Blog

SophosLabs/NakedSecurity: With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight. The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees. ...

The H-Security: Google has released a new stable version of its Chrome browser. The update fixes seventeen high severity vulnerabilities and updates the bundled Flash player. Google referred users to Adobe for details of the Flash Player update, and as usual, revealed few details about the seventeen holes that it closed in the release. It did, though, say that the researchers earned between $500 and $3000 for their vulnerability disclosures. ...

ISC Diary: One of the things that I’ve been working on lately is building an automated malware analysis environment to handle Android malware similar to the one I built for Windows malware. I’m not quite there yet, but I was quite pleased to here about the new service being offered by the folks at Die Universität Erlangen-Nürnberg. This is still a research project, so if you choose to use it, be understanding. Don’t expect 24×7 uptime and let’s try not to DoS them. That said, I’m looking forward to seeing how well it works and how the dynamic analysis will work once it is actually in production. ...

BBC: Hackers gained “full functional control” of key Nasa computers in 2011, the agency’s inspector general has told US lawmakers. Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and “compromised the accounts of the most privileged JPL users”. He said the attack, involving Chinese IP addresses, was under investigation. In a statement, Nasa said it had “made significant progress to protect the agency’s IT systems”. ...

SophosLabs: This week has seen the annual Mobile World Congress event. For 2012, the giants of the mobile tech world are back in Barcelona to captivate the imagination of the tech press with their latest smartphone and tablet offerings. The mobile industry trade show has certainly not disappointed. Announcements of smartphones with new quad core processors, phone cameras with huge numbers of megapixels crammed onto its sensor and 3 in 1 smartphone-tablet-netbooks have all provided much excitement. ...

Symantec Connect: The Opfake gang has been targeting Android mobile devices, as well as Symbian, but that does not mean they are limiting their targets to these platforms. Where there is money to be made, they are willing to invest time and resources. This includes scams designed for iPhone users. We have come across a couple of Opfake websites that, while hosting malicious apps that Symantec detects as Android.Opfake, are also designed to perform social engineering attacks on iPhone users. ...

At the RSA Conference 2012, McAfee’s Chief Technology Officer, Stuart McClure, and several of his colleagues, have demonstrated a whole range of different attacks on mobile devices. For example, they demonstrated an attack on an NFC (Near Field Communication)-enabled smartphone: the attacker simply attaches a modified NFC tag to a legitimate surface such as an advertising poster. For their live demo, the researchers used a Red Cross donations appeal such as those seen at bus stops in various cities across Europe. ...

At the RSA Conference 2012, former McAfee executives George Kurtz and Dmitri Alperovitch have presented a Remote Access Tool (RAT) that infects Android smartphones (version 2.2). They used an as-yet unpatched bug in Android’s WebKit browser to inject the malware. The researchers say that they bought the vulnerability information, and a range of other tools, on the black market. The finished exploit is based on 20 components that apparently cost a total of $1,400 on the black market. ...

Hey Folks How are you? I hope you will have a good weekend! Many of you have had sent me messages asking me how you can pay for my services, even that I offered all my services free of charge for everyone (and yet its free, and will be free), but since you requested it often, I made it available at my site for everyone from every side of world to pay, now you can go to “Payment Options” page and fill the form to receive the required info for your payments. ...

It is widely anticipated that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th. An invitation sent to journalists, inviting them to an event organized by Apple, has fueled speculation even further as it appears to show a close-up of someone using an iPad. Could it be the new iPad with a much lusted for improved display and souped-up processor? Only time will tell.. ...