Threat Center Security News
Security News
Apple releases patch for iPhone flaw Print E-mail
Written by Rebecca Mints   
Sunday, 09 August 2009 09:42

A vulnerability in iPhone software that was revealed in last week's Black Hat Security Conference has now been patched, according to consumer giant Apple.

An update is now available on the Apple website which aims to fix a critical iPhone flaw that attackers could exploit to crash the iPhone software.

In Apple's latest advisory, users are warned of "receiving a maliciously crafted SMS message [that] may lead to an expected service interruption or arbitrary code execution.

This means that a text message crafted by an attacker and sent to the iPhone can allow the attacker to execute code remotely.

While asking users to be wary of suspicious text messages, Apple assures them that "the update addresses the issue through improved error handling."

Two security experts, Charlie Miller and Colin Mulliner, presented the details of the iPhone flaw last week in Las Vegas during the Black Hat Security Conference.

Chinese hackers tamper on Windows 7 code Print E-mail
Written by Rebecca Mints   
Sunday, 02 August 2009 06:58

Chinese hackers have reportedly tinkered with the final code for Windows 7 even as Microsoft and manufacturers are still just getting familiar with the newly released application.

Security experts have called it ironic that the Windows 7 code that was made purposely to counter piracy is now circling the hacking community in China. Various Chinese online forums have reported that several Chinese hackers have taken advantage of a hole in Windows Genuine Advantage anti-piracy system in Windows Ultimate release. What the hackers did was to fully activate the software offline, thus depriving Microsoft of the exclusivity as activation server.

Chinese hackers have allegedly used an ISO file that was leaked on the network to be able to hack the activation certificate digitally signed by Microsoft for the OEM version of Windows 7.

In response, Microsoft has quickly released a statement urging customers not to avail of the pirated copy. 

Malicious code embedded on BlackBerry update Print E-mail
Written by Rebecca Mints   
Monday, 20 July 2009 01:24

Users of BlackBerry who are based in the United Arab Emirates have been warned that the latest software update distributed through the Etisalat network are brimming with malicious code that can remotely-trigger spyware.

The BlackBerry update had been distributed as a WAP Push message which turned out to contain an application that, if triggered, can intercept email and even shorten battery life. The attack was accidently discovered by a user who clicked on a Java file contained in the update labeled as "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality."

Users had been tricked to click on the update and eventually found their batteries drained while competing through network traffic to download the said update. The update is housed in a directory labeled as /com/ss8/interceptor/app, which points to UAE networking company SS8.

SS8 however denied sending the update but admitted that it has authored a similar application. Etisalat and RIM, another networking company, have not released a statement regarding the matter. The competing operators though have not come up with a solution and instead chose to keep the issue under their sleeves.

Korean tension spills over the Net Print E-mail
Written by Rebecca Mints   
Sunday, 19 July 2009 19:14

In what is believed to be part of the tension involving North Korea and its aggressive war stance, a malicious software is now creating a widespread explosion over the Internet, seriously threatening websites of South Korean and United States government.

Robert Lemos of SecurityFocus has reported that a denial-of-service attack has created network traffic that has so far affected website belonging to the two governments.

The attack was carefully planned to start on the 4th of July and for two weeks have been shooting down around 26 Web sites, including some U.S. Commercial sites, according to Joe Stewart of SecureWorks. "In the latest file distributed on Tuesday, some of the U.S. Sites were taken out and the South Korean sites were added in," said Stewart.

Juniper keeps mum on ATM flaws Print E-mail
Written by Rebecca Mints   
Saturday, 11 July 2009 09:08

Several vulnerabilities in Automated Teller Machines were found by security researchers of networking giant Juniper. A presentation had been prepared by the researchers to discuss these vulnerabilities at the Black Hat Security Conference scheduled end of July and many are looking forward to this big revelation.

But Juniper has opted to be extra-careful with the issue and cancelled the presentation this early.

"The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public," said a statement signed by Juniper's social media relations officer Brendan P. Lewis.

Lewis said they made a decision to cancel the presentation after weighing its potential impact on the involved vendor as well as their clients.

"To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."

More Articles...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »

Page 1 of 33

WTW Threat Level