Apple is in the news again, but not for anything good

Apple is in the news again, but not for anything good.

Jonathan Leitschuh, a security researcher, recently unearthed a serious security flaw that allowed a hacker to activate a Mac computer's webcam without alerting the computer's owner.

The problem is a program called Zoom.

The Zoom software installs a web server on the owner's computer, which is designed to provide a rapid launch feature for the on-board camera when users click on a web link.  The server is also designed to re-install Zoom's software if it gets removed for any reason.


Full Article:


Cybersecurity threats are no longer just a big company problem


The cybersecurity landscape has changed — what was once considered “just a large company” problem now affects companies of all sizes. While many small business owners continue to operate under the belief that security breaches only impact large businesses — likely a result of the intense media focus on massive security breaches like Equifax, Apple, and Target — this could not be further from the truth.

Attacks on small- and medium-sized businesses (SMBs) are on the rise and the associated costs can be detrimental to their business. In fact, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 according to a study conducted by the Ponemon Institute. Meanwhile, the average cost of the disruption to normal operations increased from $955,429 to $1,207,965.

In response, SMBs worldwide are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market.


Full Article

Researchers Recently Discovered A New Mysterious Malware Strain

Researchers at the cybersecurity firm Anomali have discovered a completely new type of malware that's disturbing on several levels.

Worse is the fact that the researchers aren't quite sure what it does.

The new strain has been dubbed 'IPStorm' by its creators, who at this point, remain unknown.

Of interest is the fact that it is the first malware found in the wild that makes use of the IPFS P2P network for its command and control communication.  By doing so, it can hide its network activity amid legitimate streams of P2P network traffic, making it virtually undetectable. IPFS is an open source P2P file sharing network used to store and share files.  Among other things, it's currently being used to host a version of Wikipedia that can be accessed in countries where access to the website proper is blocked.

The malware has been written in the Go programming language, but researchers haven't been able to ascertain at this point how it begins its initial infection cycle.  They have discovered that the malware package itself has been split into a number of parts, which is an indication that the group responsible for its initial development knows what they're doing.

The researchers added: "By breaking functionality out into different Go packages, the codebase is easier to maintain.  Also, the threat actor can break out things into modules to make it easier to swap out or reuse functionality."

On top of that, IPStorm comes with a number of antivirus-evasion techniques built-in. When it copies itself onto a target system, it uses folder names that relate to Microsoft or Adobe systems, making it unlikely that even a savvy, observant user would notice it right away.

The researchers estimate that right now, the IPStorm botnet consists of some 3,000 machines, which is a surprisingly small number and a clear indication that the malware is in a very early stage of development.  Keep this one on your radar.  It's not a big threat at the moment, but it certainly has the potential to be a major problem in the months ahead.

Used with permission from Article Aggregator


If you are one of the millions who own a device like a phone, laptop etc. with a USB port then never charge these devices in public places such as Starbucks, airports or hotel lobbies. It's too risky and criminals target these public places like 'bees round a honey pot'.

Cyber criminals can easily modify USB charging ports and install malware on your device, they then have access to all your personal data including photos, text, emails and contacts. This cyber crime is called 'juice jacking'.

As a cyber security analyst  once said “Plugging into an public USB port is kind of  like finding a toothbrush on the side of the road and deciding to stick it in your mouth!  You have no idea where that thing has been.”

This is an easy problem to solve though; just bring your own charger cord and plug it into a regular wall socket. Alternatively, use a 'power bank' to charge your phone and other devices.