Security

This week, we reported an iTunes vulnerability that exposes Windows users to over 40 different application attacks. Now, it seems that the same exploit is being used by hackers to infiltrate and drain PayPal accounts. "My account was charged over ... $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised," complained one customer in a recent post to blog TechCrunch. The same victim said he'd received almost fifty receipts from PayPal totaling $99.99 each, but was able to prevent these transactions from being recorded by his bank. Not everyone ... (view more)

Most Internet Service Providers (ISPs) restrict, redirect, or reject inbound emails to save users the time and hassle of having to deal with irrelevant 'junk' messages. However, new studies are showing that a number of ISPs are rejecting millions of ... legitimate emails every day. The problem does not pertain to one-to-one personal messages. Rather, mass marketing emails and communications from sources like social networking sites (and even infopackets.com) are not being delivered to users. The problem is that even though users have specifically requested to receive these emails, the messages ... (view more)

Security researchers have found a new way to attack Windows: through Apple's very popular online media player and retailer iTunes. It involves a method of tricking the media player into performing a function that puts 40 different Windows ... applications at risk. The vulnerability stems from an issue with iTunes prior to Apple's releasing of version 9.1. This issue was associated with what was called a "Remote Binary Planting" flaw discovered by Slovenian research firm Acros. Security experts found that the vulnerability in the Windows version of iTunes allowed for local or remote hackers to ... (view more)

Too often security measures taken against identity theft, malware infection and other vulnerabilities are performed in reaction to an attack. With the creation of their latest hard drive feature, however, Toshiba is taking a proactive approach in ... combating online thieves. The new Toshiba hard drive boasts a feature that effectively wipes out data after the storage devices are powered down. The Wipe setting is available with Toshiba's SED (Self-Encrypting Drives) and promises to delete secure data prior to disposing or repurposing hard drives. (Source: computerworld.com ) While the new ... (view more)

Hackers are running a new social engineering scheme that tricks users into uninstalling their legitimate anti-virus program protecting their computer, and using a rogue product instead. Those behind the duping scheme have leveraged a clone of the ... CoreGuard (fake) Antivirus product and relabeled it as AnVi Antivirus. Both products are rogue. Rogue antivirus products have become a reoccurring problem for security companies, though one particular security software firm, Symantec, noted that this method of attack differs from rogue antivirus products of the past. Symantec, AVG, Microsoft ... (view more)

Facebook users have been urged not to click on a link claiming to offer a "dislike" button. The link scams users to get access to their Facebook account. Dislike Link is Not Endorsed by Facebook There is an official "Like" function on Facebook. It ... allows users to give a virtual 'thumbs up' to comments or news posted by their friends. The function has now been extended so that third-party websites can publish a "Like button" on their sites: when visitors click the button, their Facebook account automatically posts a link to the relevant page. A common use is to allow readers to share a link to ... (view more)

Adobe will today release a patch for a critical security vulnerability in its popular Reader and Acrobat software. The issue was first identified at the Black Hat security conference in July, and has since remained without a fix. Adobe noted in ... early August that the patch would be available this week, well ahead of its next scheduled security release (based on a quarterly timetable) in mid-October. Reader, Acrobat for Windows and Mac Affected According to an advisory from Adobe, the patch is meant to fix a number of critical issues affecting Reader 9.3.3 for Windows, Unix and Mac as well as ... (view more)

Website domain name registration business Network Solutions says that domains marked "page under construction" have been dishing up malware. It's suggested that millions of websites have been infected, and that the malware has been live for several ... months. The domains used a malicious script targeting Taiwanese and Hong Kong IP addresses to deliver a fake chat message that directed users to other web sites. (Source: computerworld.com ) Drive-By-Downloads Infect Unsuspecting Users Malware spread when a now-disabled widget in the Small Business Success Index section of Network Solutions' ... (view more)

Microsoft has confirmed it's investigating yet another large-scale bug affecting all supported editions of Windows. At the same time, it's ruled out issuing an emergency patch for the kernel-related issue that emerged just last week. On Tuesday, ... Microsoft issued a record-breaking monthly Patch Tuesday update containing a record 14 security bulletins. When that was announced, it looked as if it would be network administrators who'd be in for a particularly busy time, while Microsoft security staff could at least have some breathing room. That turned out not to be the case. Bogus Color Data ... (view more)

Those wanting to jazz up their Google Android phones better watch out for a new malware that masquerades as a wallpaper application. While aesthetically appealing, the malware rooted behind the wallpaper strips personal data and sends it away to a ... remote server. The mal-app (malware app) targets phone numbers, subscriber identity and voicemail passwords. The vulnerability was uncovered by the US-based security company Lookout, which is currently working on the App Genome Project, a website designed to uncover apps with malicious code embedded. Malware Source Identified Fortunately, the source ... (view more)