ESET’s Stephen Cobb explains the four significant security and privacy assumptions that Snowden’s actions, and the resulting revelations, have undermined.
The post Snowden: 4 big security and privacy assumptions he undermined appeared first on WeLiveSecurity.
But be careful, whether you are an existing or new player as with any craze as popular as this then cyber-criminals see an opportunity to make some cash.
In the last week several security researchers have released details of threats ranging from fraudulent social media accounts to malware infected apps available in the Google Play store.
The malware infected app found by security researchers this week was available in the Google Play Store and is reported to have been downloaded over 500,000 times. The apps malicious payload is capable of taking root access rights on a user’s phone. The app masqueraded as a ‘Guide for Pokémon Go’, leveraging the huge success of the game to dupe people into downloading an app that could then uninstall/install apps or display unwanted adverts.
The research on social media accounts found 543 accounts related to Pokémon Go across Facebook, Twitter and Tumblr with over 30% (167) of them delivering fraudulent content to their visitors. With a mix of downloadable game guides, imposter accounts and free giveaways affecting both desktop platforms and mobile devices delivering adware, malware or software not related to the content advertised.
With cyber-criminals motivated to cash in on the phenomena we strongly recommend that vigilance is needed when downloading or researching details about the game and the best way to play.
If you think you may have clicked a bad link or downloaded a rogue app then download AVG AntiVirus for Android, it’s free and detects malicious app downloads in real-time. AVG detects the threat from the malicious app mentioned above and our researchers work 24×7 to ensure that we bring you protection to threats as they happen.
Microsoft this week patched a zero-day vulnerability in the Internet Explorer and Edge browsers being used in the AdGholas malvertising campaign.
Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method “find” is called. This class seems to be only used in the JMX MINA component “IoServiceMBean”. When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.
This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 – 7.0.1 (verified on 7.0.1), NetBSD 6.1 – 6.1.5, and NetBSD 6.0 – 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
RSA announces security fixes to RSA BSAFE Micro Edition Suite designed to address Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) attack on TLS 1.2. RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 and all 4.0.x versions prior to 4.0.9 are affected.
Ubuntu Security Notice 3080-1 – Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. Andrew Drake discovered that the Python Imaging Library incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. Various other issues were also addressed.
Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.
Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications’ users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.
ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.
