What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2014-07-10 15:11:05 | Security Disclosure: Google\'s iOS Gmail App Potential Target for Threat Actors (lien direct) | Security Disclosure: As part of our ongoing research into Apple's iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. The Vulnerability: Gmail's iOS App Does Not Perform Certificate Pinning. | ★★ | ||
|
2014-07-05 18:21:30 | (Déjà vu) Mobile Security Weekly – Threats are Everywhere (lien direct) | This week's issue contains four entirely different but all highly volatile mobile security threats. New vulnerabilities and threat vectors are rapidly appearing. These aren't small issues either - they potentially place millions of devices and users in danger and all need receive due attention. | ★★★ | ||
|
2014-07-02 18:14:40 | (Déjà vu) Is Android Fragmentation making the OS as fragile as glass? (lien direct) | What is fragmentation and how does it affect the security of the Android-based devices? Join our podcast where Dan Koretsky, our sr. security researcher at Lacoon Security, provides a brief overview of Android fragmentation and its implications on enterprise security. | |||
|
2014-06-28 19:31:34 | Mobily Security Weekly – Pain-gu? How dangerous is the new iOS jailbreak? (lien direct) | The post Mobily Security Weekly – Pain-gu? How dangerous is the new iOS jailbreak? | |||
|
2014-06-25 12:43:02 | Pangu: An iOS 7.1 Jailbreaking Tool – a Major Leap in Attacker\'s Capabilities (lien direct) | A jailbreaking tool, named Pangu, for Apple-based mobile devices running iOS 7.1-7.1.x was released yesterday on June 24, 2014. Pangu should concern us - the security community, enterprises, and consumers alike. Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks. | |||
|
2014-06-22 06:15:30 | (Déjà vu) Mobile Security Weekly – Paranoid Android? (lien direct) | The post Mobile Security Weekly – Paranoid Android? | ★★★★★ | ||
|
2014-06-20 20:14:17 | (Déjà vu) Follow Up on “TowelRoot†Vulnerability (lien direct) | The post Follow Up on “TowelRoot†Vulnerability | |||
|
2014-06-16 19:49:45 | “TowelRoot†Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices (lien direct) | The post “TowelRoot†Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices | |||
|
2014-06-16 09:18:13 | Heartbleed: A Look Into the new Threat on the Block (lien direct) | What is Heartbleed and how does it work? Earlier this month, the Security teams at Codenomicon and Google Security discovered the critical security bug known as Heartbleed (CVE-2014-0160). This vulnerability has been found in versions 1.0.1 through 1.0.1f of the popularly used OpenSSL cryptographic software, providing an easy path for attackers to access very sensitive […] | |||
|
2014-06-15 09:08:45 | (Déjà vu) Mobile Security Weekly – New tech = Friend or Foe? (lien direct) | This week's update focuses on the technological advancement dilemma: simplicity vs security. With some of their new updates, both Google and Apple seem to be voting firmly in one direction - and it doesn't seem to be security. We also can't possibly ignore the FIFA World Cup that kicked off in Brazil on Thursday. We've tried to provide a few security tips that might help users that are planning to travel to Brazil to take part in the festivities. | ★★★★★ | ||
|
2014-06-07 23:20:00 | (Déjà vu) Mobile Security Weekly – Cupid is here, but he\'s not spreading love. (lien direct) | Only two items this week, but both discuss attacks that may be capable of causing quite a bit of havoc in the near future. One reminds us that the biggest mobile security of 2014 hasn't yet finished while the other poses questions about things to come. | ★★★★★ | ||
|
2014-06-06 16:57:45 | Customer Advisory – a slice of humble “Pie†for Android (lien direct) | The post Customer Advisory – a slice of humble “Pie” for Android | ★★ | ||
|
2014-05-30 13:59:35 | (Déjà vu) Mobile Security Weekly – Google, Apple & Facebook are causing problems (lien direct) | The post Mobile Security Weekly – Google, Apple & Facebook are causing problems | ★★ | ||
|
