Mac malware found in malformed Word documents – is China to blame?
An posting from Naked security about Mac malware found in malformed Word documents – is China to blame: Our friends at F-Secure have blogged today about a boobytrapped Word document, that appears to be designed to infect computer systems running Mac OS X.
The malicious Word file, examined by the experts in SophosLabs, claims to be about the “6th International Uyghur Women’s Seminar & 1st World Uyghur Women’s Congress”, run by the International Uyghur Human Rights & Democracy Foundation.
Vulnerabilities, exploited in malformed Word documents, install malicious code onto the recipients’ computer and a legitimate-seeming Word file with content relevant to the victim is displayed as a smoke screen.
It’s clear that the attack is targeted against Uyghur Mac users, and we have seen similar attacks in the past.
Sophos products detect the malware as OSX/Agent-AADL and Troj/DocOSXDr-B.
To read more click here:
How To Stop Making Excuses For Poor Application Security Testing
An posting from Dark reading about How To Stop Making Excuses For Poor Application Security Testing:
just as the old carpenter axiom warns to measure twice and cut once, the effort of putting in effective security testing practices earlier in the application development process saves many more headaches later in the application lifecycle.
“We want to have applications that don’t get surprise ‘no’s’ in pre-production approval, and that don’t get out there in production with more vulnerabilities,” says Diana Kelley, application security strategist for IBM, who says that in her opinion it takes a “fundamental shift” in practices and in mentality for enterprises to get there.
To read more click here:
Security Vendors In The Aftermath Of Targeted Attacks
An posting from Dark reading about Security Vendors In The Aftermath Of Targeted Attacks:
It has been months now since any word of a security company getting hacked has surfaced, but security vendors are still getting targeted on a daily basis by attackers ultimately after their customers — or their intellectual property.
“It certainly has not let up in any way,” RSA CSO Eddie Schwartz says of attack attempts against the security company. “We’re always seeing over some period of time … offshoots or new adversaries related to some we’ve seen before, and we have to profile or understand them in some way. There’s always something new we have to learn and understand.”
To read more click here:
Google joins FIDO’s crusade to replace passwords
An posting From Cnet in there Security and privacy sections about Google joins FIDO’s crusade to replace passwords: In the face of rampant weak password selection, group aims to replace passwords for identity authentication when logging into Web sites and online accounts. A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.
The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user’s identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.
To read more click here:
Viber flaw bypasses lock screen to give full access to Androids
An article from Naked Security about Viber flaw bypasses lock screen to give full access to Androids: Lacking the lightning-fast reflexes needed toget past the Samsung Galaxy Note 2’s lock screen?
Hampered by pesky morality that forces you to forego the placing of bogus emergency calls so as to hack iPhone passcodes?
Not that you should want to do any of that, mind you, but just to pile onto the spate of recently revealed smartphone hijacking methods, a new flaw in Viber allows hackers to more easily bypass Androids’ lock screens than these previous finger-twisters.
To read more click here:
AP Twitter account hacked, posts false White House scare
An posting from NBC News in there Technology section : Following a hack attack, the Associated Press’ verified Twitter account posted “an erroneous tweet” claiming that two explosions occurred in the White House and that President Barack Obama is injured. Moments later, the @AP Twitter account — with nearly 2 million followers — was suspended.
Immediately following the false tweet, the Dow Industrial Average lost about 140 points. These losses were immediately recovered.
To read more click here:
