Today is a big day for Apple and their millions of users worldwide who are waiting to hear about the latest features for the new iPhone.
The Cupertino-based company was set to unveil what many hope to be big additions in order to stay in the game and compete against Android.
Meanwhile, the bad guys seem to be more interested in robbing Apple users than rejoicing about the big news of the iPhone 5S.
Phishing emails are being sent en masse to harvest people’s Apple ID. The emails contain links to external phishing websites:
Finding software vulnerabilities is a full-time job for some people, but for another group, discovering a flaw in popular software can be like striking gold — either buy making victims pay up or getting paid via bounty hunter programs.
To better understand why discovering flaws is so popular, we’ll examine what a software vulnerability is and most importantly what can be done with it.
ITSEC defines a vulnerability as “the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved.”
The success of a malicious attack is determined by several factors including how well it is crafted and what its distribution channel is.
Over the years, we have seen different methods used by the bad guys to deliver their nasty payloads. Social engineering, the art of tricking people into doing certain things, always yields a pretty good return.
Of course, drive-by downloads, where simply browsing to a site results in your computer getting infected, is also a very popular technique.
To add to these two methods, there’s a third one that we could call extortion where the end user has no other choice but comply with the bad guys’ demands.
Did you ever wonder what it looks like when all these techniques are combined? Look no further:
Fake YouTube showing pornographic videos.
We discovered this legitimate website that had been compromised. It pretends to be YouTube, although you will (our should) never see such content on there since it is very explicit material.
About a month ago, I wrote a blog post explaining how malware can use process memory to its advantage, changing dramatically as it executes using ephemeral memory sections created at runtime. In that article I’ll talked about some basic memory concepts to better aid readers in understanding how programs work when they enter memory and execute.
I’m going to follow up right where we left off with our ZeroAccess Trojan called new-sirefef.exe, starting with dumping the ephemeral memory to disk for static analysis.
In order to dump the memory to disk for analysis, the simplest approach is to use the memory map in OllyDbg, a tool mentioned in the first part of this series. There are other ways to dump the memory, but this method will work fine for our example. Once you open the memory map you can right-click any section of memory and dump it to disk, you can give it any filename you’d like. Continue reading
French video game developer and publisher company Ubisoft suffered a hack to one of their websites according to a statement published today. Customer data including names, emails and encrypted passwords were accessed by unauthorized third parties and should be considered part of the public domain now.
It is not clear how the breach happened as Ubisoft declined to share all the details: “Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons.“. However, their comment seems to suggest that a Ubisoft employee’s credentials were stolen (spear phishing attack perhaps?) and those credentials were sufficient to access sensitive data.