Text messages have largely replaced seasonal (and non) greeting cards, and there are mobile apps out there that let you send prewritten witty/sweet messages to friends and family.
But there are also some that pretend to do that, and F-Secure researchers have recently spotted a Trojan targeting Chinese Android users that masquerades as just that type of app.
Check out Help Net Security for the full article
A vulnerability in ASP.NET that could allow an attacker to consume all of the resources on a vulnerable server with a single specially designed HTTP request. The vulnerability affects a wide range of Web platforms are vulnerable to this attack, and Microsoft officials said they’re releasing the patch now because they’re expecting exploit code to be released in the near future.
Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” say the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.
Check out Help Net Security for the full article
Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well.
The vulnerability reported by Viehbock to US-CERT is related to the way that the WPS standard handles failed authentication attempts in some cases. In those scenarios, it will send back too much detailed information to the user–or attacker–about the PIN that’s required to set up the router using WPS. Viehbock found that he was able to use that information to greatly reduce the amount of time it takes to recover the PIN for a router through a brute-force attack. Once the attacker has the WPS PIN, he can take control of the router.
The full article by Threat Post
Bit9’s new research on “The Most Vulnerable Smartphones of 2011” lists the devices that pose the most serious security and privacy risk to consumers and corporations. In the Bit9 research report, Android phones overwhelmingly topped the list, accounting for the “dirty dozen” most vulnerable devices.
2011 has been labeled by IT security experts as “The Year of the Hack”. Bit9′s endpoint survey of 765 IT executives revealed that Advanced Persistent Threat (APT) attacks, like the one that was used to breach RSA, are of most concern to IT and security professionals.
US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.
Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.
US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks: