UK businesses need to protect themselves from cybercrime, as government data reveals that up to 90 percent of major businesses in the country experienced an attack in 2014.
The post 90% of large businesses in the UK experienced data breach appeared first on We Live Security.
Exactly seven years ago to the day (September 23rd), after much speculation, Google finally lifted the lid on its secret project, one which would go onto change the mobile world.
The post 7 years of Android: A painful journey to world dominance appeared first on We Live Security.
Following the recent XcodeGhost attack on the Apple Store in China, the eternal debate has reignited: iOS or Android? This is the dilemma that you face when it comes to choosing which mobile device to purchase and it goes far beyond just preferences regarding the camera or types of apps that are available to download. Whichever of the two that you choose could spell the difference between keeping your confidential information, and that of your company and employees, out of the cybercriminals’ grasp.
To make your decision a little easier, we’ve analyzed the main strengths and weaknesses of both operating systems in terms of security. Of course, neither of the pair is perfect, but each one has an area where they excel compared to the other.
Among the advantages of Apple’s operating system, you have the fact that it is a closed system and, therefore, automatically secure (well, as much as it can be). Apple has control over the job done by the app developers and the app store has special mechanisms to verify the tools, their origin, and features.
Furthermore, with iOS 8 all information saved in the calendar, contacts, notes and reminders are protected by encryption.
However, let’s not get too carried away as no system is perfect and as we’ve seen in recent days, the Apple system isn’t immune to an attack. There have been a few scenarios in which we have seen the existence of vulnerabilities in the iOS system and attacks on the Apple user ID.
Android, for its part, offers more freedom to app developers. A lot of them use the programming language C++, which is a more complex one than previous versions, and is therefore more difficult for cybercriminals to modify.
However, when they use Java in sensitive fragments of code within the apps, the tide turns in the favor of the cybercriminals as this is easier to manipulate, allowing them to insert their own malicious codes with relative ease.
In contrast with Apple, purchases of Android apps is a little less secure. There is less attention paid on the part of Android to the tools used and, once installed, there operating system doesn’t alert you to anything suspicious.
However, there are some good points – Android allows the use of HCE (Host Card Emulation) when making purchases from your smartphone. It works via an app that is offered by banks and is able to be downloaded directly to the phone. When you complete a purchase on the cloud, the tool sends the user information via the safety measures installed in the NFC chips on the device.
Finally, you won’t find the biggest weakness in the system by analyzing sophisticated technology. The real advantage that cybercriminals have when it comes to spreading malware through Android is that there is such a high number of users – if they want to spread malware, why not spread it by the most popular system?
A recurring strategy used by attackers is to make themselves the administrator of the device, which allows them total control of the phones. The real owner of the phone is helpless and can’t change these settings nor delete the application.
Given the widespread use of Android, the best way to protect your privacy depends on the phone’s manufacturer. No matter if you have an iOS or an Android, the an eye on its security is yourself. Do this by using secure passwords which you change often and keep a watchful eye on apps that you download.
The post Android or iOS: which operating system is the most secure for mobiles? appeared first on MediaCenter Panda Security.
Onapsis Security Advisory – SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
Red Hat Security Advisory 2015-1814-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-23 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
HP Security Bulletin HPSBUX03511 SSRT102248 1 – A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
HP Security Bulletin HPSBGN03391 1 – A potential security vulnerability has been identified with HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” or “POODLE”, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
Red Hat Security Advisory 2015-1833-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU’s RTL8139 emulation implementation processed network packets under RTL8139 controller’s C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
Red Hat Security Advisory 2015-1834-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
Debian Linux Security Advisory 3364-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
