Non muoverti e il malware per Android non farà danni

Due app, (ora non più) presenti nel Google Play Store, che dovrebbero essere di pubblica utilità, più precisamente una per convertire valuta (Currency Converter) e l’altra per prolungare la durata della batteria dello smartphone (BatterySaverMobi); in realtà integrano un malware attivato dal movimento: se i sensori presenti sui dispositivi delle vittime rilevano movimento, non sono… Read more »

Quiz ruba-dati infettano gli utenti Facebook

Dopo lo scandalo di Cambridge Analytica altri quiz sono accusati di aver rubato dati agli utenti Facebook. Qualcosa, però, è cambiato stavolta: Facebook accusa gli utenti di aver installato alcuni plugin (che infettavano gli utenti mascherandosi da quiz) e, di conseguenza, aver compromesso la propria sicurezza volontariamente. Gleb Sluchevsky e Andrey Gorbachov, accusati di aver… Read more »

(Italiano) Il malware Digmine estrae crittovaluta via Facebook

Sorry, this entry is only available in Italian.

Tracking People Without GPS

Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they’re performing. Whether they’re walking, driving a car, or riding in a train or airplane, it’s pretty easy to figure out when you know what you’re looking for. The sensors can determine how fast a person… Read more »

(Italiano) Loapi: il trojan che brucia la batteria dello smartphone

Sorry, this entry is only available in Italian.

On Deniability and Duress

Imagine you’re at a border crossing, and the guard asks you to hand over all of your electronics for screening. The guard then asks that you unlock your device, provide passwords and decryption keys. Right now, he’s asking nicely, but he happens to be carrying an unpleasant-looking rubber hose, (Yes, cryptographers actually do call this… Read more »

  • English-Italian Translations

    Secure Erasing Android Devices Guide for the Super Paranoid Seller.

    Posted on by

    Any of my friends would tell you that I’m crazy paranoid about malicious users–especially when I sell off my old electronics. I’m the type of guy who’d prefer to put a nail through an old device. Unfortunately I’m also the type of guy that likes to buy the new Nexus devices every time they release–so… Read more »

  • English-Italian Translations

    Using heartbeats as passwords to secure medical devices

    Posted on by

    It is time to start thinking of our hearts as random number generators. That’s so they can serve as passwords to secure medical devices that are vulnerable to hacking, researchers at Rice University have proposed. In

  • Bruce Schneier, English-Italian Translations

    iPhone Sensor Surveillance

    Posted on by

    The new iPhone has a motion sensor chip, and that opens up new opportunities for surveillance: The M7 coprocessors introduce functionality that some may instinctively identify as “creepy.” Even Apple’s own description hints at eerie omniscience: “M7 knows when you’re walking, running, or even driving…” While it’s quietly implemented within iOS, it’s not secret for… Read more »

  • English-Italian Translations

    Whatever Happened to Facebook Likejacking?

    Posted on by

    Back in 2010, Facebook likejacking (a social engineering technique of tricking people into posting a Facebook status update) was a trending problem. So, whatever happened to likejacking scams and spam? Well, Facebook beefed-up its security — and the trend significantly declined, at least when compared to peak 2010 numbers. But you can’t keep a good… Read more »

  • English-Italian Translations

    Android Hack-Tool Steals PC Info

    Posted on by

    Yeh, one of our Security Response Analysts, came across an interesting report on a Chinese forum over the weekend about an Android app that basically turns the device into a hack-tool capable of stealing information from a connected Windows machine. He managed to find a sample (Md5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (we… Read more »

  • English-Italian Translations

    Your BMW can be stolen by any idiot with a $30 hacking kit

    Posted on by

    On-board diagnostics (OBD) security bypass kits, replete with reprogramming modules and blank keys, are reportedly enabling low-intelligence thieves to steal high-end cars such as BMWs in a matter of seconds or minutes. According to The Register, the $30 bypass tools are being shipped from China and Eastern Europe in kit form to unskilled criminals. It… Read more »

  • English-Italian Translations

    ZeuS Ransomware Feature: win_unlock

    Posted on by

    Earlier today, while doing our daily data mining, we came across a new variant of ZeuS 2.x. It includes a new backdoor command called: win_unlock. Very interesting, turns out this slightly modified ZeuS 2.x includes a ransomware feature. When this particular variant is executed, it opens Internet Explorer with a specific page (lex.creativesandboxs.com/locker/lock.php) and prevents… Read more »

  • English-Italian Translations

    No Reservations – Remote Access Trojan Pilfers Credit Cards from Hotels

    Posted on by

    Our intelligence center researchers recently uncovered a fraud “package” being sold in underground forums that uses a remote access Trojan to steal credit card information from a hotel point of sale (PoS) application. This scheme, which is focused on the hospitality industry, illustrates how criminals are planting malware on enterprise machines to collect financial information… Read more »

  • English-Italian Translations

    Android malware poses as Angry Birds Space game

    Posted on by

    Android malware authors have seized an opportunity to infect unsuspecting smartphone users with the launch of the latest addition to the immensely popular “Angry Birds” series of games. SophosLabs recently encountered malware-infected editions of the “Angry Birds Space” game which have been placed in unofficial Android app stores. Please note: The version of “Angry Birds… Read more »

  • Bruce Schneier, English-Italian Translations

    Law Enforcement Forensics Tools Against Smart Phones

    Posted on by

    Turns out the password can be easily bypassed: XRY works by first jailbreaking the handset. According to Micro Systemation, no ‘backdoors’ created by Apple used, but instead it makes use of security flaws in the operating system the same way that regular jailbreakers do. Once the iPhone has been jailbroken, the tool then goes on… Read more »