iGyaan Network

Tag: security

  • Google To Pay €300,000 Fine for Privacy Violations to a French Agency

    Google To Pay €300,000 Fine for Privacy Violations to a French Agency

    France’s National Commission on Computing and Freedom (CNIL) threatened Google with a €300,000 fine due to the company’s lack of compliance with a June decision aimed at protecting users’ private data. The French agency that regulates information technology says Google had not satisfactorily responded to its June decision giving the company three months to be more upfront about the data it collects from users.

    In a statement Friday, France’s National Commission on Computing and Freedom, known as CNIL, said:

    Google hasn’t made requested changes, including specifying to users what it uses personal data for, and how long it’s held. CNIL said it will now launch formal sanction proceedings, a process that could take months.

    On the other hand, Google spokesman Al Verney said:

    Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with CNIL throughout this process and will continue to do so going forward.”

    The National Commission on Computing and Freedom said five other European countries are also taking similar steps in a staggered offensive against Google’s privacy policy between now and the end of July. It said Google has largely ignored earlier recommendations from European regulators. Similar actions are underway in Spain, Germany, Britain, Italy and Netherlands.

     

  • Cops in NY promotes iOS 7’s Security Features

    The New York Police Department seems to be a big fan of iOS 7, the department has officers out on the street encouraging the iPhone owners to update to iOS 7, which has new security features that they believe might cut down on thefts.

    Devices running iOS 7 can be remotely secured when lost and with the touch id it can be further secured(if one ignores the exceptions). The NYPD hopes that these features will discourage thefts, specially for Apple devices. 

    BUuWywlCAAEBbiG

    The changes in iOS 7 have received praise from both New York’s attorney general and the San Francisco district attorney. In a joint statement earlier this week, the two say :

    iOS 7 is an important first step towards ending the global epidemic of smartphone theft.”

    Thefts might not stop overnight, but they believe that the Activation Lock (the remote securing feature) is an important effort that might reduce phone thefts in the near future.

    [via

  • New Loophole Lets Attacker Reset An Apple ID With Only Your Birthday And Email Address

    New Loophole Lets Attacker Reset An Apple ID With Only Your Birthday And Email Address

    A worrying new security hole allows for an Apple ID to be hacked, simply by knowing the user’s email address and date of birth. The Verge first reported the vulnerability after being tipped off to the hack.

    The Verge reports:

    [T]oday a new exploit has been discovered that affects all customers who haven’t yet enabled [two-step verification]. It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools. We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page.

    The vulnerability affects all customers yet to upgrade to the two-step verification process, leaving those users’ accounts wide open to anyone who knows those not-exactly-hard-to-track down pieces of basic data. 

    apple

    The bad news is that two-step verification is not yet available in many countries. According to the Apple FAQ:

    Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time. When your country is added, two-step verification will automatically appear in the Password and Security section of Manage My Apple ID when you sign in to My Apple ID.

    After the discovery, Apple subsequently took down the iForgot password reset page “for maintenance,” and updated the iCloud System Status webpage to inform users of the issue. 

    In a statement to The Verge the company said, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.”

    At the time of posting, Apple has taken down the iForgot page to avoid further hacks.

    Update : Several online sources report that the loophole has been fixed.

    [Via The Verge]

  • BlackBerry 10 Receives FIPS Security Certification Ahead of Launch

    BlackBerry 10 Receives FIPS Security Certification Ahead of Launch

    blackberry 10

    Research In Motion (RIM) today announced that the BlackBerry 10 platform is now FIPS 140-2 certified. The certification will enable government agencies to deploy BlackBerry 10 smartphones and BlackBerry Enterprise Service 10, RIM’s new mobile enterprise management solution, from the day of launch. This is the first time BlackBerry products have been FIPS certified ahead of launch.

    FIPS (Federal Information Processing Standard) certification provides confidence to security-conscious organizations, including U.S. and Canadian government agencies, companies in regulated industries and other organizations dealing with sensitive information, that data stored on smartphones running BlackBerry 10 can be properly secured and encrypted.

