Top 5 Deadliest Mobile Malware Threats Of 2012

While the amount of malicious software focused on the growing number of mobile devices on the market remains a drop in the bucket next to the amount targeting PCs, attackers are steadily turning the devices in consumers’ pockets into targets.

So far this year, several pieces of malware have popped onto the radar and underscored the growing sophistication of cybercriminals targeting mobile devices. After fielding feedback from security pros, here in no particular order is Dark Reading’s list of the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012. Continue reading Top 5 Deadliest Mobile Malware Threats Of 2012


iPhone Security Unbreakable? Security Gurus Disagree

Is iOS security unbreakable, thanks to Apple’s mix of strong encryption for all data stored on such devices, combined with hardware-controlled PIN entry requirements that make brute-force attacks difficult?

“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” said Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property section in the Department of Justice, during a recent keynote address at a computer forensics conference in Washington, D.C. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted, you have lost any chance of recovering that data.” Continue reading iPhone Security Unbreakable? Security Gurus Disagree

How To Protect Your Commercial Web Server

chart: Vulnerabilities Of Typical E-Commerce SitesIn February, a hacker placed a malicious program on shoe and clothing retailer Opening Ceremony’s website. For more than a month, the malware collected the names, addresses, and credit card information of customers who purchased items from the site.

“We discovered the malware on March 21, 2012, immediately removed it, and implemented increased security controls to prevent this from happening in the future,” Carol Lim, CEO and co-founder, wrote in a letter to customers in May. Continue reading How To Protect Your Commercial Web Server

Researchers Remotely Harvest Password Hints from Windows 7, 8

The password hints saved in Windows 7 and Windows 8 can be retrieved and decoded by attackers, two researchers have found.

While going through the registry on a Windows 8 machine, Trustwave researchers discovered a new key, “UserPasswordHint” which contained the password hints created by the user, Jonathan Claudius, a vulnerability researcher at Trustwave SpiderLabs, wrote on the company blog Thursday. Claudius and co-researcher Ryan Reynolds, a penetration tester for public accounting and consulting firm Crowe Horwath, were studying automated tools to effectively extract Windows registry information. Continue reading Researchers Remotely Harvest Password Hints from Windows 7, 8

Researchers in “Crisis” mode over virtual spyware find

Researchers are analyzing a rare piece of malware that is able to spread onto virtual machines from the host operating system.

Known as Crisis, the trojan first was detected in July by security firm Intego affecting Mac OS X systems. It’s capable of recording keystrokes, recording webcams, tracking web traffic, taking screenshots and stealing data.

Now, researchers from Symantec said they have discovered a worm-like version of Crisis that also targets Windows. Like the Mac version, this strain is installed onto victims’ machines if they visit a compromised website that pushes a malicious JAR file. Continue reading Researchers in “Crisis” mode over virtual spyware find

iPhone SMS spoofing tool released

A French hacker has released a tool capable of sending SMS messages with spoofed sender details on the iPhone 4.  The “sendrawpdu” command-line interface tool allows users to customize the reply number on text messages and could be ideal for phishing attacks.

The hacker, known as pod2g, released the free tool after detailing a flaw in the way the iPhone handled SMS messages, which made it possible to spoof sender details. Continue reading iPhone SMS spoofing tool released

RSA finds phishing lead in worldwide loses

Although phishing is a con trick as old as the web, attackers are maintaining astonishing success by pulling the strings of victims’ emotions.

Fraudsters who can persuade victims to respond to a legitimate-looking email or click on a seemingly benevolent link have already won without even having to launch a sophisticated attack on users. This week, security firm RSA released phishing attack numbers for the first half of the year that show a 19 percent increase in global incidents over the last half of 2011. Continue reading RSA finds phishing lead in worldwide loses