Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - April 10, 2014

by Carol~ Apr 10, 2014 3:20AM PDT

Bitdefender's "HOT for Security" Blog:

In the wake of Heartbleed, watch out for phishing attacks, disguised as password reset emails

Everywhere you look people are panicking about the Heartbleed bug.

And, to be fair, it is a very serious bug that does give malicious hackers, security researchers and snoopers the opportunity to spy upon what should have been private communications, and hoover up confidential information such as email addresses and passwords.

The good news is that some of the affected websites and services have already taken action, patched their systems and are proactively reaching out to customers and advising them to change their passwords.

IFTTT ("If this then that") for instance is a great service that I regularly use as part of my daily online life. So I was pleased to receive an email from them confirming that they have fixed the Heartbleed bug on their own site, and were suggesting that now was a good time to reset my password in an abundance of caution - just in case it had been compromised. [Screenshot]

Continued : http://www.hotforsecurity.com/blog/in-the-wake-of-heartbleed-watch-out-for-phishing-attacks-disguised-as-password-reset-emails-8372.html

Related: Sending a "Heartbleed" password reset email? Please don't include a login link!

Brace Yourselves (and your Users / Clients) for Heartbleed SPAM

Discussion is locked

3 Posts
- Collapse + Expand Details
- Collapse -
Google Adds Continuous Monitoring of Android Apps
by Carol~ Apr 10, 2014 5:57AM PDT

Google is adding a new security feature to Android designed to scan installed apps on a device and ensure that they're not acting maliciously or taking unwanted actions. The system is built on Google's existing app-verification model, which warns users if there's a potential problem with an app they're installing.

The addition to Android's security system is meant to augment the Bouncer tool that Google uses to scan apps in the Play store for malicious functionality. That feature has been in place since 2012 and has enabled the company to help stem the tide of malicious apps making their way into the app store and onto users' devices. Bouncer looks for known malware and other malicious behavior.

Android also has a feature that will verify apps during installation and may block them or warn the user of a problem.

Continued : http://threatpost.com/google-adds-continuous-monitoring-of-android-apps/105391

Related: Google amps up fight against malicious apps with enhanced Android security

- Collapse -
Hackers Lurking in Vents and Soda Machines
by Carol~ Apr 10, 2014 5:57AM PDT

They came in through the Chinese takeout menu.

Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business's vast computer network.

Security experts summoned to fix the problem were not allowed to disclose the details of the breach, but the lesson from the incident was clear: Companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest of places for vulnerabilities.

Hackers in the recent Target payment card breach gained access to the retailer's records through its heating and cooling system. In other cases, hackers have used printers, thermostats and videoconferencing equipment.

Continued : http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html

- Collapse -
Cisco finds 13 products (so far) vulnerable to Heartbleed -
by Carol~ Apr 10, 2014 9:05AM PDT
... including phones

"Collaboration products, router OS have OpenSSL bug; Cisco still checking others"

Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it's not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve random bits of content from an attacked device's memory. Cisco's IOS XE operating system for network hardware is one of the higher-profile products on the company's list.

Cisco has already patched the two services—Cisco's Registered Envelope Service (CRES) and Webex Messenger Service—that were deemed vulnerable. Most of the remaining products on Cisco's list are connected to the company's collaboration products, such as its UCS unified messaging platform. They also include IP telephones, communications servers, and messaging systems

Continued : http://arstechnica.com/security/2014/04/cisco-finds-13-products-so-far-vulnerable-to-heartbleed-including-phones/
Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info