    “Achieving FIPS 140-2 certification means that BlackBerry 10 is ready to meet the strict security requirements of government agencies and enterprises at launch,” said Michael K. Brown, Vice President, Security Product Management and Research at RIM. “What differentiates BlackBerry is that it integrates end-to-end security, and includes certified encryption algorithms for data at rest and data in transit. No other mobile solution has achieved the level of security accreditation that the BlackBerry solution has.”

    FIPS 140 is issued by the National Institute of Standards and Technology (NIST) to coordinate the requirements and standards for certifying cryptographic modules. The standard was developed through the Cryptographic Module Validation Program (CMVP), which certifies products for use by U.S. government agencies and regulated industries that collect, store, transfer, share and disseminate sensitive information. Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2. It is supported by the Communications Security Establishment (CSE) for the Canadian government.

    “IDC expects the mobile enterprise security market to experience a high rate of growth from 2012 to 2016,” said Stacy Crook, Program Manager for Mobile Enterprise research at IDC. “Maintaining the BlackBerry solution’s reputation for security while introducing an enhanced user experience gives BlackBerry 10 the opportunity to be a highly competitive platform in the government, enterprise and consumer sectors.”

    BlackBerry products and solutions are protected by best-in-class AES 256-bit encryption, a highly secure, internationally recognized data protection standard. In addition to FIPS certifications, BlackBerry products have continuously passed rigorous security assessments from a variety of other independent organizations around the world. The BlackBerry® Enterprise Solution is the first mobile platform to achieve Common Criteria Certification, a standard recognized by 26 countries, as well as the first to receive approval through the CESG Assisted Product Scheme (CAPS), the National Technical Authority for Information Assurance in the United Kingdom. BlackBerry® 7 smartphones meet Common Criteria security assurance level EAL 4+. The BlackBerry® PlayBook™ is the first FIPS certified tablet for deployment within U.S. federal government agencies and certified for use by the Defence Signals Directorate of the Australian Government.

    “Achieving FIPS certification for an entirely new platform in a very short period of time, and before launch, is quite remarkable and a testament to the dedication of our security team,” said David MacFarlane, Director, Security Certifications at RIM. “BlackBerry 10 will deliver security, a superior user experience, the ability to separately manage corporate and personal data on the same device, and ease of manageability for IT managers in an enterprise or government environment.”

  • Domino’s India Website Hacked, Data Leaked

    Domino’s India Website Hacked, Data Leaked

    A Turkish hacker’s group called ‘Turkish Ajan Hacker Group’ has hacked the Indian website of leading pizza company Domino’s. The company’s India operations is handled by its franchise Jubilant FoodWorks. The news was first reported by Cyberwarnews.

    Post hacking the site, the Group leaked details of around 37,000 accounts on Pastebin.com. These included names, contact details (phone numbers, email id’s, city details) as well as passwords. According to Business Standard, the hackers used the SQL injection method and remote file inclusion for getting the data.

    However, the website is still operational and is still allowing users to place orders.

  • Google Snaps Up VirusTotal

    Google Snaps Up VirusTotal

    Google has bought startup VirusTotal, picking up a fledgling but widely used cybersecurity player for an unknown amount in a move that could beef up protection for its internet services.

    VirusTotal is a free online service for scanning files and URLs to spot viruses, worms, trojans and other malicious content detected by antivirus engines and website scanners.

    [quote]Elaborating on the recent turn of events, VirusTotal wrote in its blog post, “Our goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging.”[/quote]

    VirusTotal already offered browser extensions for Chrome, Firefox and Internet Explorer to integrate malware scanning into users’ browsers. Although the company said that it will continue to operate as an independent service, it’s safe to assume its tools will be integrated into the scanning data that Google already provides to Chrome, Firefox and Safari to show users 8 million warnings a day when they visit malware-infected websites.

  • Acer launches TravelMate P243 notebook for Rs. 35,000

    Acer launches TravelMate P243 notebook for Rs. 35,000

    Whoops! Something went wrong!

    Acer has announced the launch of a new laptop in its TravelMate seriesThursday . Dubbed as TM P243, it has been priced starting Rs. 35,000.

