Malware


HP Warns of ProCurve Switches Shipped With Malware

HP is warning customers that some of its ProCurve switches were shipped recently with compact flash cards infected with malware. The company said that a number of software versions in the ProCurve 5400 switch were affected, and that PCs could be become infected by the malware under some conditions.

Interview: Android Engineered To Enable Data Harvesting

We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. In this question and answer session, Brodeur corresponds with Threatpost about his ongoing work studying the Android operating system, and how a combination of loose application coding and insecure design makes Google’s Android a boon for advertisers and others who want to harvest data on mobile users.* 


Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines.

Mac malware is still enough of an oddity that the existence of a single botnet made up of Macs has prompted a huge amount of publicity and finger-pointing in the general direction of Apple. The furor over the Flashback malware seems to be receding a bit, and researchers say that the number of unique bots connecting to a sinkhole server dropped significantly over the weekend. But that doesn’t mean that the threat is over.

Corporate executives and other high value employees traveling abroad need to be on guard for attempts to compromise their mobile devices, and could even have their mobile phone compromised before they even disembark the plane following their arrival, according to security researcher Justin Morehouse. A thirst for intellectual property and trade secrets, and a bugeoning market of sophisticated mobile surveillance tools means that executives need to begin thinking and acting like spies in order to avoid being spied upon themselves, according to a presentation at the OWASP AppSec DC 2012 conference in Washington DC on Thursday.