Browsing Author: Michael Mimoso

Categories: Vulnerabilities

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the distribution of an automated mechanism that will check for certificate key lengths and revoke any shorter than 1024 bits.

Read more...

Categories: Uncategorized

Less than a month after the Nitol botnet takedown, Microsoft has released data casting more scrutiny of supply chain security. In its latest Security Intelligence Report (SIR) for the first half of 2012, Microsoft has connected the most prevalent malware families involved in supply chain compromises, including malicious add-ons pre-installed on PCs by manufacturers, as well as pirated software available on peer-to-peer networks, and music and movie downloads.

Read more...

Categories: Mobile Security

Malware intent on SMS fraud, also known as toll fraud, has been a constant on mobile platforms, Android in particular, for some time. And FakeInst is definitely king of the hill when it comes to this type of malware. Prevalent in Russia and the rest of Eastern Europe, the malware poses as popular applications, free games or screensaver and once installed, sends premium SMS messages to a service controlled by an attacker. The malware also intercepts messages confirming the charges from wireless providers and ultimately, the user is socked with a massive phone bill while the attacker quietly cashes in. A recent report from Lookout Security said toll fraud malware accounted for 91% of mobile malware and FakeInst malware has netted more than $10 million this year for the attackers behind the malware.

Read more...

It might sound like a security researcher’s worst nightmare to string together 300,000 virtual instances of the Android OS, but for scientists at Sandia National Laboratories, it’s just another day.The Department of Energy-sponsored national security-focused laboratory released the MegaDroid project on Tuesday, a cluster of 300,000 networked virtual machines running Android on commodity hardware. The project gives scientist a massively scaled platform to test anything that could cause a network disruption, including malware or an attack on critical infrastructure.

Read more...

Categories: Malware, Mobile Security

Mobile malware has largely been limited to Trojans buried inside a malicious app targeting sensitive data stored on the phone such as email, contact information and SMS messages. A new proof-of-concept piece of malicious software, however, expands the scope of mobile malware and essentially turns an Android device into a surveillance tool, bringing a while new range of security and privacy implications into the equation.

Read more...

Categories: Web Security

Mozilla is trying to deal a two-fisted blow to the continued use of passwords as an online authenticator, as well as the practice using social media username-password combinations as a persistent login on other sites. Its Persona project has moved into its first beta release promising developers and website users a better and more private authentication experience.

Read more...