2014-05-25 06:06:29 | (Déjà vu) Mobile Security Weekly – Remote Mobile Management & Security Issues (lien direct) | The post Mobile Security Weekly – Remote Mobile Management & Security Issues | ★★★★ | ||
|
2014-05-23 06:19:12 | Security Alert: New Android Malware Spreading Aggressively – Read this FAQ. (Updated) (lien direct) | On Friday, May 16, a new strain of Android malware that has been attacking Israeli Android devices was identified. This strain has now spread to other countries making this a global problem. This post should answer most of the early questions about the malware named Foto_Album. | |||
|
2014-05-21 12:19:06 | Mitigating the effects of Social Engineering in the Enterprise (lien direct) | The post Mitigating the effects of Social Engineering in the Enterprise | |||
|
2014-05-17 20:44:49 | Mobile Security Weekly – Malware hits 2 million milestone (lien direct) | This week's summary is dominated by an aggressive new Android worm attacking Israeli Android devices. The rest of the roundup comprises of quite a diverse mix of issues. We've got newly discovered problems with Android OS, app developers failing their users as well the news that mobile malware has reached a new milestone - 2 million different instances. This wide range just goes to show how many different ways mobile malware is evolving. | |||
|
2014-05-13 21:40:09 | (Déjà vu) Mobile Phishing – Why are users still getting hooked? (Social Engineering Ep. 5) (lien direct) | The post Mobile Phishing – Why are users still getting hooked? (Social Engineering Ep. 5) | |||
|
2014-05-10 21:10:05 | (Déjà vu) Mobile Security Weekly – Mobile Malware goes Global (lien direct) | The post Mobile Security Weekly – Mobile Malware goes Global | |||
|
2014-05-06 09:27:25 | Rogue WiFi Hotspots – Why getting coffee is putting your enterprise at risk (Social Engineering Ep. 4) (lien direct) | Most people don't think twice before connecting to a free public Wi-Fi hotspot at a coffee shop, airport, or hotel. If someone is providing free WiFi, users will usually connect first and think later. With rogue Wi-Fi hotspots growing in numbers, it's becoming much more critical to monitor connectivity. | |||
|
2014-05-02 19:43:00 | Mobile Security Weekly – Mobile Malware finds new ways to steal from victims (lien direct) | This week's summary serves as a reminder that mobile malware is developing and advancing on several different fronts. On one front, attacker are finding new ways to target and exploit victims as well as to bypass security measures. In another front, attackers are continuing to find ways to attack the biggest and most established apps on the market. | |||
|
2014-04-29 16:15:08 | Mobile Scareware – Bringing Scary Back (Social Engineering Ep. 3) (lien direct) | With this entry, we continue our series on common methods of social engineering that target mobile devices. This time around, we discuss "Scarewareâ€. | |||
|
2014-04-28 18:19:00 | Bleeding-in-the-Browser – Why Downplaying of Reverse Heartbleed Risk for Mobile is Dangerous to the Enterprise (lien direct) | The post Bleeding-in-the-Browser – Why Downplaying of Reverse Heartbleed Risk for Mobile is Dangerous to the Enterprise | ★★★★★ | ||
|
2014-04-26 15:44:46 | Weekly Mobile Security News Roundup – Are your Mobile Apps Exposing Sensitive Data? (lien direct) | For the first time in several weeks, this week's summary isn't dominated by the OpenSSL vulnerability - Heartbleed. While Heartbleed may not breaking news anymore - we still recommend making it a priority to ensure your enterprise is protected from it. This week's items serve as another reminder of the different ways an app or a device can expose sensitive data. | ★★★★★ | ||
|
2014-04-22 17:07:21 | Fake Applications: Why mobile users can\'t judge a book by its cover. (Social Engineering Ep. 2) (lien direct) | The post Fake Applications: Why mobile users can't judge a book by its cover. (Social Engineering Ep. 2) | ★★★★ | ||
|
2014-04-18 15:14:35 | (Déjà vu) Weekly Mobile Security News Roundup – Heartbleed Leaves Mobile Users Vulnerable to Attacks (lien direct) | Another week of mobile security news has been mostly dominated by the after effects of the discovery of Heartbleed. It's becoming apparent that fears regarding the magnitude of the event weren't exaggerated. With Heartbleed based PC attacks already being reported, this issue is still evolving. | ★★★★★ | ||
