WebProNews

Tag: Sophos

  • Samsung Broke Encryption On 100 Million Phones

    Samsung Broke Encryption On 100 Million Phones

    The world’s largest smartphone maker shipped roughly 100 million phones with broken encryption, putting its customers at risk.

    Modern smartphones rely on encryption to protect data on-device. Android and iOS store the hardware-based encryption keys on the device, taking extreme measures to protect them, given they form the basis of smartphone security.

    Unfortunately for Samsung users, the company’s cryptographic design was severely flawed. According to Threatpost, researchers at Tel Aviv University discovered the flaw that makes it possible for attackers to gain access to the cryptographic keys. Researchers are already condemning the company for its amateurish handling of basic cryptographic principles.

    “Loosely speaking, AES-GCM needs a fresh burst of securely chosen random data for every new encryption operation – that’s not just a ‘nice-to-have’ feature, it’s an algorithmic requirement,” Paul Ducklin, principal research scientist for Sophos, told Threatpost. “In internet standards language, it’s a MUST, not a SHOULD. That fresh-every-time randomness (12 bytes’ worth at least for the AES-GCM cipher mode) is known as a ‘nonce,’ short for Number Used Once – a jargon word that cryptographic programmers should treat as an *command*, not merely as a noun.”

    Unfortunately, Samsung didn’t use the numbers just once.

    “Indeed, it allowed an app running outside the secure encryption hardware component not only to influence the nonces used inside it, but even to choose those nonces exactly, deliberately and malevolently, repeating them as often as the app’s creator wanted,” Ducklin continued.

    The issue impacts a wide range of models, from the 2017 Galaxy S8 to 2021’s Galaxy S21.

    There’s no excuse for any company to be so cavalier in its handling of something as important as encryption. For a company with Samsung’s experience and resources to so blatantly ignore basic security principles is almost criminal.

  • Qualcomm Taps Sophos to Protect 5G Snapdragon PCs

    Qualcomm Taps Sophos to Protect 5G Snapdragon PCs

    Qualcomm is turning to Sophos to help protect 5G-enabled Snapdragon PCs, with its Intercept X endpoint protection.

    With the speeds 5G promises, 5G-enabled PCs stand to play a major role in the industry. A PC with built-in 5G would have enterprise-grade internet access, allowing individuals to work from anywhere they have coverage. In the age of the pandemic, this could open a world of possibilities, and remove slow internet access as one of the biggest challenges to remote work.

    Unlike Intel or AMD processors, Qualcomm’s Snapdragon is based on Arm designs, much like the chips Apple uses in the iPhone, iPad and M1 Macs. As a result, traditional PC software won’t run on the Snapdragon unless it’s compiled specifically for Arm-based processors. This leaves Snapdragon-powered PCs potentially vulnerable, as many of the traditional security options are not available.

    Snapdragon compute platforms mark a major step forward because they provide all the utility and performance of a PC, but with many of the benefits associated with modern mobile computing devices. Security loves predictability, and Sophos is excited to be a part of securing this next-generation computing platform. — Joe Levy, chief technology officer, Sophos.

    Qualcomm’s deal with Snapdragon is a major step toward helping Arm-based computers go mainstream.

  • Sophos Suffers Data Exposure Incident

    Sophos Suffers Data Exposure Incident

    Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database.

    According to ZDNet, customers’ personal information was exposed, including names, emails and phone numbers. The company informed impacted customers via email, which ZDNet got a copy of.

    On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.

    The company confirmed the breach to ZDNet, saying that only a “small subset” of its customers were impacted. Nonetheless, this is the second major security issue this year for Sophos, a major source of embarrassment for a company in the business of providing computer security to its customers.

    The company tried to assure customers it was doing everything it could to address the issue.

    At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.

  • Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited

    Sophos Issues Hotfix For Firewall Zero-Day Being Actively Exploited

    Sophos has issued a hotfix for its XG Firewall to patch a zero-day exploit that was being actively exploited by hackers.

    According to Sophos, the firm was first made aware of the issue on April 22 by a customer who noticed “a suspicious field value visible in the management interface.” After investigating, Sophos determined the value was not a bug, but indicative of an attack against both physical and virtual XG Firewall units.

