SideStepper - MDM Hack that can fully compromise an iPhone?

The interesting parts are

1. It is a design issue, so hard to fix
2. Apple says "it is a feature"
3. Malware can launch original app (so user has no clue)

Apple has been contacted for comment. However, the pair say they informed the tech giant of their research, and Apple labeled it "a feature, not a bug."

"Apple tried to solve the problem but actually made it worse, because now it is even easier to infect a mobile device."

"We found a way to do a man-in-the-middle attack on an iOS mobile device and replace an original command such as 'query device' with one to install a malicious enterprise certificate application," Bobrov says.

There is also little a typical system administrator can do to detect a handset compromised by the attack. Eagle-eyed staff could report a newly-installed application to IT, foiling the hack, but further attack research makes this scenario even more unlikely.

Separate research by MetaIntell architect Chilik Tamir also showcased at the Singapore hacking conference demonstrates how attackers can install a malicious application that not only looks like a legitimate app, but when tapped, calls and launches the original expected app after it pwns the handsets

For more details:

http://www.theregister.co.uk/2016/03/31/unpatched_stealthy_ios_mdm_hack_spells_ruin_for_apple_tech_enterprises/

Free - Ransomware Vaccine

I am not sure how effective it is but, it is free.

However, always ensure you have a good backup (that is not always connected to your computer)



Get it here:
https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released

Malware that messes with MBR - Ransom is $430

Once upon a time, users were scared of computer virus. Then they expected IT to take care of it.

Now, These scary Ransomware is changing the game 

This time, it is an headache for both user and IT

From the Article:

The malicious program will rewrite the computer’s MBR and and will trigger a critical Windows error that will cause the computer to reboot—a condition known as a Blue Screen of Death (BSOD).

Following this initial reboot, the rogue MBR code will display a fake Windows check disk operation

During this operation, the ransomware actually encrypts the master file table (MFT). 

Petya does not encrypt the file data itself, which would take a long time for an entire hard drive, but by encrypting the MFT the OS will no longer know where the files are located on disk.

After the MFT encryption is done, the rogue Petya MBR code will display the ransom message accompanied by a skull drawn in ASCII characters. The message instructs users to access the attackers’ decryption site on the Tor anonymity network and provides them with a unique code that identifies their computer.

The price for the key required to decrypt the MFT is 0.99 bitcoins (BTC), or around US$430.

Check here for more info:

http://www.pcworld.com/article/3046626/security/petya-ransomware-overwrites-mbrs-locking-users-out-of-their-computers.html

Lesson that we could learn from someone who lost her phone

Plain common sense but, we  all ignore it many times

1. Use a password manager
2. Enable two-factor authentication
3. Get into your accounts immediately after a theft and reset your passwords
4. Clear your remembered devices
5. Make sure you have security software on your Android to help with locating your device and remotely wiping it
6. If you have an iPhone make sure "Find My iPhone" is enabled
7. Keep a backup device enabled
8. Have passwords handy, if possible, and try to change them over secure Wi-Fi connections
9. Use a VPN

And.... iPhone users can now password protect their "notes" (iOS 9.3 onwards)


CLICK HERE FORE MORE DETAILS ABOUT WHAT HAPPENED TO THIS USER
http://www.theverge.com/2016/3/20/11265552/find-stolen-android-phone-track-samsung-galaxy-mexico

SDP for IaaS

SDP (Software-Defined Perimeter)  by itself is a new approach , now it is moving to Cloud

(Keeping my fingers crossed  )

Solution:  is still evolving but the ideas are mentioned in the article.

From the Article:

The problem is that traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over-privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.

For more details:

https://blog.cloudsecurityalliance.org/2016/03/02/the-software-defined-perimeter-and-iaas-a-new-initiative/

Top 10 Security Tools according to ToolsWatch.Org Readers

Not all are free

01 – OWASP ZAP – Zed Attack Proxy Project
02 – Lynis
03 – Haka
04 – Faraday
05 – BeEF – The Browser Exploitation Framework
06 – Burp Suite
07 – PeStudio
08 – Nmap
09 – IDA Pro
10 – OWASP Offensive (Web) Testing Framework


Check here:
http://www.toolswatch.org/2016/02/2015-top-security-tools-as-voted-by-toolswatch-org-readers/