There is a serious security issue with a variety of HTC Android phones that enables any app with Internet permissions to access a huge amount of private data on the device, including call logs, email addresses, SMS messages, last known GPS location and more. The problem was introduced via an update to the HTC phones that installed a tool called HTCLogger that collects the data.
Microsoft was forced to push out an emergency update to its Security Essentials and Forefront products Friday after users complained that an updated virus signature intended to spot the Zeus Trojan was, instead, flagging and even removing instances of Google’s Chrome Web browser.
QR codes have been showing up everywhere in the last few months, from magazine ads to the sides of buses to, oddly, billboards. And now they’ve shown up on the list of ways that attackers are delivering malware to victims, with the emergence of a new Android-based Trojan that is hiding on malicious sites linked to by some QR codes.
Research in Motion’s phones are considered the premiere maker of enterprise-grade mobile devices. But now a Russian firm says that a forensics tool it developed can reliably crack strong passwords used to secure the company’s BlackBerry phones.
Cisco has patched a string of serious vulnerabilities in its IOS networking software, including some that could be used for remote code execution, and also fixed flaws in some of its other products. In all, Cisco released 10 advisories, nine of which concerned IOS vulnerabilities.
Mozilla has released Firefox 7, the latest version of its flagship browser, which includes a number of security fixes and other improvements. The new version is being touted as the fastest yet and also includes a new feature meant to conserve memory on users’ PCs.
Bug bounty programs have been around in various forms for more than 15 years now, and many of the larger software companies, including Mozilla and Google, have established rewards for people who report bugs. But, aside from the amount of money that’s paid out when bugs are fixed, there hasn’t been much raw data available about the the way the programs operate. Now, Mozilla has released some numbers on its program that show how effective it has been.
Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack.
The Stuxnet worm may be the most famous piece of malicious software ever written. When it was first detected, a little over a year ago, the worm sounded a warning to nations around the world that critical infrastructure systems were potential targets of attack for foreign governments and cyber criminal organizations alike. But with the anniversary of the Stuxnet worm’s discovery just past, the Department of Homeland Security admits that it is now reevaluating whether it makes sense to warn the public about all of the security failings of industrial control system (ICS) and SCADA software.
British virtual private network (VPN) company Hide My Ass has taken a stand about their involvement in the arrest of an alleged Lulzsec member last week. In a blog post published on Friday, the company reiterated that they keep logs of their users’ history for 30 days and they will cooperate with law enforcement agencies if it’s become evident certain accounts have been used for illegal activites.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
