Monthly Archives: December 2014

Security

Yahoo Plans to Disclose All New Bugs It Finds Within 90 Days

Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery. The new policy is the same one used by Google’s Project Zero, a team of researchers that looks for vulnerabilities in a variety of commonly used software packages and platforms. That team has […]

AVG

AVG Business strengthens team for big push in 2015

However, as always in business, you can never afford to rest on your laurels and we will continue to invest in and expand our bleeding-edge cloud security and managed services platforms.  To assist us with this task it gives me great pleasure to welcome on board Francois Daumard as our new vice-president of Global Channel Sales.

Most recently with the mobility management company FiberLink, Francois has a strong background in Channel Sales and has previously worked for such organizations as Apple and Microsoft.  Francois’ experience encompasses Global Sales & Marketing, Operations and establishing international strategic Channel Partner Programs.  He is well-recognized as an active participant in the Channel Community and currently sits on the Vendor Council of CompTIA.

Francois will be responsible for the channel sales teams across the globe.  He brings a tremendous amount of experience to the team and will be working closely with our VP of Marketing & Product Marketing Joanna Brace and her marketing team as we work to add a little sparkle to our channels in 2015.

As we pivot AVG business towards a cloud model, expansion of our global footprint has gathered pace. In 2014 Brazil, Australia, Germany and, following the recent acquisition of Norman Safeground, Scandinavia, DACH and Benelux have all come on stream.

Of course the size of the challenge ahead of us should not be underestimated.  We are not going to convince businesses overnight how radically we have changed as an organisation.  We must show them that today we are the online security company for devices, data and people with a modern consumer and business product portfolio to suit both markets.

Hopefully our continued roll out of market-leading cloud security and remote management solutions coupled with an unwavering commitment to helping our 10,000 global partners and their customers manage large numbers of business mobile devices will help to overturn some of those entrenched perceptions.

In summary, as we build up to the strategically important Mobile World Congress 2015 we can count on a solid framework, closely aligned to the ever changing needs of the Channel, that is capable of carrying us towards our next goal. That goal is to become the market leading applications vendor for streamlined delivery of cloud security and managed services to small and medium sized businesses.

Avira

Android Malware Steals Credit Card Information

Given my daily work, I recently ran into some interesting Android malware that tries to steal credit card information from users. The malware is cloaked as Adobe Flash Player App: users who want to install the app on their devices end up downloading the malware from an untrusted source.The bad news is that victims might not even recognize it as malware since it looks like the real Flash Player.

Android malware

As you can see in the picture above, although it looks like Adobe Flash Player it actually requests a lot of permissions like access to location data, SMS, phone calls …

The malware installs itself as a service on the phone and it requests device administrator permissions from the user. It says that it needs the permission to get access to a video codec. Once the user agrees with this request, the app gains full access to everything on the phone.

Android malware

Now everything is set up and I will explain how it is stealing the information. Basically the malware is checking if some popular or often used apps like Google Play Store, Google Music, WhatsApp, Facebook, Twitter, Instagram … are launched on the device. If one of these Apps were started, the malware displays some screens to get the credit card information from the user. It looks like the launched app is requesting this credit card information for payment issues.
android11

As you can see in the screenshots above, all information needed to make a payment is demanded by the malware. It requests credit card number, expiration date,CVC number, the complete owner information with address and the only payment password for the credit card. The dialogue box also includes a checking system to ensure that no wrong numbers etc. are entered. Once all of this information is introduced, the data is sent to a server which collects the stolen credit card information. Authors of this Malware can use it now to make payment transactions with the stolen data.

To prevent you from being affected by such malware we recommend to install only apps from trusted sources like Google Play and always keep an eye on the permissions the app requests from you. Check if it makes sense that the app has this permission and if it is really needed.

 

The post Android Malware Steals Credit Card Information appeared first on Avira Blog.

Apple

APPLE-SA-2014-12-9-1 iOS 8.1.2

From: Apple Product Security
Reply to list

APPLE-SA-2014-12-9-1 iOS 8.1.2

iOS 8.1.2 is now available and includes the security content of
iOS 8.1.1: https://support.apple.com/en-us/HT6590

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1.2".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
iQIcBAEBAgAGBQJUh5NeAAoJEBcWfLTuOo7tU1wP/2nkHWHE6tMk3MliuGTWPgOQ
bBTUTn71tc46iniZYosRTSKVY8b23jED57OhubCy4jS9Nw3gXOpguGMhNp9+9yWh
3F5fDnkmEjUwX8DTEya/XH+E+89CGUB7ysqDgy2pdkAsHPS8NHDeapRgXWFEK/F6
l5xvWGYTpqKE9JlEZisBKOox9Bm5C2i0/0oNtPIIB9mqPbFgrX4bZe5dP53RBABE
8JVPSI0uRRqNJHc0Q4wg2Re5e4MmT6n9apcHDr9A7d7XL4d9nf1erEdSiItk5ov5
reI4yRxJ6j/yE3FZQL7dikcKjEOXcKlujWkTfZUT3W0sBVcz4bua6pbQbfjgQJTv
z0d7/gg9ftOOqdjjJ7chKzr6NRsc1VDUpY56nQwNSG88sssAsSKi3iOngAxpDCEi
nzbk2MDaQ0XrCjF1ViZe0mCysqhcQ26MgYb2eIb2HWzHu4fajNZjaIJnz5OUtpD3
gafTgwmsVYAEuzdpWsyAHuP8GzbN76ckYowZUzc265wY3WMKJ2qEtJxDqJDX3c7Y
gERP8NpDomVImrAJzLaBc+EDudWuZ7pVWNtoALgPoudyJJQkUAaFnapA1tr2BBFF
Q83czo7WK91L0SWPlrCLPWoSMqGrENsR9NC39YaPPMJr/LTV3IuH+51erbFT/7tR
6zaepHK412hfvYrFbSXD
=aVu1