Category Archives: Latest Warnings

Beware Scare Tactics for Mobile Security Apps

June 20, 2012

It may not be long before your mobile phone is beset by the same sorts of obnoxious, screen-covering, scaremongering ads pimping security software that once inundated desktop users before pop-up blockers became widely-used.
Richard M. Smith, a Boston-based security consultant, was browsing a local news site with his Android phone when his screen was taken over by an alarming message warning of page errors and viruses. Clicking anywhere on the ad takes users to a Web site selling SnapSecure, a mobile antivirus and security subscription service that bills users $5.99 a month.

Microsoft Patches 26 Flaws, Warns of Zero-Day Attack

June 12, 2012

30 Comments

Microsoft today released updates to plug at least 26 separate security holes in its Windows operating systems and related software. At the same time, Microsoft has issued a stopgap fix for a newly-discovered flaw that attackers are actively exploiting.

If You Use LinkedIn, Change Your Password

June 6, 2012

54 Comments

An archive reportedly containing the hashed passwords of more than six million LinkedIn accounts is circulating online. LinkedIn says it is still investigating the claims, but if you use LinkedIn, you may want to take a moment and change your… Read More »

Attackers Hit Weak Spots in 2-Factor Authentication

June 5, 2012

31 Comments

An attack late last week that compromised the personal and business Gmail accounts of Matthew Prince, chief executive of Web content delivery system CloudFlare, revealed a subtle but dangerous security flaw in the 2-factor authentication process used in Google Apps for business customers. Google has since fixed the glitch, but the incident offers a timely reminder that two-factor authentication schemes are only as secure as their weakest component.

In a blog post on Friday, Prince wrote about a complicated attack in which miscreants were able to access a customer’s account on CloudFlare and change the customer’s DNS records. The attack succeeded, Prince said, in part because the perpetrators exploited a weakness in Google’s account recovery process to hijack his CloudFlare.com email address, which runs on Google Apps

‘Flame’ Malware Prompts Microsoft Patch

June 4, 2012

21 Comments

Microsoft has issued a security update to block an avenue of attack first seen in “Flame,” a sophisticated new malware strain that many experts believe was designed to steal data specifically from computers in Iran and the Middle East.

According to Microsoft, Flame tries to blend in with legitimate Microsoft applications by cloaking itself with an older cryptography algorithm that Microsoft used to digitally sign programs.

WHMCS Breach May Be Only Tip of the Trouble

May 24, 2012

104 Comments

A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords — and in some cases credit cards — may turn out to be least of the company’s worries. According to information obtained by KrebsOnSecurity.com, for the past four months hackers have been selling an exclusive zero-day flaw that they claim lets intruders break into Web hosting firms that rely on the software.

Google to Warn 500,000+ of DNS Changer Infections

May 22, 2012

31 Comments

Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens… Read More »

Multiple Human Rights, Foreign Policy Sites Hacked

May 15, 2012

6 Comments

A rash of recent and ongoing targeted attacks involving compromises at high-profile Web sites should serve as a sobering reminder of the need to be vigilant about applying browser updates. Hackers have hit a number of prominent foreign policy and human rights group Web sites, configuring them to serve spyware by exploiting newly patched flaws in widely used software from Adobe and Oracle.

FBI: Updates Over Public ‘Net Access = Bad Idea

May 11, 2012

21 Comments

The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their… Read More »

Adobe, Microsoft Push Critical Security Fixes

May 8, 2012

14 Comments

Adobe and Microsoft today each issued updates to address critical security flaws in their software. Adobe’s patch plugs at least five holes in its Shockwave Player, while Microsoft has released a bundle of seven updates to correct 23 vulnerabilities in… Read More »