When PDFs And Flash Files Attack Posted by John H. Sawyer
It's getting harder to protect our users from threats coming at them from seemingly trusted places. The Websites they've been using for years are suddenly the source of attacks through malicious advertisements being pushed to the "trusted" site by a third-party advertising service. File format attacks against Adobe's Flash and Acrobat are becoming the exploit du jour for attackers.
----------
Adobe Reader's Patch Tuesday Posted by Wolfgang Kandek
Next Tuesday, Jan. 12, is Microsoft Patch Tuesday. Beyond the usual patches from Microsoft, we will also get a critical update for a piece of software that increasingly plays a role in exploiting desktop systems -- the Adobe Reader from Adobe Systems.
----------
Facebook Security:
http://digg.com/security/Facebook_s_Zuckerberg_I_know_that_people_don_t_want_privacy
----------
Chrome sets browser security standard, says expert
Wow, a browser from an advertising company?!?
---
Chrome has included sandboxing since its September 2008 debut. And while Dai Zovi considers it easily the leader in security because of that, other browser have, or will, make their own stabs at reducing users' risks.
For example, Microsoft's Internet Explorer 7 (IE7) and IE8 on Vista and Windows 7 include a feature dubbed "Protected Mode," which reduces the privileges of the application so that it's difficult for attackers to write, alter or destroy data on the machine, or to install malware. But it's not a true sandbox as far as Dai Zovi is concerned.
...
----------
White House calls for IT boost to fight terrorism
... In listing the various causes for this failure (underwear bomber), the report noted that information technology within the counter-terrorism community "did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information."
----------
More flash drive firms warn of security flaw; NIST investigates
http://www.kingston.com/driveupdate/
Kingston's Secure USB Drive Information PageIt has recently been brought to our attention that a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on the following Kingston Secure USB drives:
DataTraveler BlackBox (DTBB)
DataTraveler Secure – Privacy Edition (DTSP)
DataTraveler Elite – Privacy Edition (DTEP)
It is important to note that the following Kingston Secure USB drives are NOT AFFECTED:
DataTraveler Locker (DTL)
DataTraveler Locker+ (DTL+)
DataTraveler Vault (DTV)
DataTraveler Vault – Privacy Edition (DTVP)
DataTraveler Elite (DTE)
DataTraveler Secure (DTS)
----------
Heartland to pay up to $60M to Visa over breach
----------
Fake Android Application
Somehow I missed that "First Tech Credit Union" warned its users late in December about a fake Android application which pilfers user's passwords [1].
This is a somewhat expected event. Malware is frequently willingly installed by users. As users move to new platform like mobile devices, malware is going to follow them. This particular application, "Droid09" has since been removed from the Android Market Place. But it is probably just a matter of time for the next application to show up. It is probably possible for a similar application to sneak past the iTunes store approval process as well. In each case, the more managed software delivery environment limits the expose time but doesn't eliminate it.
[1] http://www.firsttechcu.com/home/security/fraud/security_fraud.html
----------
Survey: 54 Percent Of Organizations Plan To Add Smartphone Antivirus This Year In anticipation of increased mobile threats in the next year, 40 percent of organizations worldwide plan to recruit mobile security staff
----------
GREAT analysis of Airport Security Theater by Bruce Schneier:
Post-Underwear-Bomber Airport Security
----------
Hidden admin access on D-Link routers
A flawed implementation of the Home Network Administration Protocol (HNAP) reportedly allows attackers to gain unauthorised admin access to numerous D-Link router models more…
----------
Not Security related, but very cool:
http://content.zdnet.com/2346-13615_22-382181.html?tag=col1;post-11005
----------
Airport Scanners Can Store, Transmit Images
By Kim Zetter
January 11, 2010
Categories: Surveillance
Contrary to public statements made by the Transportation Security Administration, full-body airport scanners do have the ability to store and transmit images, according to documents obtained by the American Civil Liberties Union.
----------
L.A. Apple Store shoppers targeted by thieves
The L.A. Times Blog reports about an ongoing series of thefts targeting more than 100 Los...
----------
McAfee Labs’ January Spam Report
Angelina Jolie and Barack Obama are the #1 celeb subjects of choice for spammers, according to our January Spam Report.
----------
Spiceworks Is Becoming The Facebook For IT Managers; Raises $16 Million Series C
by Leena Rao on January 11, 2010
Spiceworks, a startup that develops Web-connected social IT management software, has raised $16 million in Series C funding round led by Institutional Venture Partners with Austin Ventures and Shasta Ventures participating. This brings the startup’s total funding to $29 million.
Spiceworks develops a desktop software suite that helps a company’s IT staff collaborate with each other and manage “everything IT.” The IT management software, which is free and ad-supported, is currently being used by 850,000 IT professionals at small to medium businesses in 196 countries to inventory, monitor, troubleshoot, report on and run a help desk for their IT networks. Currently more than 25 percent of all businesses with greater than 100 employees rely on Spiceworks to manage part of their IT operations.
----------
More Researchers Going On The Offensive To Kill Botnets
Jan 11,2010
Another botnet bites the dust, as more researchers looking at more aggressive ways to beat cybercriminals
----------
Researcher Rates Mac OS X Vulnerability 'High'
Jan 08,2010
Flaw in versions 10.5 and 10.6 can be exploited by a remote attacker, says SecurityReason
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment