Monthly Archives: May 2016

Apple hires mobile encryption pioneer amid encryption debate

apple campus headquarters stock

Apple has rehired a mobile encryption pioneer as it continues to face pressure from governments wanting access to user data stored on iPhones.

Jon Callas most recently worked as a co-founder of Silent Circle, which produced the security-minded Blackphone and has joined the iPhone and iPad maker in an undisclosed capacity, Apple revealed to Reuters. Callas is a veteran of the security industry who also co-founded PGP Corporation.

Read More Computerworld

Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware weren’t bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that they’re encrypted and held hostage, according to warnings from several security research organizations in the last week.

Read More Darkreading

According to Malwarebytes’ researcher Hasherezade, we’re in for a lot of pain once the new and improved DMA Locker ransomware starts doing the rounds.

According to Malwarebytes’ researcher Hasherezade, we’re in for a lot of pain once the new and improved DMA Locker ransomware starts doing the rounds.

DMA Locker 4.0 ransom note

ts first two versions, which appeared in January and February 2016, were easily foiled due to poor encryption key management choices.

Read More Helpnetsecurity

More Than 2500 Twitter Accounts Hacked with Sexual Content

More than 2500 Twitter accounts have been compromised to tweet links to websites specializing in adult dating and sex personals, according to a blog post on Symantec’s website.

It is claimed the attackers have also altered users’ profile pictures (often to an evocative photo of a woman), biography and full name to further promote the sites, with recent tweets containing other suggestive images and language discussing adult webcam sessions and sexual encounters. The hackers are believed to have earned money – US $4.00 for each person who signed up – by redirecting the victims through affiliate programs, Symantec says.

Read More InfoSecurity

Adobe Patches Flaw in Connect Web Conferencing Software

An update released by Adobe for its Connect web conferencing software addresses over two dozen functionality bugs and one security flaw.

The vulnerability, tracked as CVE-2016-4118, affects Adobe Connect 9.5.2 and earlier for Windows. The flaw has a priority rating of 3 because Connect is a product that historically has not been targeted by malicious actors.

The security hole, reported by Anand Bhat, is an untrusted search path issue affecting the Connect add-in installer. Malicious hackers could exploit the vulnerability to launch DLL loading attacks.

Read More Securityweek

Critical Vulnerability Plagues 60% of Android Devices

A Critical Elevation of Privilege (EoP) vulnerability in the Qualcomm Secure Execution Environment (QSEE) affects around 60 percent of all Android devices around the world, despite being already fixed, researchers warn. 

The culprit is an EoP flaw in the Widevine QSEE TrustZone application, namely CVE-2015-6639, which was resolved in January when Google issued patches for 12 security flaws in Android. The bug could enable a compromised, privileged application with access to QSEECOM to execute arbitrary code in the Trustzone context.

Read More Securityweek

What Europe Tells Us About The Future Of Data Privacy

Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.

Recent headlines underscore the complex, symbiotic relationship between security and policy. Apple vs. FBI, Europe’s pending new data protection rules, Facebook’s antitrust lawsuit in Germany – these are examples from recent news that are having a ripple effect across businesses and governments worldwide.

Read More Darkreading