|
2014-04-15 16:13:57 | (Déjà vu) Heartbleed Product Update – Lacoon Customers Are Protected (lien direct) | The post Heartbleed Product Update – Lacoon Customers Are Protected | |||
|
2014-04-13 00:45:34 | Is your Mobile Device Vulnerable to the Heartbleed Bug? Test it now. (lien direct) | The post Is your Mobile Device Vulnerable to the Heartbleed Bug? Test it now. | |||
|
2014-04-10 18:37:52 | Social Engineering – Why mobile users are their own worst enemy (lien direct) | In this post, we survey the most common and in some ways, the most dangerous method, of social engineering in the mobile security domain – Malicious Advertising, or “Malvertisingâ€. | |||
|
2014-04-09 18:28:49 | Microsoft Ends Support of Windows XP, Internet Explorer 8 and Office 2003 (lien direct) | 10 April 2014 The Issue: Starting April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP, Office 2003 and Internet Explorer 8. Without additional security updates, organizations should consider these PCs may be at risk for new vulnerabilities and malware. Microsoft is advising users with these […] | |||
|
2014-04-09 09:20:09 | It\'s Alive: The Resurgence of ZeroAccess Botnet (lien direct) | Check Point Malware Research Group, 04/02/2014 Summary Through leveraging Check Point's ThreatCloud security intelligence, in recent weeks, our vulnerability research team has detected a spike in ZeroAccess botnet activity. This is surprising given that this botnet was taken down by law enforcement, working in conjunction with Microsoft, in mid-December 2013. Despite this enforcement action, it […] | |||
|
2014-04-08 18:30:57 | Threat Emulation Identifies Spear Phishing Attack Using Near-Zero-Day Malware (lien direct) | Summary On October 22, 2013, Check Point's ThreatCloud Threat Emulation service analyzed suspicious documents sent by email to end users at a media company. Analysis of the malware, which was intercepted through a Message Transport Agent (MTA) configuration and sent to the Threat Emulation Service for sandboxing, revealed that the documents exploited a vulnerability in […] | |||
|
2014-04-02 13:53:24 | Sounds like a Vulnerability, eh Mate? The new HTC One M8 Vulnerability (lien direct) | Last week, the first exploit for the HTC One M7 and the brand new HTC One M8 - two of the most popular available smartphones today - was published. The significance? The vulnerability behind this exploit means that any app, regardless of its permission set, can run the exploitable code in order to gain root access (i.e. remove all of Android's built-in security mechanisms). | |||
|
2014-03-14 09:40:06 | Security Updates in iOS 7.1 – Reading Between the Lines (lien direct) | The post Security Updates in iOS 7.1 – Reading Between the Lines | |||
|
2014-02-19 15:00:49 | (Déjà vu) The Spy in Your Pocket, Part 3: Cyber Risks to Android-based Devices (lien direct) | In this third and last entry in our short series overviewing mRATs, we'll delve into the risks facing Android-based devices. | |||
|
2014-02-17 10:34:30 | The Spy in Your Pocket, Part 2: Cyber Threats to iOS (lien direct) | In this second entry in our short series overviewing mRATs, we'll delve into the threats facing iOS. | |||
|
2014-02-12 12:00:02 | AVPasser: When Widespread Malware Adopts Targeted Attack Capabilities (lien direct) | We'd like to draw your attention to another new Chinese malware for Android, named AVPasser. AVPasser looks like an advanced mRAT (Mobile Remote Access Trojan) and was first discovered by Chinese researchers. Our own follow-up research revealed a very interesting capability – self uninstall. | ★★ | ||
|
2014-02-10 15:00:45 | The Spy in Your Pocket, Part 1: An Overview of Mobile Remote Access Trojans (mRATs) (lien direct) | We're excited to present at the upcoming RSA 2014 at the end of the month. Our talk “Practical Attacks against MDM Solutions (and What You Can Do About It)†is going to focus on various threats to mobile devices and how mobile Remote Access Trojans (mRATs) are able to bypass current detection solutions. Leading up to the conference, we'd like to provide you with this short series overviewing mRATs. | Guideline | ★★ | |
