02-02-2010 1:30 Scammers exploit Apple iPad fever  Filed under: Software, Hacks, Odds and ends, Apple, Security And now we're at the point in the iPad cycle where there's just enough information out there about it that people are interested, but not enough that they can discern credible information from scammers. That's the report of the BBC, which says that "hi-tech" scammers are using iPad-based searches to prey on users and install various types of "rogue security software." The news here isn't necessarily that scammers are out there scamming people (that happens all of the time), but it's that scammers are cashing in on the iPad frenzy to do so. Then again, that's probably not a huge surprise, either: they probably always latch onto whatever the hottest search topics are, and this past week, of course, it was the iPad.In my own personal opinion, these fearmongering reports are the biggest scam of all. Even the BBC is only reporting this based on information from Symantec, and that's S.O.P. for the antivirus company: a) release a report that claims everyone is in danger and that viruses are everywhere, b) get some less-than-tech savvy journalist to believe it, and c) sell copies of your antivirus software and profit. In reality, if you click links only on trusted sites and keep an eye on everything coming in to your Mac, you don't need Symantec to tell you how to be safe. If you install "security software" that you happened to pick up while searching for iPad news, of all things, then you can't be surprised when your system gets compromised. Scammers exploit Apple iPad fever originally appeared on The Unofficial Apple Weblog (TUAW) on Mon, 01 Feb 2010 19:30:00 EST. Please see our terms for use of feeds. Scammers exploit Apple iPad fever originally appeared on The Unofficial Apple Weblog (TUAW) on Mon, 01 Feb 2010 19:30:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments Mac OS X :: tuaw Povezani zapisi: 03-11-2010 9:07 New IE Zero-Day Exploit (CVE-2010-0806)  Hot on the heels of this month’s security bulletin, a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway. This Internet Explorer (IE) vulnerability exists due to an invalid pointer reference bug within IE, which, under certain conditions, could be exploited to execute hostile code. This vulnerability primarily affects IE 6 and 7. Internet Explorer 8 is not affected. Users using the affected browsers are advised to follow the workarounds in Microsoft’s advisory until the applicable patches are released. Systems using the latest Windows versions—Windows 7 and Server 2008 — are automatically immune from this threat since the said OS versions are shipped with IE 8. Those using earlier versions, however, would benefit from upgrading their browsers to IE 8. In relation to this vulnerability, Trend Micro currently detects a malicious JavaScript file as JS_SHELLCODE.CD, which exploits CVE-2010-0806 and allows unauthorized download of files onto affected machines. Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious website the JavaScript connects to via the Web reputation service. It also detects and prevents the download of JS_SHELLCODE.CD via the file reputation service. Trend Micro Deep Security™ and Trend Micro OfficeScan™ likewise protect business users via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF10-011 release, rule number IDF10011. Post from: TrendLabs | Malware Blog - by Trend Micro trendmicro 03-10-2010 6:05 iPad Giveaway Gives Users’ Identities Away  April 3 cannot come soon enough for those who are eager to get their hands on the iPad. If anything, Apple’s recent announcement that the gadget will soon be available in the United States only added to the excitement over the much-talked-about gadget. Unfortunately, spammers are using the current enthusiasm over the iPad to their advantage as well. In fact, Trend Micro anti-spam research engineers have already seen a number of spammed messages that promise free iPads to lure unwitting users into their scams. In one such spam sample, recipients are being invited to test the iPad at no cost by simply applying to be part of a “word-of-mouth” marketing campaign. They may not have to shell out a single cent but the price they have to pay will be their identities. The spammed messages instruct users to reply to the email with their personal information, which spammers could easily use for further malicious activities. As Trend Micro anti-spam research engineer, Argie Gallego, recommends, “Users should be suspicious of any freebies offered online, particularly those requiring sensitive personal information such as full name and contact numbers. We have only seen a number of iPad-related spam so far but we expect the numbers to rise as April 3 draws near.” This recent spam run is no different from how cybercriminals leveraged the iPad launch in January, which led to a FAKEAV variant. Users should thus continue exercising caution in opening email messages from unknown senders. It is also important to be cautious in conducting Web searches on hot topics such as the iPad, as these are often used for blackhat search engine optimization (SEO) attacks as seen in the past. Interestingly, Apple does not own any iPad-related domain names so users should really pay close attention to URLs before they click. Trend Micro™ Smart Protection Network™ prevents spammed messages from reaching users’ inboxes via the Web reputation service. Non-Trend Micro product users can also stay protected by using eMail ID, which prevents fake messages from reaching their inboxes. It also helps users quickly find legitimate messages. Post from: TrendLabs | Malware Blog - by Trend Micro trendmicro 03-08-2010 14:01 Hackers exploit Oscars to spread scareware attack, Sophos reports Movie-lovers at risk of infection from fake anti-virus traps. Sophos 03-05-2010 4:45 Incoming, outgoing Apple employees  Filed under: Apple Corporate, Software, Apple, Security A few Apple employees played some musical chairs this week. Executive Pablo Calamera, who was in charge of MobileMe while at Apple, is off to work as the CTO of Thumbplay, a company that peddles ringtones and music to mobile devices.HR shouldn't have to change the big "35,000 employed worldwide" sign, though: former Mozilla security chief Window Snyder was picked up by Apple this week. She'll jump in as a senior security product manager, a job that will take advantage of her work both at Mozilla and previously at Microsoft, where she worked on both Windows XP and Windows Server 2003. Sure, she's got the experience, but has she ever worked for a company that does this for its incoming employees? Didn't think so. Incoming, outgoing Apple employees originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 04 Mar 2010 22:45:00 EST. Please see our terms for use of feeds. Incoming, outgoing Apple employees originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 04 Mar 2010 22:45:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments tuaw |
