Browse >
Home / Archive by category 'Security News'
GFI Labs Issues Labor Day Phishing Warning
September 3, 2010 by admin
Filed under Security News
60 views
Leave a Comment
Online holiday retail sales traditionally serve as prime platform for attacks
GFI Software security researchers issued a warning today regarding an expected increase in phishing attacks in relation to the upcoming Labor Day holiday. GFI Labs, the dedicated malware research center of GFI Software, warns that consumers are traditionally at high risk for targeted phishing attacks due to the preponderance of online retail sales events over the holiday weekend.
Amidst the flurry of emails promoting holiday sales are fraudulent messages that include bogus links to sites that download malicious software or phishing sites soliciting personal information. While research from companies like IBM have suggested that phishing attacks were on the decline last year, GFI Labs warns that customers should not be lulled into a false sense of security. According to phishing tracker Phishtank.com, there are over 2,900 active phishing web sites currently verified on the internet. Furthermore, the popularity of social media sites such as Facebook and Twitter has made them attractive platforms for holiday-themed attacks.
According to GFI Software, one of the world’s leading providers of security software, consumers can reduce their risk of infection by following three simple rules:
1) Ensure that your computer is protected against the newest malware threats by installing a combined antivirus and antispyware solution. This serves as the first point of protection against dangerous viruses and Trojans – and one without the other is no longer effective.
2) Never click on a link from an email to make a credit card purchase. The email you’ve received may look legitimate, but there’s a high probability that the link will take you to a spoofed site where your credit card information will be recorded by cyber criminals. Instead, navigate to the retailer’s Web site directly through your browser. Again, the email may look harmless, but it’s better to be safe than sorry.
3) Even when visiting a trusted Web site, be vigilant about anything that looks out of the ordinary. Social networking sites like Facebook, Twitter and MySpace have all served as points of infection recently. Do not download anything, even from a trusted site, unless you are 100% sure of its contents.
“Every Labor Day, we see a wave of phishing attacks taking advantage of consumers’ expectations of increased retail email promotions connected with the holiday,” said Tom Kelchner, research center manager, GFI Labs. “Cyber criminals see an opportunity to slip by unnoticed among the legitimate promotions. Along with making sure virus updates and security software patches are current, consumers need to stay vigilant and use common sense in order to avoid any unnecessary headaches that these fraudulent emails look to deliver over the long weekend.”
About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.
Intel sells anti-virus business, waits 12 years, buys anti-virus business
August 20, 2010 by admin
Filed under Security News
16 views
Leave a Comment
The big news in the IT security industry today is the announcement that Intel plans to acquire McAfee for a jaw-dropping $7.68 billion.
Yes, that’s “billion”. Oh to have such pocket money.
Of course, those of us with long memories will know that Intel is no stranger to the computer security industry.
Indeed they used to have their own anti-virus product (Intel LanDesk Virus Protect) which they sold to Symantec in 1998.
Now, Intel is purchasing Symantec’s arch-enemy McAfee and re-entering the business.
JailbreakMe: Apple issues emergency iPhone/iPad security patch
August 12, 2010 by admin
Filed under Security News
31 views
1 Comment
Apple has kept true to its promise, and released a security patch for users of iPhones, iPads and the iPod Touch, closing the door on a vulnerability that could have exposed them to malware and other malicious attacks.
The vulnerability first came to the public’s attention after it was used by a website, JailbreakMe.com, which made it simple for iPhone and iPad users to jailbreak their devices.
As I reported earlier this month, the drive-by jailbreak exploited a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts. Therefore, just visiting the JailbreakMe website could run code on the visitor’s iPhone, iPod Touch or iPad.
Such a vulnerability, if left unpatched, leaves open opportunities for hackers to spread malicious code to Apple’s mobile products.
The iOS 4.0.2 update for iPhone and iPod Touch can be downloaded and installed using iTunes, with further information available in Apple’s support advisory HT4291.
The same process can be used to update Apple iPads to version 3.2.3 of iOS, with detailed information about the vulnerability published on Apple’s support knowledgebase.
Critical patches for Windows and Flash Player
August 11, 2010 by admin
Filed under Security News
13 views
Leave a Comment
If you’re a user of Windows or Flash (and I would imagine that covers the vast majority of you) then it’s time to roll out the latest critical security patches, as Microsoft and Adobe have released updates to their software.
First up is Microsoft, who have released a bumper bundle of fixes as part of their regular “Patch Tuesday” cycle, issuing 14 bulletins to remedy 34 security holes in Windows, Internet Explorer, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.