    The Acer TravelMate P243 features a 3rd generation Intel Core i5 processor (Ivy Bridge) with the choice of dedicated Nvidia GeForce GT 630M GPU. It has a 14-inch LED-backlit display with a 16:9 aspect, which reportedly uses 30% less energy. Storage and memory options extend up to a 750 GB HDD, and 8GB of RAM.

    The laptop also offers data protection through its Acer ProShield Security, Acer Office Manager (AOM) and eRecovery Manager.

    [quote]Mr. S. Rajendran, Chief Marketing Officer, Acer India, spoke on the launch of the Acer TM P243: “Machine specs, astounding visual graphics with multimedia capabilities, modern software solutions etc are a given in this era. We have consciously made an effort to redesign the entire range of Acer products keeping in mind the key aspects that are important for the SMB segments such as Security and Durability. The TravelMate P243 boasts of Acer’s own dynamic security technology solution that takes care of Data Protection. At the same time, we also believe that the TM P243 is one of the sturdiest notebooks in the market.[/quote]

  • Facebook want your mobile number! – to improve security

    Facebook want your mobile number! – to improve security

    Whoops! Something went wrong!
    Skeptics believe this is just another tactic used by Facebook to gain private details

    In wake of the recent leaking of passwords of LinkedIn and eHarmony accounts, social networking giants Facebook started promoting security tips at the top of each user’s home page, with a link to information about scams, passwords and how to stay safe on the social network.

    Users are urged to give Facebook their mobile phone numbers, which the company says it will use to text them a new password in the event of a data breach. Facebook said the desktop security message, already seen by millions of users in the U.S., will be on all accounts in the next few days. Skeptics are far from pleased with the move, suggesting that the Menlo Park web giant is taking advantage of the recent leaks to prise yet more personal data out of their users under a benevolent guise. Admittedly, it’s unlikely to be something that appeals to the Internet’s more paranoid surfers, assuming they even use Facebook to begin with.

  • Microsoft India Store hacked, Passwords were stored in plain text

    Microsoft India Store hacked, Passwords were stored in plain text

    The Microsoft India Store was hacked in India earlier today and users who visited the site were met with a “Anonymous” like image and the name of the hacker group called Evil Shadow Team, who, in addition to putting a new face on Windows products, revealed that user passwords were saved in plain text.

    The intentions of the group are unknown , but since the attack the site has gone down and is now under tinkering from Microsoft for improved security measures.

  • Windows Phone 7.5 SMS bug found, requires a Hard Reset to fix

    Windows Phone 7.5 SMS bug found, requires a Hard Reset to fix

    A new SMS bug has been found in the Windows Phone 7.5 devices, WP devices that receive a text containing a certain string of characters will reboot and return with a non-functional messaging client which can only be restored via a hard reset. The bug does not affect any particular device, but the OS. The funny bit is that the same bug message could be received via Facebook messenger or MSN messenger.

    Android and iOS have had their fair list of SMS bugs, But never one that disables the messaging interface all-together.

  • MCAFEE releases Security Journal 2011 (PR)

    MCAFEE releases Security Journal 2011 (PR)

    Mcafee has released its 2011 edition Security Journal which outlines the “Quantum Leap” in Security, Data, and Privacy Concerns, or so the company claims anyway.

    As security experts, we need to be leaders in understanding what the next-generation threats are,Technologies are more interconnected than ever before, and that has led to new types of security threats and data and privacy concerns. As new platforms gain traction and visibility at the attacker level, now is the time to examine these threats and inform organizations and individuals on how they can protect themselves.”

    -Vincent Weafer, senior vice president of McAfee Labs. 

     

    [toggle title_open=”Press Release” title_closed=”Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

    MCAFEE LABS EXAMINES THREAT LANDSCAPE IN LATEST EDITION

     

    OF THE “SECURITY JOURNAL”

     

     

     

    McAfee and Security Industry Thought Leaders Outline the “Quantum Leap” in Security, Data, and Privacy Concerns

     

     

     

    India, November 17,2011 – McAfee today announced the 2011 edition of McAfee Security Journal, a publication designed to inform security executives and technical personnel on cutting-edge topics to help them make better-informed security decisions. The Journal, now in its seventh edition, comprises in-depth articles from McAfee Labs researchers and security thought leaders. It examines the future of information security as it pertains to interconnected technologies, recent acts of cyberespionage, the rise in hacktivism, and increasingly sophisticated malware such as Stuxnet and Duqu.

