On the Wire Podcast: Ransomware
Ransomware is one of the nastier and more insidious threats to emerge in the last decade, and the attackers using it have targeted consumers and businesses alike. Threats such as CryptoLocker, Locky, Cryptowall, and many others have been locking up users’ files and demanding hundreds or thousands of dollars in order to decrypt them. Security […]
Google Allo Brings Encryption, Auto-Deleted Messages
Google’s new Allo messaging app is less than a day old, but it already has attracted a lot of attention from the security and privacy communities, thanks to its inclusion of end-to-end encryption and disappearing messages. Not all of the attention has been positive, however. Allo is a combination app that includes typical chat capabilities […]
Clickjacking Bug Affects 95 Percent of Android Devices
Researchers have found that a vulnerability in Android that allows attackers to trick users into granting apps elevated privileges affects more devices than had originally been thought–nearly 96 percent of all Android devices. The vulnerability is not a typical bug. It relies on some user interaction and lies in the way that Android allows apps […]
Ransomware Attack and Defense
By Jessy Irwin In the US, ransomware is earning a significant amount of media attention for shutting down schools and hospitals, but a recent study points to Canada as the country 4th most likely to be a victim of ransomware attacks. With that in mind, this document presents background information, security recommendations and policy for […]
SamSam and the Rise of Corporate Ransomware
The SamSam ransomware that caused serious damage to a California hospital and has infected many other enterprises in the United States is continuing to evolve and add new functionality as its developers look to stay ahead of researchers and defenders. SamSam is part of the newer wave of ransomware variants that don’t just rely on individual […]
FCC, FTC Demand Info From Carriers and Vendors on Security Updates
The FCC and FTC are demanding information from wireless carriers and device manufacturers on their processes for developing and deploying security updates, including whether carriers delay updates for operating systems with known vulnerabilities or stop offering patches for older versions of an OS. The letter from the FCC went to all of the major United […]
Inside the AlphaLocker Ransomware
The ransomware ecosystem has developed largely underground, and insights into the way that the malware is developed and controlled are rare. But researchers at Cylance recently got an inside look at the way that AlphaLocker ransomware goes about its business and found that the operation is surprisingly simple and yet still quite effective. AlphaLocker is […]
Old Android Bug Gives Attackers Access to Texts, Calls
There is an old, high-severity vulnerability in Android that could allow an attacker to gain access to a user’s SMS database and phone history. The bug has been in Android for at least five years and affects a huge number of Android devices. The vulnerability lies in a software package that Qualcomm maintains and it […]
Researchers Find Serious Flaws in Samsung SmartThings Platform
Researchers at the University of Michigan have identified a set of vulnerabilities in Samsung’s SmartThings platform that allowed them to remotely unlock doors, set off smoke alarms, and perform other unwanted actions through the use of overprivileged apps. SmartThings is a platform designed to support the use of a variety of connected devices in a […]