cybersecurity

New Trick Let Malware Fake iPhone Shutdown to Spy on Users
cybersecurityiOSmalware

New Trick Let Malware Fake iPhone Shutdown to Spy on Users

Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise.

The discovery — dubbed “NoReboot” — comes courtesy of mobile security firm ZecOps, which found that it’s possible to block and then simulate an iOS rebooting operation, deceiving the user into believing that the phone has been powered off when, in reality, it’s still running.

The San Francisco-headquartered company called it the “ultimate persistence bug” that cannot be patched because it’s not exploiting any persistence bugs at all — only playing tricks with the human mind.”

NoReboot works by interfering with the routines used in iOS to shutdown and restart the device, effectively preventing them from ever happening in the first place and allowing a trojan to achieve persistence without persistence as the device is never actually turned off.

This is accomplished by injecting specially crafted code onto three iOS daemons, namely the InCallService, SpringBoard, and Backboardd, to feign a shut down by disabling all audio-visual cues associated with a powered-on device, including the screen, sounds, vibration, the camera indicator, and touch feedback.

read more
3d secure secure payment card - KiK cybersecurity and ethicalhacking
authenticationcybersecurity

3D Secure Payment Authentication

3D Secure Authentication is a form of fraud protection that requires users to complete an additional verification step with the card issuer during the payment process. First, the customer is directed to an authentication page on their bank’s website, where they’re tasked to enter a password associated with their card, or to enter a code that was sent to their phone. It is basically a protocol that adds an extra layer of protection to your online transactions, thereby ensuring that your data remains safe as a customer and your brand reputation remains intact as a business.

With that said, there are three domains that interact using 3D Secure authentication:

  • The merchant/acquirer domain
  • The issuer domain
  • The interoperability domain

How Does 3D Secure Payment Authentication Work?

Using 3D Secure is simple for the most part.

Say you’re a shopper who wants to make a purchase online. When making an online purchase, 3D Secure will ask you if further safekeeping is needed to ensure that you’re the rightful card owner. If so, you’ll be taken to a 3D Secure page, which will ask you for a unique password or PIN. From there, your bank will generate and send you via SMS (phone) a one-time PIN code, which you’ll need to type in before the transaction can be complete.
Pros & Cons of 3D Secure

As you can tell by now, 3D Secure sounds like a great deal, when it comes to online security. More so, 3D Secure was developed by Visa, and now licensed to Mastercard, meaning that most major card providers already use this process.

With that said, here are the pros of 3D Secure in greater detail:

  1. Protection From Fraudulent Chargebacks

If you’re a vendor, then you’ll know about chargebacks, when online shoppers retract their payments. However, fraudulent shoppers will try to take advantage of this process, making you lose money from your business.

But with 3D Secure, your business will get more security against chargeback fraud and friendly fraud.

  1. Shift In Liability

In addition, 3D Secure ensures that you’re not liable for fraudulent chargebacks. Instead, liability is shifted from you – the business owner – onto your issuing bank; or liability is shifted from you onto the card issuer who made the fraudulent chargeback. No matter what the situation is, all disputes will be handled behind the scenes, rather than showing up on your vendor dashboard.

  1. Interchange Benefits

Another great benefit of 3D Secure is that using it for Visa or MasterCard can provide interchange benefits. Such benefits often come in the form of lower interchange fees, as well as longer payment terms with the acquirer that you do business with.

The following benefits can be seen for card holders and issuers:

  • Less possibility of fraud and loss
  • More customer protection
  • Increase in vendor sales
  • Better transactions from international customers
  • Secure servers with SSL encryption
  • Merchant satisfaction
  1. More Customer Confidence

Finally, consumers will trust your business more if they know for a fact that their shopping experience is secure. As a result, you’ll get more and more customers (including existing ones) flocking to your site, knowing that their personal and financial data is safe.

The Cons

Even with the promise of authenticity for transactions, 3D Secure can still have its setbacks. One of these downsides is that it often appears to users as a pop-up. Since pop-ups are often perceived as spam-like, customers can be skeptical if the 3D Secure pop-up is legitimate or not.”

In short, 3D Secure can suffer from the following possible setbacks:

  • Fraudulent transactions and chargebacks can happen with 3D Secure.
  • 3D Secure must follow regulations concerning customers and vendors, which can be tedious at times.
  • Sometimes, 3D Secure can “interrupt” a customer’s checkout process and make them abandon their cart.

read more
authenticationcybersecurity

Microsoft will disable Basic Auth in Exchange Online in October 2022

MIcrosoft Exchange Online

Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users.

This announcement comes after the company postponed the removal of Basic Authentication from Exchange Online until the second half of 2021 because of the COVID-19 pandemic.

“Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that),” the Exchange Online Team said earlier this week.

Microsoft already began disabling basic auth in June for tenants who weren’t using it and also explained how customers could re-enable protocols inadvertently affected.

To disable Basic Authentication in Exchange Online before Microsoft fully decommissions it, you need to create and assign auth policies to individual users using the steps detailed on the Exchange Online support website.

“Disabling Basic Authentication and requiring Modern Authentication with MFA is one of the best things you can do to improve the security of data in your tenant, and that has to be a good thing,” Microsoft said two years ago when it revealed modern auth will be enforced across Exchange Online tenants.

While Microsoft did not provide the exact reason why they decided to make this announcement this week, the cause is likely a Guardicore report that revealed how hundreds of thousands of Windows domain credentials were leaked in plain text by misconfigured email clients using basic auth.

Amit Serper, Guardicore’s AVP of Security Research who authored the report, also disclosed an attack called the ‘The ol’ switcheroo’ that forces an Exchange client to negotiate in basic authentication.

Basic Authentication (also known as proxy authentication) is an HTTP-based authentication scheme through which apps send credentials with every connection request made to servers, endpoints, or online services, with the username/password pairs often stored locally on the device.

While it dramatically simplifies the authentication process, basic auth also makes it easier for attackers to steal the credentials when the connections are not secured using the Transport Layer Security (TLS) cryptographic protocol.

To make things even worse, enabling multi-factor authentication (MFA) is not easy when using basic auth; therefore, it often isn’t used at all.

Modern Authentication (Active Directory Authentication Library (ADAL) and OAuth 2.0 token-based authentication) allows apps to use OAuth access tokens with a limited lifetime and can’t be re-used to authenticate on other resources besides those that they were issued for.

After modern auth is toggled on, enabling and enforcing MFA will become more straightforward, with improved data security in Exchange Online as a direct and immediate result.

read more