General

Security update for Apple: iOS 6.1 fixes browser flaws

Apple has released a new version of iOS, the operating system that powers the iPhone, iPad, iPod. The new version fixes 20 security flaws related to the Safari browser. Some of the vulnerabilities were allowing bypassing of authentication, cross-site scripting attacks, privilege escalations, arbitrary code execution, memory corruptions. Last but not least, the  compromised Türktrust certificates were revoked. […]

General

Malware delivered with fake hotel reservations

We wrote last week about Malware delivered with fake Craigslist fax-to-email notifications.This week’s malware delivery mechanism is a fake email notification from the well-known online hotel reservations portal booking.com.   The malware is delivered when you click on “Print Booking Details” via an archive which should contain the form with the reservation details. In order […]

General

Malware delivered with fake Craigslist fax-to-email notifications

If you receive such a message containing an HTML page attached, don’t open it. The email pretends to come from “craigslist – automated message, do not reply <robot@craigslist.org>” and has the subject ”Efax Corporate”. What I find interesting is that the fraudsters didn’t even bother to write JS code to detect if the script runs in […]

General

Pharma spam using LinkedIn again

We wrote a couple of times already about spams pretending to come from LinkedIn which advertise online pharmacy websites. There is a new spam campaign which changed a bit the way the messages are presented to the users. Now the emails pretend to come from “LinkedIn Co. Technical Support”, “LinkedIn Co. Administration” and from “LinkedIn Reminders”. […]

General

Yet a new Java zero-day exploit?

We don’t know yet if this is a bad joke intended to discredit Oracle and Java, but the media is buzzing about a possible new undetected exploit in Java. This was started by a post of the security researcher Brian Krebs who observed a thread in a known online crime forum where somebody was selling […]

General

How to enable two-factor authentication for Facebook

Facebook has introduced some time ago two-factor authentication for Login. This means that if someone or  something tries to login using your account, there will be two steps needed: authentication using username and password (something that you know) and a mobile phone (something that you have).   Step 1 Set up the two-step authentication   […]

General

How to disable the Java web plug-in in all browsers

We have written about Java and its regular vulnerabilities, two (here and here) of which were zero-day vulnerabilities. Java is a very strong tool because it is cross platform and if a vulnerability is being found on one platform, it can easily be found on all others. If used used properly, Java can provide an […]

General

Oracle has fixed the Java zero-day exploit

After the huge media impact that followed up the full disclosure of the vulnerability in Java 7 Update 10, many national and international organizations have started to recommend to their readers to uninstall Java (Germany’s BSI, US-Cert). Oracle couldn’t just stand and see how their market share is disappearing and has started over the weekend […]