In The Security World, Android Is The New Windows

ReadWrite VIA LoopInsight

“There’s so much malware on Android, you’d think it would be a huge deal,” Cobb said. And the growth of is “huge,” he added, “both in the number of malware exploits and their increasing sophistication. The rate of growth in Android malware is impressive, and scary.”

WINNING.

 

New Java vulnerability is being exploited in the wild

TNW

FireEye offered the following details in regards to the latest Java failure:

Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable from same server hosting the JAR file and then execute it.

Just Another Vulnerability Announced.

Hackers publish 453,000 emails and passwords allegedly stolen from Yahoo

Computerworld:

A group of hackers on Thursday published a list of  more than 453,000 log-in credentials on the Internet that were allegedly stolen from a database associated with an unnamed Yahoo service.

The group of hackers calls itself “the D33Ds Company” and claims to have hacked into the database by exploiting an SQL injection vulnerability found on a Yahoo subdomain.

We can have all the security in place on our side, but if the people running the service sleep on the wheel, we’re screwed.

Mac Antivirus, yes or no?

One of the first things I thought about when I switched to Mac, was the eternal question of all switchers: Should I put an antivirus on it? Is it necessary?

Continue reading

Apple updates Java for OS X.

Continue reading

Adobe Flash Player updated to version 11.3.300.257

With security and features updates:

  • Full screen keyboard input for Flash Player
  • Low latency audio support for streaming audio through NetStream
  • Low latency audio support for Sound API
  • Protected mode for Firefox (Windows Only)
  • Texture streaming
  • Background Updater for Mac
  • Bitmap.drawWithQuality
  • BitmapData.encode
  • MouseEvent.RELEASE_OUTSIDE
  • ApplicationDomain.getQualifiedDefinitionNames()
  • Improved Apple MacOS App Store Support

If you use Google Chrome, you already ave the most recent version of Flash Player, if not, always go directly to Adobe’s site.

Yahoo! Axis has security flaw.

I told you yesterday of the new app from Yahoo! for iOS, and browser extension for Firefox, Chrome, and Safari, called Axis. Well apparently Yahoo! leaked some critical info about the browser extension that makes it vulnerable.

The Register:

Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.

Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook’s tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.

NIce going Yahoo!

Code signing coming to Firefox Mac builds

Mozilla:

We don’t know exactly when 10.8 will be released to the public but some have speculated that it could be as early as the week of June 11th at WWDC 2012. We must have a signed and released Firefox out there before the general public starts upgrading and we’ve been working hard to make that happen as soon as possible. This post will give a short history of Mac signing at Mozilla and talk about our timeline for enabling it.

Gatekeeper by default, allows the user to install any app from the Mac App Store or from any developer that has authenticated themselves with Apple and obtained a certificate. This will be a great security feature to help avoid installing malware on your system. Nice move by mozilla.

Apple releases Leopard Flashback Removal Security Update and Leopard Security Update 2012-003.

For those of you still using Leopard (10.5), Apple (really late) has released a Flashback Removal Tool. Also, they have released Leopard Security Update 2012-003, which disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe’s website.

Security Update 2012-002 for Snow Leopard

Yesterday Apple released some updates to the OS and to Safari, but I forgot to tell our Snow Leopard-using friends, that there is an update for their Macs.

Download

It includes some bug fixes and security improvements, which you can read here if you are interested.