HEAT Security Blog

February Patch Tuesday: And the Hits Keep On Comin’

If you thought February would be a light update month given January Patch Tuesday’s patch load of nine updates including end of support for the Windows 8 OS and all but the current version of IE, you thought wrong. Microsoft released a whopping 13 bulletins addressing 36 unique vulnerabilities in today’s February Patch Tuesday and 6 of them are considered critical.

> Read More

Final Support for Win 8 and IE 8, 9 and 10 in January 2016 Patch Tuesday

Microsoft isn’t messing around with the first Patch Tuesday of 2016. Today’s release of 9 bulletins, 6 critical and 3 important, include the last available updates for the 2012 disaster that was Windows 8 – not 8.1 – and Internet Explorer versions 8, 9 and 10. The move is further evidence Microsoft is testing the waters for providing OS-as-a-service with shorter end of support cycles for anything other than the most current OS and browser versions.

> Read More

12 Bulletins Close Out Final Patch Tuesday of 2015

In the final Patch Tuesday of 2015, Microsoft released 12 bulletins; 8 are critical and 4 are important. 8 out of the 8 critical bulletins and 2 out of the 4 important bulletins allow remote code execution, so this is a Patch Tuesday that should be taken very seriously. These 12 bulletins bring our total to 135 this year,

> Read More

November Patch Tuesday Blows Past Old Records

Today, on the November edition of Patch Tuesday, Microsoft issued 12 security updates addressing a total of 53 vulnerabilities. Four of them are rated critical and the remaining eight are important and the impacted software list is long. While last month’s patch load made 2015 the biggest patch year in recent memory, this month proves there is no slowing down.

> Read More

XcodeGhost continues to haunt users of the iOS App Store

One of the big malware stories of the last few days has been the discovery that legitimate developers had uploaded apps to Apple’s App Store, without realising that their code had been compromised.

The malicious code, known as XcodeGhost, managed to insert itself into the developers’ apps via a circuitous route.

> Read More

Tell us how to infect an iPhone remotely, and we’ll give you $1,000,000 USD

If there’s something which is in high demand from both the common internet criminals and intelligence agencies around the world, it’s a way of easily infecting the iPhones and iPads of individuals.

The proof that there is high demand for a way to remotely and reliably exploit iOS devices, in order to install malware that can spy upon communications and snoop upon a user’s whereabouts,

> Read More

Online extortionists reset Android PINs, take data on virtual drives hostage

In the last few years extortion has hit computer users, big time.

Consumers and businesses alike are finding themselves locked out of their computers, or prevented from accessing their valuable data, by ransomware attacks that demand a payment be made to online criminals.

But normally when these malicious attacks are described,

> Read More

Secure Alternatives to Android

In my previous post I discussed the flurry of Android vulnerabilities which have come to light over the last year or so. TowelRoot, Fake ID, Android Installer Hijacking, Stagefright, and Certifi-gate have been publicly announced. Some of them have been around in Android for years. Creating patches for your Android devices is a long complex path,

> Read More

Do Android Flaws Have You Looking for Alternatives?

Android security flaws have become more frequent in the news lately. At least one of them, Stagefright, has been quite severe. The worst part is now that these vulnerabilities have publicly disclosed, everyone including cybercriminals are aware of them. The details needed to compromise devices have been published by every level of media,

> Read More

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

But thankfully the vulnerability was found by a responsible researcher, who informed PayPal about the problem and helped the web’s most popular payment service from being embarrassed by a massive security gaffe.

> Read More