The art of smishing (SMS-Phishing) has been engaged in for some time, but a discovery by the wizards at NC State University has found a brand-new vulnerability that could bring the aforesaid act back into the spotlight. Xuxian Jiang’s research team just recently identified the hole and verified that it impacts Gingerbread, Ice Cream Sandwich and Jelly Bean. Put simply, if an Android user downloads an infected application, the attacking program could “make it appear that the user has gotten an SMS, or text, message from somebody on the phone’s contact list or from relied on banks.” This artificial message can easily solicit personal info, such as passwords for user accounts. The team isn’t really going to divulge proof till Google patches it up, however the school has said that Google will certainly be addressing it “in a future Android release.” In the meantime, nonetheless, Jiang suggests extra care when downloading and setting up apps from unidentified sources, while additionally recommending that folks pay close attention to received SMS text messages.

Filed under: Mobile phones, Software, Mobile, GoogleAndroid ‘smishing’

vulnerability discovered by NCSU researchers; Google has a fix incoming initially appeared on Engadget on Fri, 02 Nov 2012 14:08:00 EDT. Please see our terms for usage of feeds. Permalink|NC State University (1), (2)|Email this|Remarks

• Google To Begin Offering Unlocked Samsung Galaxy S4 With Stock Android For $649 On June 26
• Google updates I/O 2013 Android app, details streaming schedule
• A13 4GB 7″ Google Android 4.0 Pink Tablet PC Capacitive Touch Screen Wifi + Case
• Nook HD and HD+ get full Google Play support for Android apps
• 7″ PINK Matricom Prizm Android 4.1 Jelly Bean WiFi/4GB/3D Google Tablet Pad PC

Microsoft issued its advanced bulletin notification for its July 2012 Patch Tuesday this week. The software maker says it will release nine patches in total next Tuesday, with three of them rated critical and six listed as important. Out of the three critical patches, one will address a vulnerability that affects Internet Explorer 9. “It doesn’t affect IE9′s predecessors, which means that it was introduced in the latest iteration of the browser,” explains Marcus Carey, security researcher at Rapid7. “If you are running IE9, you should definitely apply this patch.”

The two other critical bulletins could allow malicious users to remotely execute code on Windows operating systems, including all supported server and client versions. “Many…

Continue reading…

Incoming search terms:

• All Rights Reserved Use of our service is protected by our Privacy Policy and Terms of Service client server application using
• All Rights Reserved Use of our service is protected by our Privacy Policy and Terms of Service child abuse stories
• All Rights Reserved Use of our service is protected by our Privacy Policy and Terms of Service back to school bulletin board
• All Rights Reserved Use of our service is protected by our Privacy Policy and Terms of Service internet explorer 8 problems july
• All Rights Reserved Use of our service is protected by our Privacy Policy and Terms of Service child abuse
• Published News Upcoming News Submit a New Story Groups explorer

Related Posts:

• Microsoft turns to Vine iOS app for entertaining Internet Explorer ads
• Microsoft reportedly bringing WebGL support to Internet Explorer 11
• Microsoft outlines Internet Explorer 10 differences between Windows 8 and Windows Phone 8
• Microsoft follows new xx album around the world in Internet Explorer promotion
• Microsoft to issue Xbox 360 update next week with ‘behind the scenes improvements’

Microsoft is releasing a security update to patch a critical vulnerability in the ActiveX controls included in all 32-bit versions of Office, among other products. If exploited with a malicious document or webpage, the vulnerability can allow attackers to execute remote code on their targets’ systems, and according to Microsoft, “limited, targeted attacks” using malicious RTF email attachments have been spotted in the wild.

The security update, MS12-027, patches the vulnerability by disabling the ActiveX control in question and swapping it with a new one. It comes at the same time as five other updates, three of which are labeled critical (they could be used to propagate a worm), but due to the documented attacks, MS12-027 is the…

Continue reading…

Related Posts:

• Microsoft to patch critical Internet Explorer 9 vulnerability next week
• Microsoft Xbox 360 Limited Edition Call of Duty Modern Warfare 2 Console 250GB
• Major Windows USB vulnerability patched by Microsoft
• Microsoft confirms Office 2013 licenses can’t be transferred to other computers
• SkyDrive updated to support Office document editing without a Microsoft account

Microsoft confirmed on Thursday that it plans to address two high profile vulnerabilities next Tuesday.

Microsoft is planning to address a Windows kernel issue and SSL/TLS exploits as part of the company’s December Patch Tuesday next week. Security researchers discovered a flaw in the SSL 3.0 and TLS 1.0 protocols in September. The vulnerability is not specific to Windows but Microsoft warned at the time that all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. Microsoft revealed that an attacker could inject malicious code in a HTTP response, forcing a web browser to execute the code. The code could send several requests inside a TLS/SSL session to a third party HTTPS website. The scenario requires that a user had previously authenticated to a particular session using automatic cookies. The attack is described as a man-in-the-middle scenario allowing an attacker to intercept the HTTPS traffic by exploiting and decrypting portions of the encrypted traffic.

