If you use any type of mobile device in your day to day life….keep reading. Ignorance can only bring you so far!
Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple’s iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.
NGS Secure has discovered a high risk vulnerabilities in the McAfee Email and Web Security Appliance
All versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, McAfee Email Gateway 7.0 Patch 1
- Reflective XSS allowing an attacker to gain session tokens
- Session hijacking and bypassing client-side session timeouts
- Any logged-in user can bypass controls to reset passwords of other administrators
- Active sesssion tokens of other users are disclosed within the UI
- Password hashes can be recovered from a system backup and easily cracked
- Arbitrary file download is possible with a crafted URL when logged in as any user
NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.
Kaspersky Lab, a leading developer of secure content and threat management solutions today announced a new version of its flagship product for at-home PC protection — Kaspersky PURE 2.0 Total Security. Using Kaspersky Lab’s award-winning anti-malware protection and an array of additional security tools, Kaspersky PURE 2.0 Total Security is the easiest way to keep multiple PCs secure, irreplaceable digital assets protected, and children safe and responsible online.
Central Home PC Management
Ideal for households with multiple computers, including families with children, Kaspersky PURE uses Home Network Management to easily protect, manage and monitor every PC in the household from a single machine.
— Run all scans, updates, and backup tasks on every PC in the house automatically or on-demand
— Fix security issues without getting up from your desk
— Manage parental controls from anywhere in the house, so your kids are protected even when they’re out of view
— Conveniently update the Kaspersky PURE licenses throughout your home
Total Package of Security Tools
Kaspersky PURE also includes everything you need to secure your online identity and protect your irreplaceable digital property. When you install Kaspersky PURE, our extra layers of security mean you can say good-bye to overpriced and inefficient niche products.
This is great work. I am demoing the product now and will post my review shortly. Very excited about how this will shape the home and small business central management landscape. Will vendors pile on?
More on this breaking news can be found here: http://www.marketwatch.com/story/kaspersky-lab-announces-new-generation-of-ultimate-pc-protection-for-your-home-2012-03-26
Symantec has issued a warning about a Trojan horse program that is capable of infecting both 32- and 64-bit versions of Windows 7. The malware can allow attackers to elevate privileges of restricted processes without user knowledge or permission.
The latest fully patched versions of Windows 7 are vulnerable to a Backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.
Ciubotariu also states in the article: “The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.
The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.
But backdoor.Conpee and the recently-discovered Backdoor.Hackersdoor Trojan have both been shown to infect 64-bit operating systems, said Ciubotariu.
“What was just a theory not so long ago is now being used in-the-wild by [these] threats,” he warned.”
More on this topic can be found here: http://www.v3.co.uk/v3-uk/news/2159725/symantec-warns-bit-windows-trojans
Alongside the launch of the “new iPad“, Apple released iOS 5.1 for the iPhone 3GS, 4 and 4S, the 3rd generation iPod touch, and iPad and iPad 2. The update includes fixes for 91 issues with CVE identifiers. The majority, 66 of the issues, are described as “unexpected application termination or arbitrary code execution” in WebKit due to memory corruption. These flaws were mostly found by Apple or members of the Google Chrome Security Team, while a number were found by Chrome special rewardwinner miaubiz.
Two screen lock bypass issues are fixed, including one, a race condition with slide to dial gestures that could bypass the passcode lock, discovered by Roland Kohler of the German Federal Ministry of Economics and Technology, and an uncredited discovery that Siri’s lock screen could be used to forward messages to an arbitrary user.
iOS 5 devices have automatic update support, and the update should be available “over-the-air” or via iTunes. Users who wish to force the update can use the Settings app, select General and then Software Update, ensuring the device is fully charged or on charge. Full details of all the issues fixed are given in About the security content of iOS 5.1 Software Update.
Many of the same WebKit issues are fixed in the iTunes 10.6 update to mitigate the possibility that a man-in-the middle attack could be used while browsing Apple’s iTunes Store to compromise a system. The iTunes 10.6 update is for Mac OS X and Windows systems and details of the fixes are available in About the security content of iTunes 10.6.