    “The attack used a previously unknown pre-auth SQL injection vulnerability to gain access to exposed XG devices,” reads the security bulletin. “It was designed to exfiltrate XG Firewall-resident data. Customers with impacted firewalls should remediate to avoid the possibility that any data was compromised. The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts. For example, this includes local device admins, user portal accounts, and accounts used for remote access. Passwords associated with external authentication systems such as Active Directory (AD) or LDAP were not compromised.”

    Because Sophos issued a hotfix for the vulnerability, a message should display on the XG management interface informing customers if their units were impacted. Uncompromised customers do not need to take any additional action, while compromised customers are encouraged to reset device administrator accounts, reboot the devices and reset passwords for local user accounts. If users had reused their XG passwords anywhere else, those should also be reset.

  • Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Security firm Sophos has once again warned of the dangers of “fleeceware” on the Google Play Store.

    Fleeceware is a term for apps “where users could be charged excessive amounts of money for apps if they don’t cancel a ‘subscription’ before the short free trial window closes.” Sophos had previously warned of the dangers of fleeceware but, rather than improving, the problem has only gotten worse.

    Following Sophos’ initial report, Google removed the apps that were highlighted, but unscrupulous developers have continued to create and release new fleeceware apps. In fact, “the total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.”

    To make matters worse, uninstalling the app does not cancel the subscription. Many publishers of these apps have a complicated process for canceling, designed to extend the “subscription” as long as possible. Sophos recommends keeping copies of all correspondence with one of these publishers so it can be shared with Google if needed.

    600 million downloads spread out over less than 25 apps is a shocking number of malicious downloads and illustrates the need for Google to do a better job of vetting apps. Apple is often criticized for its ‘walled garden’ approach but, in light of Sophos’ report, Apple’s approach doesn’t look too bad.

    If you are an Android user, there’s the list of known fleeceware apps, courtesy of Sophos:

     

    Play Store Fleeceware Apps via Sophos
    Play Store Fleeceware Apps via Sophos

  • Fake Facebook Emails Claim You Have Missed Notifications

    When browsing your inbox, be cautious around any email you receive claiming that you have Facebook notifications pending. That’s because a new email scam is on the loose and it’s targeting Facebook users.

    This new email scam comes packaged in a highly convincing fashion and claims to come directly from Facebook. The subject line will tell you that “you have notifications pending,” and the body will say “Hi, here’s some activity you have missed on Facebook.” The email will also prompt recipients to click buttons to “Go To Facebook” and to “See All Notifications.”

    Of course, the only words of advice here are to stay away from those links.

    Here’s an actual, non-scammy notification email from Facebook:

    And here’s the scam email. You can see how people could be fooled – the scammers have done a remarkable job rendering a similar design to the message.

    According to Sophos’ Naked Security blog, the links took them to a Canadian pharmacy site that offered male enhancement drugs like Cialis and Viagra – typical. “Chances are that the spammers are earning affiliate cash by driving traffic to the pharmaceutical website,” they said.

    Of course, these types of links could take you on any number of malicious trips – a phishing site, a site containing malware, etc. Just be on your toes, Facebook users.

  • Don’t Click the Link for the Facebook “Dislike” Button

    Many Facebook users have long awaited the arrival of a "dislike" button for status updates that they find dumb, repulsive, or just annoying. If you happen to see someone on the social network claiming to have found one, however, don’t buy it. It’s a scam.

    Sophos Senior Technology Consultant Graham Cluley points to the scam, saying, "It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including ‘Justin Bieber trying to flirt‘, ‘Student attacked his teacher and nearly killed him", "the biggest and scariest snake‘ and the ‘world’s worst McDonald’s customer’."

    Cluley has several screenshots of different parts of the scam that one might encounter (such as the one below). The perpetrators clearly went all out in their deception efforts.

    Facebook Dislike Button Scam - Image Credit - Sophos
    Image Credit: Sophos

    Keep in mind, there are variations of the actual status updates that claim to point to the dislike button. Don’t believe any of them. It’s probably best to ignore any such thing until Facebook makes an official announcement, unveiling a dislike button. I wouldn’t hold your breath for that either.

  • U.S. Remains Top Spamming Country

    The United States continues to be the top country for spam, accounting for 15.2 percent of all global spam, an increase from 13.1 percent in the first quarter of 2010, according to a new report by Sophos.

    India trails the U.S., accounting for 7.7 percent of worldwide spam, followed by Brazil (5.5%), the UK (4.6%) and South Korea (4.2%).

