F-Secure
Latest
Researcher hacked an at-home COVID-19 test to give bogus results
A security researcher hacked Ellume's at-home COVID-19 test to flip results, raising concerns about determined fakers.
Multiple antivirus apps are vulnerable to common security flaws
At least 28 well-known antivirus apps could be exploited by shared security flaws, and a few are still vulnerable now.
Engadget giveaway: Win an Apple Watch Sport courtesy of F-Secure!
The world is burgeoning with IoT devices and we're in a state of constant connectivity. Occasionally hopping on random WiFi networks isn't unheard of and checking in on your home via internet-facing devices is pretty standard stuff. Just as you lock down your front door, it's wise to consider some digital security. F-Secure's Freedome provides a virtual private network to help keep your online life and devices safe. With the service, trackers and advertisers won't see your activity, plus you can bypass regional content restrictions while traveling. Even over public WiFi, your traffic is encrypted. Freedome's protective web also fends off against malicious sites, bad apps and hackers. The app works with the Apple Watch, providing protection with the push of a button, and helps you monitor potential threats from your wrist. This week, F-Secure has provided an Apple Watch Sport (42mm) and a year's subscription for one luck reader. All you need to do is head to the Rafflecopter widget below for up to three chances at winning this wearable and security combo. Winner: Congratulations to Shaun R. of Weatherford, TX!
Customer service matters when it comes to ransomware
This week we're finding out that Cerber is 2016's biggest name in ransomware. Cerber didn't get to the top just by being good at infecting computers, locking up people's files and blackmailing its victims for Bitcoin. The plucky ransomware is on the fast track to fame and fortune thanks to a hard-won reputation for top-notch customer service that wows its victims at every turn. At least that was the conclusion in security company F-Secure's summer report, Evaluating the Customer Journey of Crypto-Ransomware.
Engadget giveaway: win a Sony Xperia Z3 Tablet Compact courtesy of F-Secure!
You lock your door, cover your PIN at the ATM and have your homescreen password protected, but what about that data connection? The coffee shop WiFi could be a data-skimmers hangout and you may not have noticed that card game app you've been playing is malware. F-Secure's Freedome helps take care those mobile security issues and has a few other tricks up its sleeve, too. Freedome can mask your IP address to keep it safe from snoops and if you're a world traveler, you can select a virtual location, so your House of Cards binge session won't be interrupted by unsupported regions. F-Secure has provided us with a Sony Xperia Z3 Tablet Compact and a one-year, three-device subscription to Freedome so one lucky Engadget reader will be able to surf in style and safety. Just head down to the Rafflecopter widget below and you'll get up to three chances at winning this tablet and mobile security software combo. Winner: congratulations to Noah A. of London, ONT.
Xiaomi issues fix amid privacy scare over its cloud messaging service
Earlier this week, Finland's F-Secure looked into claims that Xiaomi was secretly sending data from its MIUI-powered phones back to its servers, and it turned out to be true. Despite having not added any cloud accounts, F-Secure's brand new Redmi 1s -- Xiaomi's budget smartphone -- still beamed its carrier name, phone number, IMEI (the device identifier) plus numbers from the address book and text messages back to Beijing. Worse yet, the data was unencrypted, thus allowing F-Secure and potentially anyone to, well, get to know your Xiaomi phone very easily. Fortunately, today the Chinese company is issuing a patch to address this booboo.
Phil Schiller tweets followers: "Be safe out there"
Apple senior vice president of worldwide marketing Phil Schiller isn't known for using Twitter all that much, but he tweeted a link today and warned his followers to "Be safe out there." What was the link? It was to a Mobile Threat Report (PDF) from F-Secure, which highlighted a number of security and malware issues in the Android operating system. Apple's own iOS mobile operating system was only mentioned in passing in the report. The report shows that in 2012, Android accounted for 79 percent of all mobile threats, while iOS barely registered with only 0.7 percent of threats. Jordan Golson of MacRumors suggests that Schiller's tweet could be part of a move by Apple's PR group to paint the company in a more favorable light.
