Ashish Chhatani WRITINGS

According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet

A vulnerability in the MySQL database could allow attackers to completely compromise some servers. The vulnerability affects "all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions," as well as the MySQL-derived databases MariaDB and Percona DB, according to Dawid Golunski, the researcher who found it. The flaw, tracked as CVE-2016-6662, can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges if the MySQL process is started with the mysqld_safe wrapper script. The exploit can be executed if the attacker has an authenticated connection to the MySQL service, which is common in shared hosting environments, or through an SQL injection flaw, a common type of vulnerability in websites. Golunski reported the vulnerability to the developers of all three affected database servers, but only MariaDB and Percona DB received patc

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts. What is BEC? Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. BEC involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations. Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers. Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employee

What is Ransomware? Ransomware   is one type of malware which prevents or limits users from accessing their system.   File-encrypting ransomware which is also called as Cryptolocker applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator rights. What’s this Clickjacking? Clickjacking is a method that involves manipulating the UI in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements. Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an

Dell  installed a self-signed root certificate  and corresponding private key on its customers’ computers, apparently without realizing that this exposes users’ encrypted communications to potential spying, in an attempt to streamline remote support. Even more surprising is that the company did this while being fully aware of a  very similar security blunder  by one of its competitors, Lenovo, that came to light in February,2015. This incident surely raises questions on Dell’s Research and Development team. In Lenovo’s case it was an advertising program called Superfish that came preinstalled on some of the company’s consumer laptops and which installed a self-signed root certificate. In Dell’s case it was one of the company’s own support tools, which is arguably even worse because Dell bears full responsibility for the decision. Dell actually took advantage of Lenovo’s mishap to highlight its own commitment to privacy and to advertise its products. The product pages for Dell’s

STAGEFRIGHT- a vulnerability that made tech giants sleepless WHAT IS STAGEFRIGHT? Stagefright is a serious vulnerability found in Android's media processing service. The Android service that processes multimedia files has been the source of some vulnerabilities. In recent time, including a new one that could give rogue applications access to sensitive permissions to access the data.The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS). WHO DISCOVERED? This latest vulnerability in Android's media server component was discovered by security researchers from antivirus firm Trend Micro and Joshua Drake,vice president of platform research and exploitation at mobile security firm Zimperium. BRIEF ME ABOUT THIS: Drake developed the dangerous exploit that only requires knowing the victim’s phone number. He found multiple vulnerabilities in a core component called  Stage fright  which is used to