background preloader

Security

Facebook Twitter

German government warns users off of Internet Explorer. Authorities in Germany are advising users to consider switching away from Microsoft's Internet Explorer browser in the wake of a series of attacks targeting an unpatched vulnerability.

German government warns users off of Internet Explorer

Internet Explorer Users: Please Read This. Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and unpatched critical security hole in IE versions 7, 8 and 9.

Internet Explorer Users: Please Read This

But some experts say that advice falls short, and that users can better protect themselves by surfing with an alternative browser until Microsoft issues a proper patch for the vulnerability. The application page of EMET. EMET, short for the Enhanced Mitigation Experience Toolkit, is a tool that can help Windows users beef up the security of commonly used applications, whether they are made by a third-party vendor or by Microsoft. EMET allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7 — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). UK established permanent cybersexurity team. WhatsApp is broken, really broken.

WhatsApp, the extremely popular instant messaging service for smartphones that delivers more than ~1billion messages per day has some serious security problems.

WhatsApp is broken, really broken

I will try to give a detailed analysis on some of the issues. Encryption Until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. If you don't really need Java, get rid of it. Got Java?

If you don't really need Java, get rid of it

Even if you've applied the urgent out-of-band patch from Oracle, you may want to disable or uninstall Java itself. It turns out that the patch has its own flaws that make Java vulnerable to new attacks. According to security experts, Oracle's Java patch resolves the multiple "zero-day" vulnerabilities currently being exploited by attacks in the wild. However, it also leaves open a vulnerability--which was discovered and reported to Oracle earlier this year--that could allow an attacker to bypass the Java sandbox protection and execute malicious code on the target system. Google buys browser-based malware scanner VirusTotal. Google has acquired Web-based URL scanner VirusTotal in what may be an effort to improve browser security.

Google buys browser-based malware scanner VirusTotal

VirusTotal's service is pretty simple: Just visit the Website and either select a file to scan or paste in a URL. Also available are a Windows desktop application and browser extensions for Chrome, Firefox, and Internet Explorer. Adobe confirms Windows 8 users vulnerable to active Flash exploits. Microsoft's Windows 8 is vulnerable to attack by exploits that hackers have been aiming at PCs for several weeks, Adobe confirmed Friday.

Adobe confirms Windows 8 users vulnerable to active Flash exploits

Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability. " That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. Firefox 15.0.1 fixes bug that exposed websites visited in private browsing mode. Mozilla released Firefox 15.0.1 on Thursday in order to fix a bug that potentially exposed the websites visited by users while in "Private Browsing" mode.

Firefox 15.0.1 fixes bug that exposed websites visited in private browsing mode

The goal of the "Private Browsing" mode is to enable Firefox users to surf the Web without leaving any traces of the visited websites behind. According to a support article on Mozilla's website, while running in Private Browsing mode the browser shouldn't save visited pages, form and search bar entries, passwords, download entries, cookies, or temporary Internet files, which are collectively known as cached Web content. The cached Web content consists of images, script files and other resources downloaded automatically by the browser from visited websites. TechWeekEurope UKGoogle Hackers Use Eight Zero-Days To Hit Defence Firms. The same hacking group that hit Google in the Aurora attacks of 2009 have been targeting defence firms and exploiting a massive eight zero-day vulnerabilities along the way.

TechWeekEurope UKGoogle Hackers Use Eight Zero-Days To Hit Defence Firms

Dubbed the Elderwood Project, the offensive operation is believed to be the work of a well-funded group of hackers, possibly a nation state. They are targeting organisations in the defence supply chain, including shipping companies, aeronautic firms and energy suppliers, possibly in order to attack top-tier contractors. Mobile security threats rise. Security threats to your mobile device lurk as malware, fraudulent lures such as SMS spoofing, and toll fraud, but they're all becoming favorites of digital crooks as people move away from using PCs and toward smartphones and tablets, according to a new report.

Mobile security threats rise

Such cybercrime is worth big money, whether it happens on your PC or smartphone. Cybercrime in 2011 cost consumers $110 billion worldwide and $21 billion in the United States, according to Symantec's recently released annual Cybercrime Report (PDF). But online crime may soon cost us more. The frequency of mobile threats doubled between 2010 and 2011, Symantec says, and 35 percent of online adults worldwide have either lost or had their mobile device stolen, exposing them to identity and data theft.

It sounds like your cell phone is open to some nasty threats, but is mobile security really something you should be worrying about? No doubt, mobile devices are the next big target for malicious actors looking to make a quick buck.