Apple Warns iPhone Owners: Be Wary of Fake Text Messages. Woman sentenced in global computer hacking scheme – Sacramento Bee. Dark Reading | Security | Protect The Business – Enable Access. SSL Key Exposed in RuggedCom Switches | SecurityWeek.Com. How to Protect Insiders from Social Engineering Threats. ICS-CERT Warns of Serious Flaws In Tridium SCADA Software. Last 72 hours of Security News. Hackers, FAA Disagree Over ADS-B Vulnerability | HITBSecNews. Sabu Gets 6-Month Sentencing Delay for Continuing to Help Feds | HITBSecNews. Fake Android Flash Player contains malware and adware. Malware peddlers are taking advantage of the fact that Adobe has pulled its Flash Player app from Google Play and decided to concentrate on PC browsing and mobile apps bundled with Adobe AIR, and have begun offering Android malware disguised as the aforementioned legitimate software. Banking on the likelihood that not many users have hears about that decision and are searching for Flash Player on official and unofficial online Android markets, Russian scammers have decided to set up a number of websites offering the bogus app.
"As of this writing, we’ve seen eight sites using Adobe’s logos and icons—all are linking to the same variant of OpFake Trojan disguised as the legit Flash Player for Android. All the Russian sites used different file names for their .APK files but they’re the same malicious variant," say GFI researchers. Unfortunately, those instructions actually make the unsuspecting users root their own devices, and then download a hacked version of the actual Flash Player app.
BlackBerry 10 'incompatible' with existing BES servers: report. Update at 1:30 p.m. ET: RIM has updated its statement and clarifies its position on the next-generation enterprise offiering. In a nutshell, we got it wrong. See: "RIM: BlackBerry Enterprise Server will support all devices; We goofed". RIM is developing a new version of its BlackBerry Enterprise Server (BES) for BlackBerry 10 devices because the existing offering is incompatible with the next-generation platform.
According to a BGR report, it's why the Ontario, Canada-based firm's failed to include email and BlackBerry Messenger support at the launch of the BlackBerry PlayBook device -- because the QNX-based operating system couldn't communicate with RIM's existing server infrastructure. According to the report, RIM will cease development on the current BES server, version 5.0.3, but will issue security patches for "well into the future," according to a RIM spokesperson.
The kicker? So, no answers there, then. Consumer-grade mobile messaging apps lack corporate appeal. Mobile messaging applications bring usability and convenience for consumers, but for corporate use, these programs tend to be less than secure and bring other concerns such as lack of user privacy and having to cope with network stability, industry watchers note. Aapo Markkanen, consumer mobility analyst at ABI Research, said the proliferation of mobile messaging apps among consumers have spilled over into the workplace as many are using these programs to connect with other employees or for companies to touch base with their customers.
With these apps, communication is more instant and sophisticated than SMS (short message service) and more frictionless than e-mails, Markkanen pointed out. They also tend to be available on multiple mobile platformsand are not tied down to certain devices or networks, he added. However, the main downside of these mobile messaging apps for corporate use is security, or the lack thereof, noted the analyst. Flash Player vulnerable again a week after patching. Adobe has released yet another security update for Flash Player, to address a new set of six vulnerabilities that even affect the company's most recent patch that was issued just last week. Last week, Adobe urged Windows and Mac users to upgrade Flash Player to 11.3.300.271 and Linux users to upgrade to 11.2.202.238, to mitigate a vulnerability that was being exploited in the wild; victims would open a Microsoft Word document and become infected, or would be compromised via the ActiveX version of Flash Player for Internet Explorer.
This vulnerability could cause the computer to crash and potentially allow attackers to take control. Today, Symantec confirmed that attacks were indeed being carried out, observing over 1300 instances of malicious emails since 10 August. It pointed users to the 11.3.300.271 patch and urged them to keep their systems up to date. Adobe has assigned the new Windows patch with a Priority 1 rating. Crisis malware targets virtual machines. Crisis, also known as Morcut, is a rootkit which infects both Windows and Mac OS X machines using a fake Adobe Flash Player installer. Discovered in July, the trojan OSX.Crisis targets Windows and Mac OS users and is able to record Skype conversations, capture traffic from instant messaging, and track websites visited in Firefox or Safari. However, it has now come to light that the malware can be spread in four different environments -- including virtual machines.
It is spread through "social engineering attacks" -- in other words, it tricks a user into running a Java applet Flash installer, detects the operating system, and runs the suitable trojan installer through a JAR file. Both released .exe files open a back door, compromising the computer. Originally, it was believed the malware could only spread on these two operating systems. Katsuki writes on the official Symantec blog: However, there is good news for iOS and Android device users. DHS investigating Siemens 'flaw' in power plant security. The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Security researcher Justin Clarke exposed the flaw at a Los Angeles conference last week, claiming he discovered a way of spying on encrypted traffic in hardware owned by a Siemens subsidiary, RuggedCom. The DHS advisory noted: "An attacker may use the key to create malicious communication to a RuggedCom network device.
" It added that the government department was in contact with RuggedCom and the researcher in order to identify the flaw and find a resolution to the vulnerability. Clarke said that the Siemens-owned technology maker used a single software key to decode encrypted traffic that flows across its network, and has discovered a way to extract the key which could then be used to send malware or credentials to the critical systems.