Silent Circle's Blackphone:- The World's Most Secure Solution in Mobile Privacy.

The Blackphone, a privacy and security focused encrypted Smartphone from Silent Circle and Spanish Smartphone maker Geeksphone was announced today at the Mobile World Congress expo in Barcelona.
The Blackphone handset, which is being unveiled at the event, goes on sale in June for $629.

It works on a fully security-hardened version of of Android called PrivatOS and is pre-installed with lots of privacy-enabled applications such as secure calling and text messaging, encrypted file transfer and video chat.
The communications functions will be based on technology from Silent Circle, a U.S. provider of secure messaging co-founded by a respected Cryptographer Phil Zimmermann, best known as the creator of Pretty Good Privacy (PGP), which is a widely used email encryption software.
It has a 4.7-inch HD IPS display, a 2GHz quad-core processor, 16GB of storage, an 8-megapixel camera, LTE connectivity.
There is also a Wi-Fi connection manager for greater security on public networks, and a software that makes it possible to securely remote-wipe your device, and facilitate its recovery.Plus bundled in your cost of device are two years of Silent Circle, two years of Disconnect (secure/non-trackable search), two years of SpiderOak (secure cloud storage), unlimited use of Kismet (Wi-Fi analyzer product), and some gift subscriptions to Silent Circle so that your friends and family won’t have to sign up separately to talk with you.
Blackphone cannot mask metadata entirely from NSA.

Banking Malware Distributed via YouTube Ads.

Malvertising attacks are becoming more and more common and it appears that not even YouTube users are safe.
Security researchers from Bromium Labs recently found that YouTube advertising network has been used by cyber criminals to distribute malware. According to experts, cyber criminals compromised an ad network and were redirecting users to malicious websites, hosting the 'Styx Exploit Kit' and infect users computer with Caphaw Banking Trojan..
This particular exploit kit is designed to exploit java vulnerability (CVE-2013-2460) in outdated versions, once in the targets computer system the malware detects the Java version installed on the operating system and based upon it loads suitable exploit compatible with the installed java version.
The command and control server (C&C) used by the cyber criminals appears to be hosted in Europe and it relies on a domain generation algorithm (DGA). Researcher has notified Google of the attack, but so far, they still do not know how the cyber criminals have pulled it off to evade Google’s internal advertisement security checks.And how many users had become victim of this attack is yet a question.
Google has confirmed that a rogue advertiser was behind this malvertisment and also said it has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again.

EC Council hacked again,website defaced.


EC-Council, an organization that offers Certified Ethical Hacker(CEH) has been hacked by a hacker named Eugene Belford (A character from the 1995's movie "Hackers").
Passport and photo ID details of more than 60,000 security professionals who have obtained or applied for the EC-Council's Certified Ethical Hacker certification are at risk after the breach, many of whom work in sensitive political and military positions. They include members of the US military, FBI, United Nations, and National Security Agency.
The hacker left the EC-Council website with the Passport of Edward Snowden and documents proving that Snowden attended the CEH classes in India.

The self-described "certified unethical software security professional" responsible for the attack reportedly used a DNS redirect to access those details, which were stored in an inadequately protected location.
When we take a look at the source code, we can see that the hacker has uploaded two pictures directly on to the EC-Council web server.
As of still it seems as though EC-Council has not gained control of their website.  An update was posted on the EC-Council site stating:
“owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/ -Eugene Belford

P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”.

'The Mask', A Sophisticated cyber spying operation that has been under the mask for about 7 years.

Kaspersky Lab’s security research team have uncovered "The Mask" (aka Careto) a highly sophisticated cyber spying operation that has been alive since at least 2007 infecting more than 380 high-profile targets in 31 countries after investigating and monitoring data found on a set of command-and-control (C&C) servers used by the attackers. The main targets of the operation are government institutions; embassies and other diplomatic missions; energy, oil and gas companies; research institutions; private equity firms and activists.
Researchers dubbed the whole operation “The Mask,” the English translation for the Spanish word Careto, which is what the attackers called their main backdoor program. Based on other text strings found in the malware, the researchers believe its authors are probably proficient in Spanish.
Kaspersky's researchers believe this could be a nation-state sponsored operation as the level of operational security is not normal for cyber-criminal groups and might be new players on the global nation-state cyber-espionage stage.
When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyze WiFi traffic, screen captures and monitor all file operations, collecting a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP (remote desktop protocol) files.They also found several extensions which have not been able to identify and could be related to custom military/government-level encryption tools.
 Infections have been observed in: Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela.
malicious links seemed to point to news websites, most of them Spanish dailies like El Mundo and El Pais. But they also included fake links to The Guardian, The Washington Post and Time.
The Mask Malware was designed to infect the 32- and 64-bit Windows versions, Mac OS X and Linux versions, but researchers believe that possibly there may be more versions for Android and iPhones (Apple iOS) platforms.
Researchers said,"This is not very common in APT [Advanced Persistent Threat] operations, putting the Mask into the ‘elite’ APT[Advanced Persistent Threat] groups section"because they observed a very high degree of professionalism in the operational procedures of the group behind this attack, including monitoring of their infrastructure, shutdown of the operation, avoiding curious eyes through access rules, using wiping instead of deletion for log files, etc.
This is why they call it Careto, or "The Mask."

