Showing posts with label Samsung. Show all posts
Showing posts with label Samsung. Show all posts

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Posted by Avik Sarkar On 12/21/2012 07:17:00 pm

Samsung Galaxy S III, S II & Note II Vulnerable to Inject Malicious Code Directly into Kernel

Serious security hole has been discovered in Samsung smartphones. According to a member of XDA-Developer forum named 'alephzain' the vulnerability exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. As per sources the vulnerability is marked as "severe". This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats. Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.” 
While talking about security holes in Samsung phones, then we would like to remind you that few moths ago, researcher have unveiled several android based handsets including Samsung Galaxy S3, S2 were vulnerable to 'remote wipe' hack.   




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vulnerability Found in Samsung Printers Allowing Remote Hack

Posted by Avik Sarkar On 11/29/2012 06:02:00 pm

Vulnerability Found in Samsung Printers Allowing Remote Hack 

Bad news for those who are using Samsung and Dell-branded printers, as in an advisory U.S. Computer Emergency Readiness Team (US CERT) issued an warning that a hard coded administrative account could allow remote attackers to take control of their device. According to the vulnerability note (VU#281284)Samsung printers contain a hardcoded account that could allow a remote attacker to take control of an affected device. Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. Manipulating the above vulnerability a remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution. 
Solution:-
Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.
Block Port 1118/udp
The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access:
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location.

While talking about vulnerabilities in Printer, then we would like to remind you that late in last year Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. Later HP issued firmware to fix those security hole.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BlackBerry PlayBook The Most Secure Tablet For BYOD Solution

Posted by Avik Sarkar On 10/07/2012 07:39:00 pm

BlackBerry PlayBook The Most Secure Tablet For BYOD Solution

Now a days users of tablet is increasing everyday. Millions of people across the globe are using tablet for both personal and professional purposes. While the number of users and purposes of using tablet are rising, besides the matter of privacy and security arises. There are many companies who are manufacturing tablet, but before choosing, we should know which one is secured than others. According to a recent report by Context Information Security -the PlayBook of BlackBerry is the only device among three top tablets that gives users a good, safe division between their work and personal computing, a recent technology audit concluded.  The report faulted the PlayBook, as well as the Apple iPad and the Samsung Galaxy Tab, for default settings that don't automatically encrypt backups, and for not offering complementary and compatible tools for IT teams to manage a large number of devices at the business level. According to Jonathan Roach, Principal Consultant at Context and author of the report "While the iPad and BlackBerry PlayBook performed better, both still have security deficiencies -- including desktop software that fails to encrypt backups by default." He also said "Context found the PlayBook to be the most work-ready personal tablet of the three, due to its Bridge application's excellent support of barriers between work and personal profiles," 
According to report by contrast, Apple's wildly popular iPad sold more than 17 million units last quarter. Context found the iPad to be the second-most-secure device, citing its "robust data protection and damage limitation facilities," but said on its news page that the device was still vulnerable to jailbreak attacks and "ineffective disk encryption unless a strong passcode policy is applied." 
The report also found the Galaxy Tab's security features to be the least work-play ready, with weak disk-encryption support. The Galaxy Tab's lack of tools tailored to enterprise use makes it "very difficult to manage more than a small number of Galaxy Tabs in an enterprise environment," a point Apple also falls short on. The report criticized the Galaxy Tab's encryption as well. Even with encryption enabled, the report found that Samsung's device still "allows badly-written apps to store sensitive information on the unencrypted SD card." The report also praised all three tablets for their support of Exchange ActiveSync, a feature that allows crucial security settings to be managed from a central server running Microsoft software. But the study noted important differences among the devices that may make some tablets more appropriate for dual use in both the home and the office.
"Despite that security advantage, RIM only managed to ship 130,000 tablets last quarter. By contrast, Apple's wildly popular iPad sold more than 17 million units last quarter. Context found the iPad to be the second-most-secure device, citing its 'robust data protection and damage limitation facilities,' but said on its news page that the device was still vulnerable to jailbreak attacks and 'ineffective disk encryption unless a strong passcode policy is applied" -Jonathan added


To Download the full Report Click Here


-Source (Context Information Security & NBC News)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Samsung Galaxy S3, S2 & HTC Android Phones are Vulnerable to 'remote wipe' Hack

Posted by Avik Sarkar On 9/29/2012 02:33:00 am

Samsung Galaxy S3, S2 & HTC Android Phones are Vulnerable to 'remote wipe' Hack

Yet again a large number of Android users have been warned of a security hole. Security experts have uncovered that millions of Android handsets including the Samsung Galaxy S3, Galaxy S2, HTC One X and HTC Desire can be wiped just by visiting a malicious website that embeds particular code in weblinks. A user with a vulnerable handset who visits a page and clicks a link containing the malicious code would see their phone wiped, losing personal data such as photos and texts as well as repleaceable data such as contact details and apps. The flaw is caused by a security hole in some versions of Android's dialler software, which allows the "tel:" URL prefix to be used on a webpage to perform functions on the phone's dialling software. Normally that is useful for functions such as initiating a call on the handset directly from a site. But the tel: prefix can also be used to pass a string of non-numeric data to the dialler.
Special strings of characters can perform other functions; for example typing #06# on the dialler will display a phone's IMEI number. The flaw exploits a string that activates a factory reset of some phones because they do not force a user interaction before carrying out the function encoded in the string. The code would have to be embedded as a link to cause the user to activate it - but it would be easy to represent it as an innocent link to Google or any site. Pressing the link would initiate the wipe.
Users of vulnerable handsets may be able to install a third-party dialler and make that the default as protection against the "remote wipe" attack. Experts also pointed out that not all Android handsets have the capability for a remote wipe built in - although the number of models discovered with the vulnerability has grown since it became known on Tuesday.
Dylan Reeve, a New Zealand-based TV editor who first brought the flaw to wide notice, says that Samsung Galaxy phones which use Android 4.1 will be safe from the hack. But that still leaves millions of Galaxy S2 and some S3 models which will not have had the correct revision of the firmware rolled out to them and which could be hit.  
Though the vulnerability was fixed in Android's core code earlier this year, that code has not been propagated to every handset in use. The fact that the flaw existed in handsets from Samsung and HTC - the two biggest vendors of Android handsets - also suggests that a huge number of existing handsets could include the outdated code.

Samsung said in a statement that it has already provided a patch for the Galaxy S3, but it is not clear how long that will take for operator approval and rollout. In general software updates to any phone have to first be tested and approved by the carrier supporting the phone. Samsung said it is testing a patch for the Galaxy S2, but had no information on when it will be available or how it will be distributed. But HTC has issued a statement saying that "our devices do not support a USSD code to factory reset option." This means that they should not be vulnerable to the exploit described below.


-Source (Guardian)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search