than 5 million fingers earlier …