Eight of the bulletins have been Microsoft’s highest severity rating of “critical”, with the rest being labelled “important”.
The good news, as Chet Wisniewski explains, is that we haven’t yet seen any malware spreading by exploiting these vulnerabilities – but that may only be a matter of time.
Separately, Microsoft has also issued an advisory about a zero-day vulnerability, which could allow untrusted code to run on a user’s machine by exploiting a weakness in the Windows Service Isolation feature.
Meanwhile, another platform commonly targeted by malicious hackers has been updated to defend against security vulnerabilities.
Adobe has identified critical vulnerabilities in Adobe Flash Player version 10.1.53.64 and earlier, and urged users to update their installations of Flash and Adobe Air.
If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.
Apple Security Breach Gives Complete Access to Your iPhone
August 7, 2010 by admin
Filed under Security News
24 views
Leave a Comment
Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all devices running iOS 3.1.2 and higher.
Update: Initially we thought that this exploit only effected iOS4 devices, but it turns out all iPhones, iPod Touches and iPads running 3.1.2 and higher are susceptible.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices uses this same method to break Apple’s own security (although in a completely benign way for the user).
How it works
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
This is not the first time that something similar has happened. At the beginning of the iPhone’s life there was a problem with TIFF files that also caused the same security breach. Apple patched the bug after a while, but back then there were very few iPhones compared to the current installed base. Apple says that there are 100 million iPhones, iPod touches, and iPads in the world. Obviously, malicious hackers are racing to get a slice of that market.
How can you avoid it?
Right now, the easiest way to avoid this problem is by not going to any PDF links directly and not loading any PDF from any non-trusted source.
You can also jailbreak your iPhone and install a program that will ask for authorization every time your browser encounters a PDF (just look for “PDF loading warner” in Cydia).
While this doesn’t solve the security problem at all, at least it will remind you every single time.
Source : http://gizmodo.com
JailbreakMe: Security warning for iPhone and iPad owners
August 5, 2010 by admin
Filed under Security News
125 views
2 Comments
A website that has made it simple for iPhone and iPad users to jailbreak their devices may not just be a headache for Apple, but also a portent for future malicious attacks.
Owners of Apple gadgets who visit the JailbreakMe website in Safari have found that all they need to jailbreak their device is slide a button to give permission, opening up the possibility of installing apps that have not been approved by the official AppStore.
Previously, jailbreaking has required users to connect their device to a computer before they can start to tamper with the set-up of their iPhone or iPad and gain access to the Cydia underground app store.
The drive-by jailbreak is possible because the website exploits a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts.
As a number of YouTube videos have demonstrated, it’s a pretty slick process:
What concerns me, and others in the security community, however, is that if simply visiting a website with your iPhone can cause it to be jailbroken – just imagine what else could hackers do by exploiting this vulnerability? Cybercriminals would be able to create booby-trapped webpages that could – if visited by an unsuspecting iPhone, iPod Touch or iPad owner – run code on visiting devices without the user’s permission.
UK Government: We’re sticking with Internet Explorer 6
August 5, 2010 by admin
Filed under Security News
13 views
Leave a Comment
Gulp. At the end of last week, along with thousands of other Brits, I received an email from the UK Government telling me that they had responded to a petition I had signed urging the Prime Minister to encourage government departments to upgrade from Internet Explorer 6.
You can read the UK Government’s response here.
In a nutshell, Her Majesty’s Government says it is more cost-effective to stick with Internet Explorer 6 (which has been dogged with security issues) rather than switch to an alternative browser or a more up-to-date version.
Too expensive, huh?
You have to wonder if that’s going to be considered an acceptable excuse by the general public when there’s a serious security breach that exploits a creaky old browser that’s been around since 2001.
Where’s the wisdom in sticking with IE 6 when Microsoft itself has urged users to upgrade to a more secure version, many websites are dropping support for it, and security professionals advise that installations of Internet Explorer 6 should be taken outside and beaten with a heavy stick.
Microsoft readies emergency patch for Shortcut zero-day flaw
August 5, 2010 by admin
Filed under Security News
24 views
Leave a Comment
Updated Good news from Microsoft. It has announced that it plans to release an emergency out-of-band update to patch a critical Windows security vulnerability that is being actively exploited by malware.
The so-called Shortcut exploit is being exploited by specially crafted shortcut (.LNK) files that point to malicious code and trick Windows into executing it without user interaction.
