Google’s Android Targeted by Malware
Security experts at Kaspersky Lab stated they have discovered a malware application that targets the Google Android mobile operating system in Russia. The malware named “Trojan-SMS.AndroidOS.FakePlayer.a” is the first of its kind specifically implement to target the Android mobile OS according to the researchers at Kaspersky Lab.
The malware hides as a media-player called “Movie Player”, and when installed it begins to send text messages to a premium rate number without the knowledge of the Android-base device owner.
Even though initial cases are in Russia, Android-based users all over should be aware of the matter and be vigilant when downloading applications to their mobile device.
SecurityOrb.com has five key recommendations for Android-based cell-phone users:
- Pay close attention to the services that an application requests access to when it is being installed.
- Check the permissions of your apps and revoke unnecessary access to remote locations and SMS request.
- Install apps from trusted companies and sources ONLY.
- Set Android-based device to only download applications that are in the Android Market
- Research, read and/or review before installing apps
Attend 15th Annual Hacker Halted Information Security Event and Get a Free iPad
Make plans now to attend the fifteenth annual Hacker Halted information security event – October 9-15 in Miami. The format includes a 4-day training Academy, followed by a 2-day conference on October 13-14 and 1-day of free Training (October 15) for all registrants. The two-day Conference features a comprehensive program presented in three tracks.
Register for the 2-day conference by August 31 and receive a FREE iPad onsite. No tricks or anything else to purchase.
Readers of this message may also receive a $100 discount off the 2-day conference fees – pay just $1,199 instead of $1,299 which includes the free iPad – by registering with the code HHQZM3 on the electronic registration page at www.hackerhalted.com You MUST register by August 31 when this offer and discount code will expire.
Jailbreaking Apple’s Mobile iProducts Get Easier
As the popularity of the small Apple products (iPhone, iPad, iTouch) take off, they are drawing the attention of hackers. Some hackers just want to access the OS so they can remove roadblocks for application customization and to add unauthorized tools and programs, while others might want to do damage or steal your information.
The two different groups of hackers have different motives but both look to do the same thing and that is get access at the core of the mobile devices and makes the system do more. This type of hacking is called “jailbreaking” or “jailbreak”, which basically replaces the operating system on your device with an “enhanced” version, which may allow you to download additional programs, get more customization on your device or add more functionality.
Last week the website “jailbreakme’dot’com” publicly announced that they can do a website based jailbreak of your device. That is all and well for those that want to jailbreak their device (may be harmful to your device), but it was recently discovered that you could jailbreak someone else’s device, remotely, yes remotely. This as you can imagine, has caused a stir among users of these devices. Apple has said they have created a patch for the issue, but there is no present release date at this time.
Custom Lightbox!
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
SecurityOrb Live Stream on The Tech Talk Show 1450 WOL
Listen to me live tonight on TheTechTalkShow @ 7:00pm on WOL-AM 1450 (DC) or listen online @ http://bit.ly/xCG7d #Security, #Technology
Adobe confirms PDF zero-day, plans rush patch
By Gregg Keizer | Computerworld | InfoWorld
Adobe today said it would issue an emergency patch the week of Aug. 16 to fix a critical flaw in its Reader and Acrobat software.
The bug was disclosed by researcher Charlie Miller at last month’s Black Hat security conference when he demonstrated how the open-source BitBlaze toolkit could be used to boost bug-hunting productivity tenfold.
Miller, an analyst with Baltimore-based Independent Security Evaluators, is well-known for finding vulnerabilities in Adobe’s popular Reader PDF viewer. Last March, Miller showed how a simple fuzzing tool could root out scores of potential bugs in Reader, Microsoft Office, Apple’s Preview, and other software.
According to a paper Miller published after the Black Hat conference ( download PDF ), and others, the bug is in Reader’s and Acrobat’s font parsing.
“This can be exploited to corrupt memory via a PDF file containing a specially-crafted TrueType font,” stated Danish vulnerability tracker Secunia in an advisory published Wednesday. “Successful exploitation may allow execution of arbitrary code.”
Today, Adobe announced it would release a rush, or “out-of-band” security update during the week of Aug. 16-20. Adobe issues its quarterly security updates for Reader and Acrobat on Tuesdays, and has shipped emergency fixes on that same day of the week. If the company continues the practice, it would most likely deliver the out-of-band patch on Aug. 17.
Adobe hinted that the out-of-band update will include fixes for vulnerabilities other than the one Miller uncovered. The company also said it would still ship its next regularly-scheduled quarterly update on Oct. 12.
Although the Adobe vulnerability shares traits with the one currently being used to “jailbreak” Apple’s iOS mobile operating system — both involve font parsing errors — they’re not linked, Miller said.
“Its just a coincidence that they are both bugs in the way programs parse fonts in PDFs,” Miller said in an e-mail reply to questions.
The vulnerability exploited by the JailbreakMe software is in Apple ‘s PDF viewer, dubbed Preview, not in Adobe’s Reader, a fact that Adobe tried to make clear yesterday. “Not all PDF-related vulnerabilities are automatically Adobe vulnerabilities,” argued Brad Arkin, Adobe’s head of security and privacy, pointing out that the formerly proprietary PDF was issued as an open standard in 2008.
To read the rest of this article, you can find it at the here.
