Skype users hit by ransomware through in-app malicious ads

Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware.

News of the issue came from a Reddit thread on Wednesday, in which the original poster said that Skype’s home screen — the first screen that shows up on consumer versions of the software — was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in.

According to the thread, the ad triggered a download of an HTML application, designed to look like a legitimate app. The app, when opened, would download a malicious payload, which locks the user’s computer and encrypts its files for ransom. …

Source: Skype users hit by ransomware through in-app malicious ads


Update for BlackBerry Android Devices Gives the Productivity Tab a New Face

At the end of the day, you’re always seeking better, more efficient ways to get work done. Productivity is every bit as important as security. BlackBerry understands this – it’s why our entire solutions portfolio is architected for ease of use, and why we offer the best Personal Information Management (PIM) solution on the market. It’s also why we’ve equipped our Android devices with powerful tools like the Hub and theProductivity Tab.

Those tools just got even better.

Today, we’re proud to announce a major update for all BlackBerry Android devices, including PRIV, DTEK50 and DTEK60 (and coming devices). Available very soon through the Google Play Store, this update completely overhauls the Productivity Tab’s interface, making it both cleaner and more user-friendly. It also adds new Quick Triage functionality (such as Reply All and Delete) for items in the Hub and new Quick Actions for entries in Contacts (such as Phone, Text, Email).

Users on a BlackBerry-branded Android phone should receive a notification when the updates are available in Google Play, at which point they will download automatically over Wi-Fi.

If you need to manually update:

  1. Connect to a Wi-Fi network, then open the Google Play Store.
  2. Tap the icon on the left side of the bar, then select “My apps & games” from the menu that pops up.
  3. Either tap “Update All” or select which apps to update on an individual basis.
  4. Tap “Download,” and the update will begin even if you don’t see a progress bar or another indicator.

For users on other Android devices, stay tuned – we’ll let you know when the updates (and the Productivity Tab) are available to you!

Source: Update for BlackBerry Android Devices Gives the Productivity Tab a New Face


Google Recognizes BlackBerry Android for Security

Earlier this month Google published it’s Android Security 2016 Year In Review. The 71 page report covers various aspects of Android security. From OS security, to information about the ecosystem as well as speaking about various vulnerabilities over the last year. It is a very interesting read, and if you have some time, I’d suggest you give it a good read. You can read the entire report here. …

“Several manufacturers, including Samsung, LG, BlackBerry, and OnePlus, regularly deliver security updates to flagship devices on the same day as Google’s updates to Nexus and Pixel devices, thereby providing their customers
with the most up-to-date security available.”

The next mention of BlackBerry is when speaking of Zero Days. This gets interesting.

“The combination of regular monthly security updates and fast responses by Android device manufacturers significantly mitigated the impact of zero day vulnerabilities against the Android platform. For example, CVE-2016-5195 (also known as Dirty Cow) was publicly disclosed on October 19, 2016. As the Android Security 2016 Year in Review / Android Platform Security 29 patch was available from upstream Linux, some device manufacturers, such
as BlackBerry, deployed a fix in time for the November 2016 security update. We created a special patch string (November 06, 2016) for devices to indicate the vulnerability had been fixed. A fix was required for the December 01, 2016 security patch level.”

Dirty Cow allowed attackers to escalate to root privileges through a race condition bug and gain write-access to read-only memory. The vulnerability had been present for nearly a decade in the android kernel and Linux. The kernel and Linux vulnerabilities were patched in October of 2016, and publicly disclosed October 19th. BlackBerry utilized this fix to push the patch to it’s android version in the November update. Google pushed the update within it’s December security update, following BlackBerry by a month. …

Source: Google Recognizes BlackBerry Android for Security – UTB Blogs


20 Million Mobile Devices at High Risk of Attack, Study Finds

Skycure found that 1.19% of all mobile devices are at high risk for malware infections.