The second flaw is related to a vulnerability discovered in the Duqu malware. Security researchers discovered a previously unknown Windows kernel vulnerability inside the infamous Duqu malware. The malware contains a dropper file with a Microsoft 0-day kernel exploit inside. The exploit could allow malicious users to remotely execute code on an infected system. Microsoft issued a temporary workaround for the flaw in early November. Microsoft’s temporary workaround can be applied to any Windows system. The company provided a Fix it that allows end users and enterprise customers to quickly deploy the fix.

Microsoft confirmed on Thursday that both issues will be fixed in next week’s Patch Tuesday. “The issues described in Security Advisories 2588513 and 2639658 will be addressed in Tuesday’s security bulletins,” said a Microsoft spokesperson. Microsoft is planning to address 20 vulnerabilities across 14 bulletins as part of December Patch Tuesday.

Microsoft to fix Duqu kernel vulnerability and SSL/TLS exploits next Tuesday originally appeared at WinRumors.com.

Related Posts:

• Microsoft issues security advisory over SSL/TLS exploits
• Major Windows USB vulnerability patched by Microsoft
• Microsoft to patch critical Internet Explorer 9 vulnerability next week
• Microsoft fixes Hotmail flaw following widespread password-reset exploits
• Microsoft patches critical Office vulnerability amid ‘limited, targeted’ attacks

Earlier this month, we found out that after a software update HTC’s Android handsets had a serious security flaw — any app could gain access to user data, including recent GPS locations, SMS data, phone numbers, and system logs. To its credit, HTC responded quickly to the security issue, and now an OTA update with the fix is going out to those on the Now Network. Sprint users with an EVO 4G, 3D, Shift 4G, Design 4G or View 4G can get the download, as can Wildfire S owners. The patch available now for a manual download, and more info on the fix can be found at the source below.

[Thanks, Korey]

Sprint issues OTA fix for HTC Android handset vulnerability originally appeared on Engadget on Tue, 25 Oct 2011 18:03:00 EDT. Please see our terms for use of feeds.

Permalink   |  Sprint  | Email this | Comments

Related Posts:

• Samsung Galaxy Note II 4G Android Phone, Titanium (Sprint)
• HTC EVO 4G Android Cell Phone for Sprint
• HTC EVO 4G (Sprint) -MINT Android Smartphone Gingerbread Clean ESN – Google Play
• Sprint adding Spotify Premium to carrier billing for Android customers starting November 11th
• LG Optimus L9 review: an affordable entry-level Android handset for T-Mobile

Today, Comex released JailbreakMe 3.0 tool that lets you jailbreak all iOS devices including iPad 2 within 10 seconds. This web based method exploits vulnerability in Mobile Safari to run the code which then circumvents the controls and restrictions put in place by Apple. Since, the flaw sits within Safari browser, this PDF Exploit can easily be [...]

Related Posts:

• How to use Comex’s JailbreakMe 3.0 to Jailbreak iOS Device on iOS 4.3.3 [FAQ's Included]
• Wireless iPad 2 Jailbreak on iOS 4.3.3 (JailbreakMe 3.0) Leaked – [VIDEO]
• [Confirmed] – JailbreakMe 3.0 Jailbreaks iPad 2, iPhone, iPod touch on iOS 4.2.1 to 4.3.3
• How To Install PSP Emulator With Games On iPhone, iPad & iPod Touch
• Bugs & Fixes: Fixing Apple TV lost network connections

A researcher at North Carolina State University is warning of an Android 2.3 security vulnerability that gives attackers access to your personal information, further proof that Gingerbread isn’t all sugar and spice (to be fair, that SMS issue has since been remedied). According to Xuxian Jiang, the bug allows malicious websites to access and upload the contents of a user’s microSD card, including voicemails, photos, and online banking information to a remote server. The flaw apparently resembles a similar bug in previous version of Android, thought to have been addressed with Gingerbread. However, as Jiang points out, that fix is easily bypassed. Apart from removing the microSD card, disabling JavaScript, or switching to a third-party browser, Android 2.3 users have little recourse in squashing the bug. The folks at eWeek reported that Google is working on a solution to the problem, but there’s no word on when we can expect to see an update.

Android 2.3 security bug shows microSD access vulnerability originally appeared on Engadget on Sat, 29 Jan 2011 10:57:00 EDT. Please see our terms for use of feeds.

Permalink   |  North Carolina State University  | Email this | Comments
Engadget

Related Posts:

• Samsung now pushing out more updates to address Exynos security vulnerability
• Android ‘smishing’ vulnerability discovered by NCSU researchers; Google has a fix incoming
• Lookout Security & Antivirus for Android gets a makeover, lets missing phones have one last gasp
• Microsoft SkyDrive for Android app is now available, joins its mobile counterparts for cloud access
• ZTE Grand X pertaining to UK for # 190 pay-as-you-go: 4.3-inch qHD, microSD, stock Android 4.0