     

     

     

    “As security experts, we need to be leaders in understanding what the next-generation threats are,” said Vincent Weafer, senior vice president of McAfee Labs. “Technologies are more interconnected than ever before, and that has led to new types of security threats and data and privacy concerns. As new platforms gain traction and visibility at the attacker level, now is the time to examine these threats and inform organizations and individuals on how they can protect themselves.”

     

     

     

    This edition of the Journal, “Security beyond the Desktop,” is based on articles compiled by international experts who issue an urgent “call to arms” to the security industry. No longer is a defensive posture sufficient to protect the ubiquitous devices and data of today’s digital world. Instead of defensive methods being installed on computers, in networks, and in the cloud, there is an urgent need to “step back,” to take a broader look at security, and to take preemptive measures. The report’s authors say now is the time to avoid enemy attacks altogether by taking a more inclusive stance, looking both inside and outside the network.

     

     

     

    The report details the following highlights on the evolution of cyberthreats and the need for a more inclusive security strategy:

     

     

     

      • The human link: There is an ever-widening disparity between the sophistication of a network and the people who use them. Cybercriminals often use social engineering toolkits to exploit unsuspecting employees when direct attacks on an organization’s defenses fail. Educating employees on secure practices is not enough; organizations need to install the proper framework to empower and encourage employees to use these secure practices.

     

     

     

      • Mobile is everywhere: Mobile attacks are becoming increasingly sophisticated every year. Instead of rendering the device unusable, hackers are now finding ways to steal sensitive personal data to exploit. Additionally, hackers are broadening their target range to include other, more uncommon mobile systems, such as the GPS system in a car.

     

     

     

      • Cloud-based apps are on the rise: The popularity of cloud-based applications has made them an attractive target for hackers and other cybercriminals. However, the cloud is also a highly efficient way to scale security and protection for a business. Leveraged correctly, the cloud both helps reduce your security costs and can actually increase your overall security posture and protection.

     

     

     

      • Data is king: Whether stored on a smartphone, in the cloud, or on a network, data is what cybercriminals seek. Taking the proper precautions to secure this often ubiquitous data is a crucial step for many organizations.   

     

     

     

      • Learn from previous mistakes: History is a great teacher for those who take the time to study it. Analytics help identify patterns, vulnerabilities, and even motives. Understanding any of these concepts can help prevent attacks in the future.

     

     

     

    Experts in the report are McAfee Labs researchers, as well as Chris Roberts, founder and Chief Geek of One World Labs, Jayson Street, author of Dissecting the Hack, andDavid Kennedy, creator of The Social Engineering Toolkit. All these experts agree that the recommendations laid out in the report are preliminary, and these are just the first steps that need to be taken industry wide.

     

     

     

    For a full copy of the McAfee Security Journal: Security Beyond the Desktop, please visit www.mcafee.com

     

     

     

    About McAfee

     

    McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com

    [/toggle]

     

     

  • HTC Confirms devices holding data, promises quick fix

    HTC Confirms devices holding data, promises quick fix

    HTC has confirmed after inspecting the security vulnerability that surfaced over the weekend, that allows any app requesting internet access to take a peek at a user account information, GPS location, system logs, and other potentially private data. They have issued a statement on the same which is below. Check it out.

     

     

    HTC Public Statement

    HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

    HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

    [Engadget]

  • McAfee Shares Vision for Bringing Mobile Devices into the Security Infrastructure (PR)

    McAfee Shares Vision for Bringing Mobile Devices into the Security Infrastructure (PR)

    McAfee has developed a three sided plan to ensure the future of mobile devices in the corporate environment. This plan was developed to help users secure their devices as the mobile malware market has seen an exponential growth in the last quarter. Read the Press Release for more details.

     

    [toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

    McAfee, today shared its vision for securing mobile devices in corporate environments. The three-pronged approach for protecting mobile devices, mobile data, and mobile applications, is designed to help businesses and consumers manage their devices securely, as the threat environment quickly evolves.

