Lost Smartphone Could Cost You $37,000

What would it cost you if you lost your smartphone? How about your tablet or laptop? You might be able to replace the physical device for a few hundred, or a couple thousand, depending on the device--but that only scratches the surface of what may be lost when your smartphone, tablet, or notebook vanishes.

What about your personal photos, vast music library, personal information like bank and investment account data, and other sensitive--or even irreplaceable--data? A new survey from McAfee found that the average value users place on such information is $37,438. In the United States consumers value their 'digital assets' at nearly $55,000.

Malware warning
McAfee survey finds average value of assets on mobile devices to be $37,000.
McAfee teamed up with MSI international to survey 3,000 consumers from 10 countries around the world about the digital information and assets on their mobile devices, and their attitudes toward protecting it.

Read more »


New Mac Trojan Pretends to Be Flash

Mac malware is still quite rare, but there is one new threat floating around that you should be aware of. A new Trojan for Mac OS X disquises itself as an installer for the Adobe Flash Player browser plug-in, according to security software company Intego. The good news (if you want to call it that)? This new malware doesn't appear to have spread very far as of yet.

According to Intego, this Trojan spreads via malicious sites that feature links asking you to download Flash Player (recent versions of Mac OS X don't come with Flash Player pre-installed). Instead of being taken to the Adobe Flash site when clicking the link, you'll inadvertantly download the Trojan instead. The Trojan looks and acts like any typical Mac installer package--in fact, if you have the "Open 'safe' files after downloading" box checked in Safari, the installer will open automatically.

Intego is still trying to learn more about this particur Trojan, but the company says that "the installer for this Trojan horse will deactivate some network security software, and, after installation, will delete the installation package itself." From there, the Trojan "installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches." Put in English, it basically turns good apps bad by making them run malicious tasks.

Read more »


Urgent: Patch Adobe Flash to Protect against Zero-Day Exploit

Adobe issued a critical update today for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild.

The details of the Adobe security bulletin explain, "This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444)," adding, "Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."

Adobe Flash zero-day flaw
Patch Adobe Flash now to guard against zero-day exploit.
The zero-day bug fixed today is similar to a flaw in Flash that was patched in June. Coincidentally, both the June vulnerability, and this one patched today were reported to Adobe by Google.

Read more »


McAfee Delivers Comprehensive Protection for Mobile Devices

Just when you were starting to get ahead of the curve when it comes to locking down the network and protecting PCs, everything went mobile. Not just laptops--but tablets, and smartphones that run unique operating systems and applications on completely different hardware. To help you combat the dramatic rise in mobile security threats, McAfee has developed Enterprise Mobility Management.

Smartphones and tablets have enjoyed some degree of security by obscurity. Although it has always been theoretically possible to hack or compromise mobile devices one way or another, the incentive wasn't there. But, with smartphones and tablets storing 32GB, 64GB or more of data, and providing access to sensitive resources, malware developers are paying more attention.

McAfee Enterprise Mobility Management
McAfee EMM takes a three-pronged approach to protecting mobile devices and data.
The nascent nature of mobile device hardware and software, though, make it new territory for you to wrestle with and try to protect. As if that isn't enough, the very point of mobile devices is to be mobile--so there is no pretense of a "perimeter" to hide inside. These devices are out there roaming about, and you need tools to protect the information they contain.

Read more »


Microsoft, Adobe Unleash Flood of Security Updates

Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.

Actually, today is a bit anti-climactic. Due to human error the full security bulletins were made public briefly on Friday, so there has already been a four-day heads up of what to expect. But, now that the security bulletins and associated patches are legitimately public, it's time to take a closer look.

Malware alert
With five Microsoft security bulletins, and 13 updates from Adobe it's a busy week for IT admins.
Five security bulletins isn't the lightest month ever, but it is far fewer than some of the Patch Tuesday avalanches we have seen. What is even more unique is that none of the five security bulletins are rated as Critical. All five of the bulletins--MS11-070 through MS11-074--are all rated Important.

Read more »


Why GlobalSign Made the Right Move to Suspend New Certificates

When you work in computer security, reputation is everything. Certificate authentication authority (CA) GlobalSign on Monday suspended issuance of any new certificates pending the result of an investigation into a claim by a hacker that its security had been compromised. Their swift response maintains their reputation as a leading CA and positions them as an optimal choice for anyone looking for a CA for their business.

What Do Certificate Authorities Do?

A certificate authority issues a number of certificates that certify a secure environment for websites, code, documents, objects, email, or any other form of electronic communication or programming. The most common product that a small business would be familiar with is an SSL certificate, which GlobalSign defines as "SSL/TLS encryption and identity assurance for websites".

Read more »


Apple Silent on DigiNotar Certificates Hack

DigiNotar, a certificate authority (CA) responsible for issuing digital certificates used to verify a website as authentic, announced on August 30 that hundreds of its certificates had been compromised. While others have reacted quickly, Apple is still mum on plans to protect Mac OS X or iOS users from the rogue certificates.

Vendors Respond

Companies like Microsoft, Google, and Mozilla took drastic action by simply revoking trust entirely in all DigiNotar certificates. The response has been much more dramatic than the steps taken earlier this year when Comodo suffered a similar breach, but for two very good reasons.

Read more »