F-Secure report warns XP zero-day attack is imminent

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Are you still using Windows XP? In its latest Threat Report, security vendor F-Secure warns that a powerful zero-day attack against Windows XP is a matter of when—not if—and provides some guidance for those stalwart (or foolhardy) PC warriors who plan to ignore the April 8 “XPocalypse” when Microsoft support for the OS officially expires.

To be fair, F-Secure does not take a “sky is falling” approach to the end of Windows XP support, but advises that “folks that continue to use XP at home can do so with some reasonable amount of safety, for a while still, but they absolutely need to review their Internet (particularly Web browsing) and computing habits.”

F-Secure's warning is echoed from most security experts, as well as from Microsoft itself. A Microsoft blog post points out that malware developers will simply reverse-engineer patches and updates for other versions of Windows and test to see if those same flaws exist in XP. If they do, attackers will develop exploits and it will be open season on the legacy platform. 

Read more »

0

Study: IRS exposing Social Security numbers online

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

This tax season you may have more to worry about than how much you owe. A new study from Identity Finder finds the IRS is not properly protecting social security numbers in some tax returns.

Personal tax returns are not public, but the tax returns of non-profit organizations are public domain. Identify Finder used the OCR (optical character recognition) module of its Sensitive Data Manager software to analyze nearly four million publicly available tax return image or PDF files ranging from 2001 to 2012.

The research revealed an alarming failure to safeguard sensitive data. Identity Finder uncovered an estimated 630,000 Social Security numbers exposed online in form 990 tax returns.

Read more »

0

Study: 6 out of 10 Android apps a security concern

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Security vendors have been preaching about the impending doom of mobile malware for a few years now. Each year seems to see a dramatic spike in detected malware over the previous year, but users are starting to get a bit cynical about the coming mobile malware apocalypse. A new report from Webroot once again highlights an increase in mobile malware and also sheds light on how iOS compares to Android.

The Webroot Threat Research team analyzed nearly six million mobile applications, and hundreds of thousands of mobile infections between 2011 and 2013 to compile the Webroot Mobile Threat Report. It also reviewed data from around 125,000 customers who activated Webroot’s Lost Device Protection (LDP) feature.

Webroot found that Android poses a greater security risk than iOS. Webroot identified a 384 percent increase in total threats to Android devices over 2012, and found more than 40 percent of the Android apps analyzed were classified as either malicious, suspicious, or unwanted.

Read more »

5

Lookout study: hackers target mobile attacks by region

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Mobile devices are prime targets for for cyber criminals, and a report by mobile security company Lookout reveals some surprising data about how they plot their attacks.

Lookout collected data from more than 50 million users between January and December of 2013. It analyzed the information and broke it down by region and type of attack to get a picture of mobile attack trends. The results are weighted to normalize the differences between life cycles of users in different regions.

What stood out is that attackers adapt attack behavior to target regions where the attack is more likely to maximize profit while minimizing potential detection.

Read more »

0

One tweak can make your Windows PC virtually invulnerable

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto.

In its 2013 Microsoft Vulnerabilities Study, Avecto found that you could mitigate almost every single Critical vulnerability simply by removing administrator rights. The exact number was 92 percent, but that brings the number of serious threats from 147 down to around 12.

Avecto also determined this would circumvent 91 percent of the Critical flaws in Office, and 100 percent—as in every single Critical vulnerability—of those that impact Internet Explorer.

Read more »

10

Report finds iOS apps riskier than Android apps

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

How many apps do you have on your smartphone or tablet right now? Well, take that number, and multiply it by 0.9. That’s about how many of your apps are a potential security concern according to a new study from Appthority.

The Appthority Reputation Report for Winter 2014 was compiled using data from the cloud-based Appthority App Risk Management Service. Appthority performed static, dynamic, and behavioral app analysis of 400 paid and free apps spanning iOS and Android to assess the relative security and risky behavior of the most popular apps.

Appthority found that 95 percent of the top 200 free apps on iOS and Android exhibit at least one risky behavior. That number drops to 80 percent for paid apps—an improvement, but four out of five paid apps exhibiting risky behavior is hardly something to cheer about. Appthority also discovered that iOS apps are riskier overall than Android apps—91 percent contain risky behavior as opposed to 83 percent on Android.

Read more »

6

Yahoo Mail hack teaches a valuable lesson

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Yahoo Mail was hacked. Details are sketchy in terms of just how many Yahoo Mail accounts have been compromised. Yahoo suggests that the attackers most likely gained access to the data through a third-party database outside of Yahoo control. Regardless of how the compromise occurred, there is a lesson to be learned here…again.

Hacks happen, but If you've followed basic security practices and aren’t using the same login credentials for multiple sites and services, a compromised Yahoo Mail shouldn't put anything at risk other than your Yahoo Mail account. 

Passwords lose their efficacy if you just use the same one for every site and service.

Read more »

16