     Attacks on smartphones are becoming more common, and according to McAfee Labs, new malware targeting Android devices jumped 76 percent in the last quarter. The need to secure mobile devices from attacks has never been more important. IT security operations that were once smooth-running have recently come under intense pressure to adopt new technologies and fully support completely new platforms, operating systems, and architectures.  McAfee is developing products and strategies to allow businesses to bring these consumer devices securely into the IT infrastructure.

     “Mobile device adoption is exploding, and unfortunately, so are the threats targeting mobile platforms. If McAfee’s historical experience analyzing threats on numerous platforms is any indication, we believe that the emerging mobile malware we are seeing today is just the beginning,” said John Dasher, senior director, mobile security for McAfee. “It’s a whole new world, and a challenge for IT to craft security policies that make sense while updating their infrastructure. At McAfee, we’re working hard to create new technology to help enterprises address the challenge of securely incorporating these new mobile platforms into their environment.”

    New Endpoints, New Challenges

    Traditional endpoints relied mostly on email and web for application framework. Mobile has a whole new freedom in custom applications. But each new application – either public or private – introduces new threats and risks to corporate IT. Today, challenges include the consumerization of IT, mobile platform diversity that includes iOS, Android, BlackBerry and Windows Phone, and an explosion of applications. Additionally, most Android-based devices have a slightly different implementation of the OS making software development and support that much harder.

    McAfee is unique in being able to bring mobile devices into the security infrastructure. With a broad portfolio of security technologies including anti-malware, data loss prevention, application security, web protection, and more, McAfee has the technology needed to securely welcome these new endpoints. McAfee® ePolicy Orchestrator® security management software, which covers more than 30 million endpoints today, and McAfee Global Threat Intelligence, support and work across these integrations.

    McAfee’s Three-Pronged Approach to Mobile Security

    • Protecting Mobile Devices — With data and device protection for today’s most popular mobile devices, McAfee provides a complete security solution that embraces mobile device diversity. To meet this challenge, McAfee offers the following:
      • Anti-malware protection from the growing number of threats targeted at mobile devices through McAfee® VirusScan® Mobile software.
      • Web protection that alerts mobile devices users when they are accessing malicious sites, such as phishing sites is offered through McAfee SiteAdvisor technology.
    • Protecting Mobile Data — Protecting sensitive corporate data is a requirement. McAfee can ensure that only those devices with encryption access the corporate network and data.  McAfee offers
      • Data protection when using the McAfee EMM product, including the prevention of data leakage from Jailbroken and Rooted devices.
      • Anti-theft and loss features allow for remote backup, lock and wipe to make sure that sensitive data does not get into the wrong hands.
      • Additional data protection technologies are under development including the separation of business and personal data.
    • Protecting Mobile Apps – Beyond traditional email and web, mobile apps are readily available and proliferating by the millions. McAfee sees this as potentially the biggest threat vector of the future.
      • McAfee has released in beta McAfee® App Alert™ software to inform users how apps access their personal data.
      • McAfee is expanding the scope of its Global Threat Intelligence to include mobile app reputation services to identify apps that are malicious or put privacy at risk.
      • McAfee also has app-scanning technologies that have been successfully deployed in app stores, adding a crucial layer of application security that helps vendors provide customers a safe app experience.

    [/toggle]

  • Asus Releases the Eee Slate B121 for the Business market, secretly.

    Asus Releases the Eee Slate B121 for the Business market, secretly.

    Asus has silently intro’d the new Eee Slate B121 for the Enterprise market. Like the Eee Slate 101 this runs Windows 7 Professional on a full fledged Intel Core i5 chipset.

    FOr the data conscious it has the Computrace LoJack for remote location and data wipe, and encryption amenities. A price of  $1,500 US or about INR 65000 , put it in the price range of a Macbook/ top line notebook.  Other features include 12.1-inch Display with 1280 x 800 LED Gorilla Glass display, 4GB RAM, 64GB of storage, dual USB 2.0 ports, mini-HDMI out, SD card slot and 2 megapixel front-facing camera. 

    This Tablet also has a Wacom digitizer for hand inputs et all.

