Helpful Computer News to keep your computer up and running. Provided by Beacon Technology Solutions LLC. Serving Metro Detroit.

Operating Systems

New IE Zero-Day Used in Watering Hole Attack Targets Memory

Nov 11, 2013 2:32 PM EST
By: Fahmida Y. Rashid

Attackers are exploiting serious vulnerabilities in Internet Explorer in a watering hole attack, researchers from security firm FireEye warned. Users tricked into accessing the infected website are hit with malware that infects the computer’s memory in a classic drive-by attack.

http://securitywatch.pcmag.com/internet-explorer/317789-new-ie-zero-day-used-in-watering-hole-attack-targets-memory

80 percent of smartphones unprotected against malware

80 percent of smartphones unprotected against malware
By Ian Barker
A new survey from tech analysts Juniper Research shows that 80 percent of smartphones will remain unprotected throughout 2013 despite growing consumer awareness of mobile security products.

I highly suggest AVAST Mobile Security & Antivirus for Android. You can even block phone numbers in it.

Critical Internet Explorer 8 and 9 Vulnerability

Please upgrade if you can to the latest version. www.microsoft.com/ie

If you are running a older version of Windows that you cannot upgrade past IE 9, please run this Microsoft Fix-It till it is patched. But even if you are on IE 8 and can upgrade to IE 9 please do.

For more info about the vulnerability: Microsoft Security Bulletin MS13-038 – Critical Security Update for Internet Explorer (2847204)

Better yet, if you cannot upgrade past IE 9, please try Firefox.

Microsoft warns: Expect exploits for critical Windows worm hole | ZDNet

 

Summary: There’s a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.

Attention Microsoft Windows administrators: Stop what you’re doing and apply the new — and very critical — MS12-020 update.

Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.

Microsoft warns: Expect exploits for critical Windows worm hole | ZDNet

Symantec Warns of Android Trojans That Mutate With Every Download

Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

www.pcworld.com/article/249244/symantec_warns_of_android_trojans_that_mutate_with_every_download.html#tk.nl_wbx_h_crawl1

Want to know if your Android phone has Carrier IQ?

A new easy and free app has been released to let you know.

BitDefender IQ Finder

Malware on Android begins to spiral out of control

 

Malware aimed at the Android platform has increased five-fold since July, raising questions on the open-door policy Android has in installing apps. IT company Juniper Networks says the reason for this is the Mountain View, Calif. company’s own lax attitude when it comes to oversight.

Malware on Android begins to spiral out of control

Windows kernel ‘zero-day’ found in Duqu attack | ZDNet

 

Summary: One version of the attack was triggered by a rigged Microsoft Word .doc that probably included some social engineering and required the target to open the booby-trapped file.

The mysterious Duqu malware attack exploited a zero-day vulnerability in the Windows kernel, according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan.

Windows kernel ‘zero-day’ found in Duqu attack | ZDNet

How Android Malware Makes Money

 

In the old, old days researchers wrote virus code to prove a point and lone coders released malware that disseminated a message or simply vandalized computers. Modern malware is all about money. Symantec has just released a report on the various techniques used to make a profit from Android-focused malware. Given that Android is now the most widespread mobile platform, it’s a wide-open field for malefactors seeking to cash in.

How Android Malware Makes Money

Fake iPhone 5 Emails Bear Malware – The Consumerist

 

On the cusp of a big Apple event today where a new iPhone is expected to be announced, fake emails are going around purporting to give details of "the new Apple iPhone5GS," featuring a see-through keyboard. Clicking on the links leads to a malware-laced website that targets PCs. Here’s the email and what to look out for.

Fake iPhone 5 Emails Bear Malware – The Consumerist