|
2014-02-07 20:16:17 | WEEKLY MOBILE SECURITY NEWS ROUNDUP (lien direct) | The post WEEKLY MOBILE SECURITY NEWS ROUNDUP | ★★★ | ||
|
2014-02-03 23:00:52 | Protecting the Attorney-Client Privilege: Security in a Mobile-driven Legal World (lien direct) | When people talk about security in terms of industries, verticals such as finance, retail and healthcare tend to pop up a lot. Surprisingly, legal is placed lower on the security-focus rung. | |||
|
2014-01-29 12:40:29 | OldBoot: A New Bootkit for Android (lien direct) | First mentioned in a Chinese blog post, we'd like to provide more details on the first persistent Android malware. Research revealed a new Bootkit malware, currently the only one of its' kind, that is already present in over 500,000 android devices in China. It goes by the name: Oldboot. | |||
|
2013-12-25 22:14:09 | Evasi0n7 JB– the first iOS7 Jailbreak (lien direct) | We've been expecting an iOS7 jailbreak tool for some time. After all, researchers have been working towards this for the past few months, and the rumor mill was working overtime. Timing its release on 22nd of December, evasi0n7 JB was one holiday gift we weren't excited about. | |||
|
2013-12-11 19:12:17 | Hand of Thief (HoT) Moves its Way to Android (lien direct) | A relatively new commercial mobile bot, Hands of Thief (HoT) for Android, which targets users of online banking has been circulating the underground forums for the past three months. As its owner claims, this bot variant is “better than Perkele†– the notorious Android malware kit used to bypass multi-factor authentication. | |||
|
2013-12-10 08:10:11 | The 2013 Android Vulnerability of the Year (lien direct) | Were we to pick the most notorious 2013 Android vulnerability - the dubious award would undoubtedly go to CVE-2013-6282. A privilege escalation flaw released in October and affects all Android versions 4.0-4.3. What makes this vulnerability so abysmal? | |||
|
2013-11-26 18:33:24 | Check Point Threat Emulation Finds “Joke-of-the-day†Chain Letter is No Joke (lien direct) | Summary Check Point's Threat Emulation Cloud Service recently detected an Excel document that runs a macro in order to change the computer's background “as a jokeâ€. Like other email chain letters, the message propagates when end users receive the document via email, open it, and then forward it to colleagues and friends at other organizations. […] | |||
|
2013-11-26 12:50:00 | Android Rooting Tools Recently Released: “VROOT†and “Motochopper†(lien direct) | The post Android Rooting Tools Recently Released: “VROOT” and “Motochopper” | |||
|
2013-11-15 01:37:52 | Defeating Cryptolocker with ThreatCloud and Gateway Threat Prevention (lien direct) | Summary Check Point's Malware Research Group has been investigating the 'Cryptolocker' malware that has recently been reported to be on the rise. As part of the analysis, the researchers created a 'sinkhole' – a system pretending to be a Cryptolocker command and control (C&C) server – in order to study and gauge infections in the […] | |||
|
2013-11-01 18:35:26 | Threat Emulation Exposes Widespread Malware Campaign (lien direct) | Summary On October 24, 2013, the Check Point ThreatCloud Emulation Service received six PDF document files from a European Union official agency running a Check Point threat prevention gateway. Automated analysis in the Threat Emulation sandbox determined that these documents exploited an Adobe Reader vulnerability, and additional research revealed that these files were delivered via […] | |||
|
2013-10-25 15:14:55 | LinkedIn Intro – A FAQ (lien direct) | There's a lot of buzz regarding LinkedIn's new iOS app – Intro. Some are hailing it, others hate it. To clarify what's going on, we've put together this FAQ. | |||
|
2013-10-15 15:31:03 | Viewpoints on Launching Lacoon (lien direct) | The post Viewpoints on Launching Lacoon |
To see everything:
Our RSS (filtrered)