Malware exploiting the vulnerability have included Stuxnet, Chymin and Dulkis, Zbot, and – most recently – Sality.
“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers,” Christopher Budd, Senior Security Response Communications Manager at Microsoft, wrote on the MSRC blog.
Microsoft normally publishes its security patches on the second Tuesday of each month, but this one is scheduled to be released today (Monday, August 2 2010) at 10am PST (1800 BST).
Whenever Microsoft releases an out-of-band patch it’s a big deal – they clearly think it’s an important enough issue to break their regular cycle and you should pay attention too. We would recommend that computer users apply the patch as soon as possible.
As Microsoft is issuing a permanent patch for the shortcut vulnerability, we would recommend that users uninstall the Sophos Windows Shortcut Exploit Protection Tool before applying the Microsoft fix.
Android malware steals info from one million phone owners
August 1, 2010 by admin
Filed under Security News
33 views
Leave a Comment
Updated A developer of Android apps has been accused of using their apps to steal information from more than one million smartphone users.
John Hering and Kevin MaHaffey, of mobile security firm Lookout, told the Black Hat security conference in Las Vegas that they discovered that a wallpaper app developed by Jackeey Wallpaper (who have created over 70 different applications for the Google Android mobile operating system) secretly transmitted affected phones’ numbers, subscriber identifiers, and voicemail numbers to a server in Shenzen, China.
Over a million people are believed to have downloaded the app – which Sophos has not yet seen – from the Android Market (Google’s equivalent to the Apple iPhone AppStore).
This isn’t the first time that the Android smartphone operating system has apparently been targeted by malware, of course.
One of the challenges that owners of smartphones running the Android operating system face is that it is not as closely monitored as Apple’s equivalent, and adopts a more relaxed philosophy as to what apps can be published.
Although there’s much criticism that Apple has received for the way it controls the iPhone environment, it’s clear that the only malware attacks we’ve seen to date on that platform (such as Duh and the infamous rickrolling Ikee worms) have affected users who have chosen to jailbreak their iPhones and escape the relative safety of the AppStore.
Yes, malware has previously emerged for jailbroken iPhones, but the malicious applications have not made it onto users’ devices via Apple’s highly guarded AppStore.
It remains to be seen how many users will treat security as a factor when choosing between the rival mobile operating systems.
Update Some media reports suggested incorrectly that voicemail passwords were accessed by the wallpaper app, and it’s important to make clear that this is not true.
Details of 100 million Facebook users were *already* exposed on the net
August 1, 2010 by admin
Filed under Security News
9 views
Leave a Comment
Have you seen the headlines? They’re pretty scary-looking.
Here’s just a handful – although there were hundreds more to choose from:
“A fifth of Facebook users names ‘leaked’ to file-sharers”, Techwatch
“Details from 100 million Facebook profiles posted online”, Network World
“Details of 100m Facebook users collected and published”, BBC News Online
At first glance these headlines might appear frightening. But there’s one thing you need to know. All of this information was already available to anyone on the internet.
What’s happened is that a security consultant called Ron Bowes wrote some scripts to harvest publicly-available information from the profiles of Facebook users who had left their profiles open for anyone to view.
In total he managed to scrape the names and urls of some 100 million Facebook users (about 20% of their population), and posted the database of snaffled information up on a peer-to-peer file-sharing network for anyone to download.
This wasn’t really a “hack” as such, as the guy who collected this information didn’t have to break into accounts to access the information. The personal information from users’ Facebook profiles was already available to anyone because individuals’ privacy settings had not been properly secured, and they had effectively left their lights on and curtains open for anyone to peek in and make a note of anything they could see.
The real problem here is that users haven’t secured their profiles well enough – but I don’t think they’re the only ones at fault. Facebook has gradually eroded its users’ privacy over the years, in an attempt to share more information with the rest of the internet. In fact, it’s even recommended that users use settings that share more information – and some users may not have been aware that going with Facebook’s recommendations would leave them open to being snooped on in this fashion.
The problem is that once you’ve shared your information with “everyone” on the net in this fashion, there’s no going back. You can’t withdraw your data – and now the user details have been harvested they will forever be available for anyone to access.
Facebook users need to wake up to the risks of sharing too much information online, and examine their Facebook security settings closely to ensure that they are not divulging too much to people they don’t know, and are comfortable with their choices. Today the news story is about names and urls being scooped up – maybe tomorrow it could be more personal information that is gathered from poorly secured Facebook users.