Snapchat vulnerability allows hackers to launch DDoS attack and remotely crash your smartphone.

A new security bug has been reportedly discovered in photo sharing app, Snapchat,which could launch a DDoS attack on users  smartphones and cause them to crash.
Jamie Sanchez, a Security researcher first reported the vulnerability .The bug could allow hackers to overload user's inbox with messages, and crash the iPhone, requiring the user to reset their device, and make Android devices noticeably slower.

demonstrated the vulnerability to LA Times reporter,With consent, he sent 1,000 messages in 5 seconds to reporter account, which crashed his iPhone. Android phones apparently won’t crash with the attack, but they will significantly slow down, and the app itself becomes crippled.
He declined to contact Snapchat with his findings as he believes the company has no respect for the cyber security research community which was proved recently when the company did not pay much heed to researchers' warning about a vulnerability that could expose user data and ultimately published phone numbers of about 4.6 million users to prove their point.

the bug could allow hackers to overload an inbox with messages, and crash the iPhone, requiring the user to reset their device, and make Android devices noticeably slower.  - See more at: https://www.authintmail.com/article/technology/snapchat-vulnerability-can-crash-your-smartphone#sthash.mpgzAVPJ.dpuf

QR Codes: Quick Response or a Quick Virus code?

Before scanning that QR code you just saw give it a second thought, Is it a clean code that will redirect you to an authentic site for the information you seek or a malicious code to breach your mobile security?

It seems like everywhere you look these days in business cards, ads, posters, websites, magazines, buses, almost on any object about which you might want to know more, you see a QR code which have proved to be the cheapest and easiest way to link the real world with the virtual.
QR code short for ‘Quick Response' code is a small two dimensional barcode that somewhat look like a scrambled checkerboards, invented by the Japanese corporation Denso Wave in 1994. Although these codes have been around for almost two decades, they were mainly used for industrial purposes until the last few years.

Why are QR codes so popular?
A Quick Response code is a type of matrix barcode that can store alphanumeric characters, in the form of URL's or text encoded in both vertical and horizontal direction, thus increasing its capacity of holding data than the traditional single dimensional barcodes i.e. 7,089 numeric characters or 4,296 alphanumeric characters and can store up to 2KB of data.
All you have to do is take a picture of a QR code with your smartphone camera and a QR reader application to scan it, the link within will direct you to websites, online videos or launch apps. The problem is there is no way to tell what's behind that QR code until scanned by QR code reader app. The biggest risk is if someone sees a random QR code that's not connected to anything just a sticker on the wall people cannot deny  their own curiosity, they will scan it because they want to know what it is, and attackers depend on this curiosity and craft their attacks.

Mobile Malwares:-
According to McAfee Labs Mobile malwares have doubled in last year.
Scams involving QR codes are gaining popularity. There are many cases of malicious QR codes being neatly placed over legitimate ones known as QRishing similar to phishing attacks.

IOS Device:-
On IOS devices for example, hackers are using jail-break exploits to send users to websites that will jailbreak the device. When a user scans a QR code he is redirected to an unknown website. These are drive by download attack, where these website hosts modified jailbreak exploits. Once visited the user phone will be jail broken and additional malware would be installed such as GPS trackers and key loggers.

Android Security Tool 'Conceal' by Facebook to encrypt data on disk.

When you install an app on your phone, you don’t always install it on the phone itself. You often store new apps and data on the external SD Card, letting you add more storage space as needed.


called 'Conceal', that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface.
Conceal, is a programming code library for safely encrypting and decrypting data stored on SD cards. The company is already using the tool with the primary Facebook app that runs on Android.According to Facebook software engineers the company started building the tool about six months ago, but it only recently decided to open source it.
This tool is based on algorithms from OpenSSL, a common open source encryption system for the web, but it’s designed specifically for mobile phones running Android — including low-end phones. The whole library takes up only about 85KB of space. Conceal is smaller and faster than existing Java crypto libraries, uses AES-GCM, an authenticated encryption algorithm that helps to detect any potential tampering with data.The library also provides resources for storing and managing keys to protect against known weaknesses in the Android's random number generator. Conceal officially supports Android 2.3 and higher (Gingerbread). It will run on 2.2 (Froyo) phones as well.