While that might sound like a good number, Varun Kohli, vice president of marketing at Skycure, explains that 1.19% of 2 billion mobile devices worldwide translates to 23.8 million infected devices.

“It’s kind of deceiving, but for a company with 1,000 employees that means that 10 devices are at high risk,” Kohli says. “All a bad guy needs is one device to get into the network and start compromising data.”

The study also found that 71% of mobile devices are running on security patches that are at least two months old. This information is fairly in line with Google’s newly published Android Security report, which found that about 50% of Android devices didn’t install a single security update in 2016.

“We still see a lot of vulnerabilities on mobile devices, especially as people hold on to their devices longer,” says Phil Hochmuth, program director for enterprise mobility at IDC. “However, mobile security is getting better, the biometrics have improved, and at corporations if people bring their own devices, they have to comply with the company’s mobile management software.”

Mobile malware – adware, hidden apps, potentially unwanted apps, spyware, and Trojans – grew more than 500% from the first quarter of 2016 to the fourth quarter of that year, according to Skycure’s data. …

Source: 20 Million Mobile Devices at High Risk of Attack, Study Finds


Businesses falling short in cyber security planning

A report has revealed that many businesses do not have a formal cyber security strategy.

The report published by the Institute of Directors and Barclays found that small, medium and large firms need to consider the best way to protect themselves against what might be the defining challenge for business.

The report said: “Government, too, needs to do more to point busy business leaders towards existing schemes and advice, and making schemes more relevant.

“Ultimately, however, this is a matter for business – in a digital economy, it’s the equivalent of installing a burglar alarm.”

The report was based on a survey of 844 IoD members in December 2016 and found that although respondents were aware of the threat presented by cyber crime, only half had protected all their devices.

Four out of ten respondents said they would not know who to contact in the event of a cyber attack. The report pointed out this would be crucial for compliance with the EU General Data Protection Regulation (GDPR) which comes into play on 25th May 2018 – and introduces mandatory data breach notification. …

Source: Businesses falling short in cyber security planning


Business apps leaking data? Manage the risk.

About 80% of enterprises are already developing at least one custom app, and analysts predict the average number of custom apps per enterprise will grow to well over 1,000 in the next five years.

Custom or not, employees are using a growing number and range of mobile apps to get work done anytime, anywhere. You don’t want to stand in the way of productivity, but there’s a real risk of leaking corporate data.

When it comes to enterprise apps, you need a solution that can meet the demands for both security and user flexibility.

BlackBerry Dynamics, a key component of our new BlackBerry Secure platform, reduces the risk of data leakage by delivering proven security at the app level. It offers an advanced, mature, and tested container for mobile apps.

But it’s more than a security tool. It’s also a market-leading platform for creating enterprise apps with ease and efficiency.

Check out 5 ways BlackBerry Dynamics protects and supports enterprise apps.

Where are you on the scale of enterprise security maturity? Find out here.

Source: Business apps leaking data? Manage the risk.


The Surprising IT Worry That Keeps Healthcare Lawyers Up at Night

The top issue on a healthcare lawyer’s list of concerns is not what you might think. It’s not medical malpractice, disgruntled employees, or healthcare regulations. According to Consero Group’s 2017 Healthcare General Counsel Report, the issue keeping lawyers at mid- to large-sized healthcare organizations up at night is – data security.

Robert Azar, general counsel of Norton Healthcare, a Midwestern U.S. healthcare system with 210 hospitals, clinics, and other locations, told The National Law Journal that smartphones – and all the data they produce and store – are a key risk issue for lawyers. It is  practically impossible to control patients and families taking cellphone pictures and texting or posting them on social media. Regardless of the number of policies a hospital implements, it is a challenge to prevent doctors (including independent doctors with hospital privileges) and other staff members from using personal mobile devices to text or communicate patient information.

