Critical Update for Windows 7 Coming Tuesday

Yes, it is that time again. Time flies when you're having fun. The seventh Patch Tuesday of 2011 is next week on July 12. Microsoft predicts that we will see a meager four security bulletins next week, but don't let the small number fool you--there is a Critical security bulletin affecting Windows 7 and Windows Vista.

The light Patch Tuesday will certainly be welcome by IT admins--many of which are probably still trying to dig out and implement the updates from the 16 security bulletin avalanche that hit in June.

Windows 7 logo
The July Patch Tuesday includes a Critical security bulletin affecting Windows 7.
Amol Sarwate, Vulnerability Labs Manager for Qualys, explains, "The highest priority update is rated "Critical" and only affects Windows 7 and Windows Vista. The second highest priority will most likely be bulletin four--which fixes a remote code execution in Visio 2003 SP3."

Read more »


JailbreakMe 3.0 and the iOS PDF Flaw: Protect Your Business

The cat-and-mouse game between Apple and those who would "liberate" its iOS devices is back on after Wednesday's launch of JailbreakMe 3.0, a website that hacks iPhones, iPod Touches, and iPads to allow software unapproved and undistributed by Apple onto the devices.

The site is the first "jailbreak" that includes support for the iPad 2, and offers an "untethered" jailbreak, meaning that devices hacked via the site don't have to be connected to a computer to boot up, unlike other "tethered" jailbreak options.

In response, Apple acknowledged vulnerabilities in iOS and announced that it is working on a fix for those holes, which are present in versions of the mobile operating system up to and including the current iOS version 4.3.3.

Read more »


Protect Yourself on Facebook with BitDefender Safego

Users spend more time on Facebook than on any other single online destination. With a pool of 700 million users sharing updates, photos, videos, and links, the social network is also a prime target for malware and phishing scams. BitDefender developed the SafeGo Facebook app to help protect you from attacks while using Facebook.

The whole point of Facebook is to be social. There is a level of inherent security expected, because the posts, links, etc. are coming from people you have a relationship with, and trust enough to include in your social circle...unless they're not. It didn't take cyber thugs long to figure out that the expectation of trust can be exploited to dupe victims into clicking on malicious links and opening malicious files.

BitDefender logo
BitDefender provides the Safego Facebook app to protect your social network.
The SafeGo Facebook page explains, "Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure."

Read more »


Symantec Uncovers Android Apps Security Threat

Android has quickly climbed to the top of the mobile OS mountain, and it owes much of its success to being a more open platform than rivals like iOS. However, that openness is a double-edged sword that also exposes Android to potential risk--like the Android Class Loading Hijacking threat discovered by Symantec.

A Symantec spokesperson explains that the Android Class Loading Hijacking threat resembles a Windows DLL hijacking attack. "It relies on the fact that Android provides APIs that allow an app to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately, if these plug-ins are stored in an insecure location, this process can be hijacked."

Android apps
Some Android apps may pose a security threat.
Symantec stresses that the Android Class Loading Hijacking threat is not a vulnerability in the Android OS itself, but a flaw in the way some apps are coded that can be exploited to hijack permissions.

Read more »


Bugs and Fixes: Microsoft Patches 34 Vulnerabilities

Source: Apple

This month Microsoft patched thirty-four vulnerabilities, several of which are highly dangerous and have an exploitability vulnerability of 1. Apple released updates for Mac OS X patching a number of vulnerabilities which could allow an attacker to gain personal or secure information. Finally, Adobe released an unusual number of patches this month which fix a number of vulnerabilities across a multitude of Adobe products including ColdFusion and LiveCycle.

Microsoft Patch Tuesday

Read more »


Researchers Look at New Ways to Keep Your Information Safe

Since 1997 identity theft and fraud has affected more than 5.4 million people in the United States. And that number is on the rise with, more than 1.3 million complaints to the Consumer Sentinel Network (CSN) between January and December of 2009 alone. According to the Federal Trade Commission (PDF), of the 721,418 fraud-related complaints to the CSN in 2009, this has cost customers [of various products and services] more than 1.7 billion dollars at a median payout of $399. But what can companies do to prevent fraud and identity theft?

According to Network World a 4-digit numerical PIN can create only about 10,000 combinations. Use letters of the alphabet and that increases to 45,000; use a mix of letters and numbers and you have 1.5 million possibilities. With the advancements in computing, pounding through millions of combinations only takes a short limited amount of time. Thankfully, there may be a new method to fix all of this: cell phone biometrics.

Read more »


How to Stop Hack Attacks In One Easy Step: Whitelisting

Anonymous, LulzSec, and others have demonstrated time and time again over the past few months that hacking networks and compromising data is mere child's play. Does that mean there is nothing we can do, and that organizations should just accept inadequate security? No. At least one security expert believes that the answer to defending networks and data against the rise in attacks is simple--whitelisting.

The anatomy of recent hacks, and the reliance on precision, targeted, socially-engineered attacks makes them difficult--if not impossible--to defend against. Blocking unauthorized access to the network, and protecting data from external attacks is one thing, but if the attacker dupes an authorized, internal user into executing malware that grants access or gives the attackers the keys to breach the network and compromise data, there is little that can be done.

Security radar
Something needs to change to defend networks and data proactively.
'Little' is not the same as 'nothing', though. There is a potential solution. In a blog post on Intelligent | Whitelisting, Richard Stiennon, author of Surviving Cyberwar and analyst at IT-Harvest, an independent IT security analyst firm, points out that a common denominator of malware attacks is that the malware executable is new, unknown software. A whitelisting solution would block such attacks from working, because the malware would not be on the whitelist.

Read more »