• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Rogue Femtocell Sniffs Cellular Data – WSWiR Episode 70

July 19, 2013 By Corey Nachreiner

Google Glass Hijack, Steganography Backdoor, and Femtocell Hack

After a week missing-in-action due to vacation, I’m back with another news-packed InfoSec summary video for the week. If you’d like to quickly hear the highlights about the latest updates, breaches, and malware, give our weekly video a go.

In this week’s episode I cover some interesting new Mac malware, a Google Glass hijacking vulnerability, how to hide web backdoors in images, and a rogue femtocell. For all that and more, click play below; and don’t forget to check the Reference section for extras.

Have a great weekend, and stay safe online!

(Episode Runtime: 15:18)

Direct YouTube Link: https://www.youtube.com/watch?v=pjWEkd2htzQ

Episode References:

  • Chinese researchers fine second APK key vulnerability – Android Police
  • Rekey app fixes master key flaw on rooted Androids – Google Play
  • Clear text passwords found in iOS Tumbler app; upgrade – Read Write Web
  • New Mac malware leverages right-to-left override trick – F-Secure
  • Evil Mac Javascript launches ransomware attack – Malware Bytes Blog
  • Google Glass QR code hijack – The Washington Post
  • The dangers of Google Glass – PC Magazine
  • Lookout Google Glass QR flaw video – YouTube
  • Security researchers create  rogue Femtocell – Reuters
  • Hiding web backdoors in JPG images  – Securi

Extras:

  • Another 0day Java flaw disclosed – Full Disclosure list
  • Malware targets pinterest – Janne.is
  • HD Moore exposes IPMI vulnerabilities – Information Week
  • DEFCON asks Feds to stay home –DEFCON
  • Wall Street to launch cyber attack test – The Boston Globe
  • Oracle fixes 89 vulnerabilities with July CPU – WGSC
  • HP admits backdoors are in data store products – Info World
  • Cheap Android RAT on underground market – Ars Technica
  • NASDAQ community forum hacked – Graham Cluley Blog

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, Blackhat, Edward Snowden, Google, Hacking, Infosec news, Malware, network compromise, NSA, Security breach, Software vulnerabilities, trojan, Ubisoft, Updates and patches, Uplay

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    July 21, 2013 at 7:48 am

    A lot of interesting stories in this review.
    1. First is Tumblr client issue. Curious explanation, that “Tumblr’s iOS app fails to log users in through a secure (SSL) server”… OK, it is. Well, let’s think as a developer. “So, if logging on through secure (SSL) server will be impossible (for some reason), what shall we do? We include, as a “last resort”, logging on functionality with sending credentials in a clear text by HTTP to point of authentication!” Are we think like developer, who cares about security of product use?
    2. Mac malware, leverages RLO trick. The salt is not in RLO itself (though it’s simple and curious trick), but in two moments:
    – not the first case, then Apple’s Developer ID Application fully compromised;
    – Janicab is a complete, full working malware for Mac platform. So, another counter-evidence for people, who think that Mac is “immune to malware by design”. As you can see from screenshots in article – author creates a botnet with Janicab.
    3. Steganography Malware. Another example of great human ingenuity, but destructively oriented. Didn’t know, that so many things can be done with legitimate JPG-format file…

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use