“The ability to control those [personal devices] is fairly limited,” Azar said. “It’s created a situation where most people feel it’s inevitable that something bad is going to happen.” …

Source: The Surprising IT Worry That Keeps Healthcare Lawyers Up at Night


Webinar: General Data Protection Regulation (GDPR): the implications for organisations from IDC and BlackBerry

April 25, 2017
11:00 am, London

A practical overview of the regulation, the latest market research from IDC and how BlackBerry can assist

The General Data Protection Regulation (GDPR) will come into effect from May 2018 and represents a major step towards a digital single market. While it’s an opportunity to promote trust between consumers and organisations, it will mean significant challenges in the way data is managed.
The ramifications of non-compliance are substantial, so now is the time to start planning to minimize risk with the changes to the regulation only 14 months away.

What is the GDPR?

The GDPR’s primary aim is to ensure individuals are in control of the use and distribution of their private data, and to implement a harmonized approach across the EU. It is the largest overhaul of data protection legislation since its inception.

How will it affect your business?

International Compliance
The GDPR’s scope extends to all companies processing the data of EU residents. This includes companies outside the EU targeting individuals inside the EU.

Fines of either €10/€20 million or 2/4% of annual global revenue, whichever is highest, can be imposed on companies found not to comply with the GDPR.

Breach notification
Organisations will now have to notify their countries Data Protection Office of any breach within 72 hours of becoming aware.

Data Protection Officers
Organisations will need to employ a Data Protection Officer (DPO) who will need expert knowledge on the specifics of the data security. The DPO will be accountable for data protection within the organisation …

Key Learning Objectives:

  • Get a good basic overview of the GDPR
  • Understand the latest market research from IDC
  • See how BlackBerry software and services can help you protect your critical data

Presented by:

James McDowell,
Director, BlackBerry Cyber Security Services

Duncan Brown,
Research Director, European Security Practice

Registration form for the Webinar

Source: Webinar: General Data Protection Regulation (GDPR): the implications for organisations from IDC and BlackBerry


iBabs Makes Sharing Meeting Documents Easy and Secure

There are few workplace phrases that incite groans as much as, “Let’s have a meeting on that.” But sometimes the most efficient way to get work done is to get a group of people in a room and hash it out. Other times meetings are legally required – like boards of directors or stockholders’ meetings.We can’t entirely avoid meetings, but we can use technology to make setting them up, sending and reviewing materials, and attending them as painless as possible. Virtual meetings allow us to meet right from our smartphones anywhere we can find a wireless connection. Digital and cloud platforms let us share meeting materials electronically, saving time and natural resources with fewer pages printed and shipped out to people. …

iBabs, a BlackBerry Dynamics partner, containerizes your critical enterprise data with full end-to-end encryption backed by two-factor authentication and stored an ISO 27.001 certified cloud environment. Our secure infrastructure encrypts data in motion between the app container and behind-the-firewall resources so that, even if a device is compromised, corporate data remains protected.

iBabs also makes it easy for meeting organizers to share documents, agendas, and other materials, plus capture notes and assign tasks, within the app. The user-friendly interface enables meeting participants to access all past and future meeting materials, notes, annotations, and other documentation right in the app, without having to rifle through a chaotic mess of papers and folios. …

Want to know more about how your company will benefit from secure, paperless meetings? Take a look at our infographic, ”Paperless meetings in 6 easy steps”, and visit the BlackBerry Marketplace for Enterprise to request a free iBabs trial. …

Source: iBabs Makes Sharing Meeting Documents Easy and Secure


New Word macro malware infects macOS and Windows

Another form of Microsoft Word malware that infects both macOS and Windows machines has been detected.

The malicious VBA (Visual Basic for Applications) code is buried in a Word document macro and automatically adapts its attack depending on the operating system used. Once installed, it can be used to download more payload files to your computer. …

Because the attack is disguised as an innocent Word macro, it goes undetected until it is too late. If you’ve told your computer to open macros automatically, malicious code can be executed before you have any idea it’s there. …

Source: New Word macro malware infects macOS and Windows