XcodeGhost continues to haunt users of the iOS App Store

One of the big malware stories of the last few days has been the discovery that legitimate developers had uploaded apps to Apple’s App Store, without realising that their code had been compromised.

The malicious code, known as XcodeGhost, managed to insert itself into the developers’ apps via a circuitous route.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Mac Users Beware –
Thunderstrike and Zero-Day
Are Lookin’ For You!

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Zero-Day Exploit
Means OS X / iOS
Passwords at Risk Now!

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

FREAK Fixes From Apple and Microsoft Plus 14 Security Bulletins this Patch Tuesday

Microsoft issued 14 security bulletins today, 5 of which are critical and 9 are important. A total of 44 vulnerabilities in all are addressed; 3 of which are known and being exploited now. If your organization uses Windows, Office, Exchange and/or IE, it will be a very busy patching month for you. Not to mention the 4 Apple Security Updates also issued this week.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Huge Month for Patches —
  and Much More
Time to Patch It Up

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Apple Patches iPhones, iPads, iMacs and MacBooks Against Critical Security Holes

If you are using Apple computers or iDevices, I recommend that you update your operating system as soon as possible – because on Tuesday the Cupertino-based firm published some critical security updates.

iPhone and iPad users are advised to update to iOS 7.1.1, which includes fixes for some 19 security flaws including what is described as a “triple handshake”

> Read More

Security Holes Uncovered by Google in Apple Safari, as Microsoft Readies Final Patches for XP

Next Tuesday, April 8 2014, will see a very special bundle of “Patch Tuesday” updates coming from Microsoft.

What will make the patches memorable will not be so much what vulnerabilities they protect Windows computer users against, but rather that they will include – for the very last time – security patches for the ageing Windows XP platform.

> Read More

Is Mobile Shopping Safer This Holiday Season?

With the holiday shopping season upon us, scammers, cyber criminals and other nefarious characters come out of the Internet woodwork. Security experts are warning consumers should be cautious during the holiday shopping season to protect personal and financial data from being compromised. Banks and retailers should also be on high-alert.

Consider just a couple of the telling statistics: Trend Micro researchers identified more than 200,000 malware infections targeting online banking in the third quarter.

> Read More

Apple Fingerprint Scanner: Game Changer or Game Over?

Apple’s announcement of the company’s new iPhone 5S comes equipped with a fingerprint scanner has the potential to be a real game changer for personal device security – if it’s done right. There are two factors that will determine the real success of this new feature, which has undeniable potential. First, reliability and second,

> Read More

No Luck o’ the Irish for IT this St. Patty’s Day

IT admins can’t seem to catch a break this year. First, the never ending stream of Java issues that has kept folks on their toes since January. Now they’ve got another busy month of patches ahead of them, with 7 total patches from Microsoft, 4 of which are critical. However, once again the issues outside of Microsoft will likely eclipse the Patch Tuesday patches this month.

> Read More

No Love for IT This Valentine’s Day

It’s going to be a rough Valentine’s Day for many IT admins this month. With ongoing issues with Java and 12 bulletins from Microsoft, including 5 critical issues and many restarts, it’s going to be a very disruptive Patch Tuesday.

It’s disturbing to note how many different Microsoft platforms are critically affected this month.

> Read More

2012 in Review Podcast: State of Security Awards

A year ago, I started doling out awards for the hits and misses of cyber security. Month by month we looked at the stories that made headlines; at times celebrating important wins but in too-many instances we were incredulous over increasingly advanced hacks. To wrap it up, I’ve selected the best of the best for 2012.

> Read More

Microsoft Serves Up a Turkey for Thanksgiving this Patch Tuesday

IT administrators may find they don’t have much to be thankful for this Thanksgiving with a disruptive Patch Tuesday headed their way. With 6 Microsoft bulletins, 4 of which are critical and some restarts required, along with a host of other issues, IT can expect a disruptive Patch Tuesday this month.

Right off the top,

> Read More