(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: greyweed)

Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones.

In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US.

Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits. Trend Micro Mobile Threats Analyst Veo Zhang wrote:

Read 6 remaining paragraphs | Comments


No need to do anything to make your auditor happy than to purchase the most popular scanning tool
No need to ever leave your cube and speak directly with your system administrators
No need to ever test the scanner on a non-production network in advance
No need to ever let anyone know when your scanstarts, after all an attacker is not going to do that so why should you
No need to worry, if something becomes unavailable during a scan it is totally not your problem
No need to show goodstewardship after the purchase by producing metrics such as the percentage of findings that have been fixed as a percentage of all the findings
No need to seek data that demonstrates your scanner could serve as a platform to improve your security posture
No need to keep your boss informed of your progress, s/he would not understand
No need to divert any of your time from finding things to fixing things
">">No need to hold back, it would be great if you shared your Vulnerability Management best practices">
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The iOS 10 developer betas come with an unencrypted kernel. (credit: Andrew Cunningham)

Apple has made encryption and user privacy a pillar of the iOS platform in recent years, but earlier this week, security researchers made a curious discovery: as reported by the MIT Technology Review, the operating system kernel in the iOS 10 betas released at WWDC last week is unencrypted. This makes it much easier to dig into the code and look for security flaws.

There was some speculation as to why Apple had done this or whether the company had even released an unencrypted kernel on purpose. After declining to comment initially, an Apple spokesperson confirmed to TechCrunch that the kernel had been left unencrypted on purpose but that user data continues to be encrypted as it normally is.

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” the spokesperson said.

Read 2 remaining paragraphs | Comments

Internet Storm Center Infocon Status