Chris Brook

About

"Distrust and caution are the parents of security" - Benjamin Franklin

Looking to Bolster Security, Dropbox Adds Two-Factor Authentication

Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts.The added layer of security is currently optional but can be selected after users opt in, then check the ‘Security’ section of their “Settings.’


Scammers have already begun to take advantage of Adobe’s recent decision to remove its Flash Player from Android’s Google Play marketplace. Last week’s removal has prompted scammers to start promoting fake versions of the software to unsuspecting smartphone owners. While researching the scamware, security firm GFI Labs uncovered a separate fake version of the Flash Player that’s not only bogus but an SMS Trojan that comes bundled with adware.

Adobe pushed out the latest build of its Flash Player (11.4) and AIR (3.4) runtime environment Tuesday, patching six critical vulnerabilities that if left unpatched, could have allowed an attacker to gain control of or crash any affected system.The fixes address flaws for Flash Player in Windows, Macintosh, Linux and several Android versions (2.x, 3.x, 4.x) and updates AIR for Windows, Macintosh and the AIR SDK.

Espionage has gone digital and we’re just now seeing the beginnings of what will prove to be a “cyber arms race,” according to Mikko Hypponen, Chief Research Officer for the F-Secure, the Finnish security firm. Hypponen laid out his thoughts and recapped the last seven months in threats in the latest edition of the company’s Threat Report (.PDF), released today.

Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first reared its head in mid-2010 after it was found targeting critical infrastructure in Iran. Despite Siemens patching some Stuxnet-like bugs late last month, it’s been a while since we’ve heard from the computer worm. Lately the spotlight has been stolen by a series of Stuxnet descendants such as Duqu, Flame and just revealed yesterday, Gauss.

A new type of financial malware has surfaced that’s targeting information submitted through banking forms via the “Man in the Browser” (MITB) technique and proving difficult to detect, according to research published by computer security firm Trusteer today.

Android devices have remained a constant target of attacks over the last quarter thanks in part to new variants from the FakeInst and OpFake families of malware. According to the latest version of the F-Secure Mobile Threat Report, the firm found 5033 malicious Android application packages (APKs), a 64 percent increase over the 3063 the firm identified in the first quarter of 2012.