Daily Update for April 12, 2012
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Flashback malware removal tools released by security firms
While Apple has said it "is developing software that will detect and remove the Flashback malware" that has affected up to 600,000 Macs worldwide, it has yet to release any fix. In lieu of that a few security and antivirus firms have gone ahead and released their own Flashback removal tools. Kaspersky Lab, a Russian antivirus firm, has released the Flashfake Removal Tool. The firm asks that you first check here to see if your Mac is infected with Flashback. If your Mac is, then you can download Flashfake to rid your Mac of the malware. A second antivirus firm, F-Secure, has also released their own Flashback Removal Tool. Their tool works by creating "a log file (RemoveFlashback.log) on current user's Desktop. If any infections are found, they are quarantined into an encrypted ZIP file (flashback_quarantine.zip) to the current user's Home folder. The ZIP is encrypted with the password 'infected.'" Before Kasperky Lab's and F-Secure's removal tools, users had to manually remove the malware by using OS X's Terminal, which some might have found confusing. There's no word from Apple yet on when their own removal tool will become available.
How to find/remove the Flashback trojan
According to Russian antivirus firm Dr. Web, over 600,000 Macs worldwide are infected with the Mac flashback trojan. The trojan can be installed if you visit a malicious website, and it will attempt to connect your Mac to a botnet. Fifty-seven percent of infected machines are located in the US and 20 percent are in Canada. There are even 24 infected machines supposedly connected to the botnet from Apple's Cupertino campus. This trojan targets a Java vulnerability in Mac OS X that was recently patched. It should be noted that in OS X 10.7 Lion, Java isn't included by default; only those who have deliberately installed it are potentially vulnerable to this exploit (or those running Snow Leopard or earlier OS X versions). If you installed it at some point but no longer have a reason to run Java, you should probably turn it off completely or at a minimum disable it in Safari. F-Secure has provided a set of diagnostics that'll let you know if you have been infected. If you have the malware on your machine, F-Secure's page can walk you through the steps to remove the infection. Thanks to everyone who sent this in. [Via The Loop]
Daily Update for September 23, 2011
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes, which is perfect for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for listening through iTunes, click here. No Flash? Click here to listen.
F-Secure reports Mac trojan poses as PDF
Security firm F-Secure has unearthed a troubling trojan for Macs that hides itself as a PDF, only waiting until the file is opened up and displaying some Chinese characters before it dives into your Mac's hard drive and sets up a backdoor control. Currently, according to F-Secure, the backdoor doesn't actually do anything harmful, but obviously that could change in the future, either if the original hackers take advantage of the trojan, or if someone else does. F-Secure says that the trojan currently doesn't have an icon associated with it, so in the current spotted form, it should be pretty easy to identify as a virus (especially if it shows up in just a random email). But if the trojan is embedded in a file with an extension and an icon that matches a familiar document type (like a PDF, or any other kind of file you'd open in everyday use), it's possible that the backdoor could get installed. In other words, you've got to do what you should always do on any computer: beware of any file downloaded from an untrusted source on the Internet, or any email attachments coming from a sender you don't know or recognize.
Sony fesses up to another rootkit snafu
While everybody was busy with that BioShock "rootkit" false alarm -- and subsequently busy playing BioShock -- the folks at F-Secure were uncovering a new, legitimate rootkit problem in the software packaged with Sony's MicroVault USM-F fingerprint reader drives. It took Sony a little while to respond, but now the company says it has launched an investigation into the software, which was developed by a third-party, and will offer a fix by mid-September. The drives models had already been discontinued, though you can still pick them up at a few stores, and the rootkit is not as serious as the Sony BMX XCP DRM, but the software is still dangerous enough to allow malware authors to hide folders, so we're glad Sony's going to run clean up here.Read - Sony confirms security problemRead - Sony's USB Rootkit vs Sony's Music Rootkit
London hit by malware-infected USB ruse
Joining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of "malware purveyors" reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming "the new phishing email," but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run.
