Google has announced that organizations that pay for Google Drive will reap the benefits of a more secure platform.
The post Google Drive security boost for paying customers appeared first on We Live Security.
Monthly Archives: September 2015
Kaspersky Lab Asks Consumers: 'Are You Cyber Savvy?'
Android trojan drops in, despite Google’s Bouncer
ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with an interesting addition: the application was bundled with another application.
The post Android trojan drops in, despite Google’s Bouncer appeared first on We Live Security.
Infected Apps in AppStore: How safe is your iOS device?
300 Infected Apps have been removed from the AppStore, proving users that even Apple, with its manually app approval process, cannot be right all the time.
The post Infected Apps in AppStore: How safe is your iOS device? appeared first on Avira Blog.
XcodeGhost: What it Is and How to Avoid it. The Sheen Comes off Apple’s Invincibility
In what is a timely reminder that even the largest, and seemingly controlled, companies can face a cyberattack, Apple revealed that its Chinese App Store had been attacked by malware.
In what is thought to be the first attack on Apple’s App Store, the infection consisted of malicious code placed into iPad and iPhone apps that are popular in China. The hackers created a counterfeit version of Apple’s software for building iOS apps, which they then convinced developers to download. Once the apps were made and downloaded, the attackers were able to steal data about users and send it to servers they control.
The malware, known as XcodeGhost, could also allow the attackers to send fake notifications to users which could result in unsuspecting victims revealing valuable information. Cybersecurity firm Palo Alto Networks also states that is possible for the attackers to see log in information and other actions carried out on the device.
“In China – and in other places around the world – sometimes network speeds are very slow when downloading large files from Apple’s servers,” explained Palo Alto Networks. “As the standard Xcode installer is nearly three gigabytes, some Chinese developers choose to download the package from other sources.
Some of the apps that were affected by the attack include some that are available for purchase in App Stores outside of China, such as thee business card scanner CamCard.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokeswoman Christine Monaghan. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps”.
How to avoid XcodeGhost
- Having the operating system updated.
- Only download applications from the official store. Of course, in this case the infected apps were in the Apple store, but they have been swiftly eliminated.
- Use common sense – it’s one of the best ways to protect yourself
- Also, connect your iPhone or iPod to your Mac and scan it for malware with our antivirus for Mac
The post XcodeGhost: What it Is and How to Avoid it. The Sheen Comes off Apple’s Invincibility appeared first on MediaCenter Panda Security.
UDID v1.0 iOS – Persistent Mail Encode Vulnerability
Posted by Vulnerability Lab on Sep 22
Document Title:
===============
UDID v1.0 iOS – Persistent Mail Encode Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1590
Release Date:
=============
2015-09-22
Vulnerability Laboratory ID (VL-ID):
====================================
1590
Common Vulnerability Scoring System:
====================================
3.6
Product & Service Introduction:…
Air Drive Plus v2.4 iOS – Arbitrary File Upload Vulnerability
Posted by Vulnerability Lab on Sep 22
Document Title:
===============
Air Drive Plus v2.4 iOS – Arbitrary File Upload Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1597
Release Date:
=============
2015-09-21
Vulnerability Laboratory ID (VL-ID):
====================================
1597
Common Vulnerability Scoring System:
====================================
8.7
Product & Service Introduction:…
CVE-2015-5567 (air, air_sdk, air_sdk_&_compiler, android, flash_player)
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579.
CVE-2015-5568 (air, air_sdk, air_sdk_&_compiler, android, flash_player)
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2015-5570 (air, air_sdk, air_sdk_&_compiler, android, flash_player)
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.