    [ASUS]

  • McAfee Report Shows Significant Growths in Mobile Malware (PR)

    McAfee Report Shows Significant Growths in Mobile Malware (PR)

    Today, Mcafee released a report which showed that the number of Malware targeted Android devices has skyrocketed in this quarter to 76%, which makes it the most attacked mobile OS. Read the Press release for more information.

     

    [toggle title_open=”Collapse Press Release” title_closed=”Expand Press Release” hide=”yes” border=”yes” style=”default” excerpt_length=”0″ read_more_text=”Read More” read_less_text=”Read Less” include_excerpt_html=”no”]

     McAfee today released the McAfee Threats Report: Second Quarter 2011, showing that the amount of malware targeted at Android devices jumped 76 percent since last quarter, to become the most attacked mobile operating system. 2011 has also resulted in the busiest ever first half-year in malware history, including a first-ever appearance of Mac fake AV and a significant uptick in rootkits, suggesting that McAfee’s comprehensive malware “zoo” collection will reach a record 75 million samples by the year’s end.

     

    “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

    “This year we’ve seen record-breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity,” said Vincent Weafer, senior vice president of McAfee Labs. “Overall attacks are becoming more stealth and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message.”

     

    The report also details specific activity shaping the way cybercriminals operate, such as cybercrime “pricebooks” that determine the going rate for large email address lists, and acts of hacktivism and cyberwar.

     

    2011 On Track to Reach Record “Malware Zoo”

     

    With an approximate 12 million unique samples for the first half of 2011, a 22 percent increase over 2010, this has been the busiest first half-year in malware history. With the addition of Q2’s numbers, the grand total of total malware samples in McAfee’s database has reached approximately 65 million, and McAfee researchers estimate that this “Malware Zoo” will reach at least 75 million samples by the year’s end.

     

    Android Nabs Top Spot for Most Mobile Malware

     

    With the vast amount of personal and business data now found on user’s mobile phones, mobile malware is steadily increasing, often mimicking the same code as PC-based threats. In the second quarter of 2011, Android OS-based malware surpassed Symbian OS for the most popular target for mobile malware developers. While Symbian OS and Java ME remain the most targeted to date, the rapid rise in Android malware in Q2 indicates that the platform could become an increasing target for cybercriminals – affecting everything from calendar apps, to comedy apps to SMS messages to a fake Angry Birds updates.

     

    Fake Anti-Virus for Apple, Rootkits and Stealth Malware Reach New Terrain

     

    There are more Mac users than ever before, and as organizations increasingly adopt Macs for business use, Apple now has become more a target for malware authors. Though historically the Apple platform has been unaffected by fake anti-virus (fake AV) software, activity in Q2 indicates that it is now being affected. Although this type of fake AV is the first of its kind, McAfee Labs does expect fake AV in general will drop off over time.

     

    Another malware category that is demonstrating recent steady growth is stealth malware. The tactic of hiding malware in a rootkit is used by cybercriminals to make malware stealthier and more persistent, and has seen this type of attack gain in prominence over the past year, with high-profile attacks such as Stuxnet. Stealth malware has increased more rapidly in the last six months than in any previous period, up almost 38 percent over 2010.

     

    Acts of Hacktivism and Cyberwar Make Their Mark

     

    Acts of hacktivism, primarily from the groups Anonymous and LulzSec, were among some of the most prominent cyber news generators for Q2. The report details hacktivist activity from Q2, with at least 20 global attacks reported in Q2 alone, and with the majority allegedly at the hands of LulzSec. The report also outlines acts of cyberwar that occurred in Q2, including attacks on United States’ Oak Ridge National Laboratory, and an attack on South Korea’s National Agricultural Cooperative Federation.

     

    Email “Black Market” for Spammers

     

    Though spam is still at historic low levels, due in part to the Rustock takedown, McAfee Labs still expects to see a sharp rise in activity over the coming months. A common method for cybercriminals to increase their volume of spam activity is to purchase a bulk list of emails in order to flood as much spam as possible to a widespread group of people. Whether it’s a botnet or a rental service, prices vary for such enterprises, often by location. For instance, in the United States, the going rate for 1 million emails is $25, whereas in England 1.5 million emails are worth $100.

    [/toggle]

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.