    Graham-Cluley-Sophos "It’s sad to see spam relayed via compromised European computers on the rise – the UK, France, Italy and Poland have all crept up the rankings since the start of the year," said Graham Cluley, senior technology consultant at Sophos.

    "Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also steal identity and bank account information. It’s an uphill struggle educating users about the dangers of clicking on links or attachments in spam mails, and that their computers may already be under the control of cybercriminals."

    Europe has become the top spam-relaying continent, accounting for 35 percent of all spam, edging out Asia with 30.9 percent. North America and South America are responsible for 18.9 percent and 11.5 percent of spam respectively, while Africa accounts for 2.5 percent.

    "Spam will continue to be a global problem for as long as it makes money for the spammers. It makes commercial sense for the criminals to continue if even a tiny proportion of recipients clicks on the links," explained Cluley.

    "Too many computer users are risking a malware infection that sees their computer recruited into a spam botnet. To combat the spammers, it’s not only essential for computer users to run up-to-date security software, they must also resist the urge to purchase products advertised by spam."

     

  • Facebook Users Consider Leaving Over Privacy Worries

    Facebook’s privacy issues have 60 percent of its members considering leaving the social network, according to a new survey by IT security firm, Sophos.

    The survey of 1,588 Facebook users found that 16 percent of those polled have already stopped using the social network due to inadequate control over their data.

    Sophos says the survey revealed that the majority of users are frustrated with the lack of control that Facebook gives them over their own data. Most don’t know how to set their Facebook privacy options safely, and find the process confusing.

    Facebook-Privacy

    "A mass exodus from Facebook seems unlikely, but Facebook members are clearly getting more interested in knowing precisely who can view their data," wrote Graham Cluley, Senior Technology Consultant, Sophos, in a blog post.

    "With this survey showing that only 24% of users aren’t thinking about quitting, Facebook will need to make sure further changes to the privacy policy are clear, concise and in the interest of making it easier for members to know exactly who has access to whatever they chose to upload."
     

     

  • US Still Main Source Of Spam

    US Still Main Source Of Spam

    The United States continues to be the main source of spam, relaying more than 13 percent of global spam, according to a new report from Sophos.

    (more…)

  • As Companies Relax on Social Media, Threats Increase

    Even as social media has grown to be a much more widely accepted form of communication among businesses over the years, there is still plenty of data out there depicting the flaws and setbacks that can occur when social networks are used in the business environment. Just as with email or web surfing in general, there are security concerns, and a new report (pdf) from security firm Sophos claims that malware and spam have increased by as much as 70% on social networks from a year ago.

    How big of a security concern do you find social media to be? Discuss here.

    The firm surveyed over 500 organizations and found that 36% of users claim to have been sent malware via social networking sites, which is an increase of 69% from last year.

    "Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," said Graham Cluley, senior technology consultant for Sophos. "The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks."

    Social Networks - Spam/Malware reports

    Social Networks - Malware Concerns

    Of course front and center of everybody’s attention is Facebook, the world’s most popular social network. Sophos found that out of those surveyed, 60% believe Facebook poses the biggest security threat out of social networks, compared to just 18% naming MySpace, 17% naming Twitter, and 4% naming LinkedIn.

    "We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard," says Cluley. "The truth is that the security team at Facebook works hard to counter threats on their site – it’s just that policing 350 million users can’t be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet."

    Although LinkedIn was cited as the network among the top four that sparks the least amount of concern from survey participants, Cluley notes that it has its own significant risk factors, which should not be overlooked.

    Graham Cluley

    "Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," he explains. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions. This makes it child’s play to reverse-engineer the email addresses of potential victims."

    According to Sophos’ findings, 49% of firms allow all their staff unfettered access to Facebook, a stat that is up 13% from last year.

    "The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," says Cluley. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some ‘social security’ instead."

    As Cluely suggests, social networks have simply become part of the way we do business. At this point for a lot of companies, shutting down access in not an option. The reality is that no matter which way you communicate online, there are going to be threats. This is true not only in the corporate world, but in general life. As social networking becomes more location-oriented, you have to wonder if cyber crime might lead to an increase in physical world crime. That’s a scary thought.

    Is social media worth the security risks to your company? Share your thoughts.

    Related Articles:
     

    Businesses Benefit as Customers Share Current Locations

    Customer Connections Now Important for Google Results

    Facebook Most Popular Mobile Social Website