Month: April 2014

Internet Explorer Bug Puts Users at Risk

The US department of Homeland Security has asked users to shun the usage of Microsoft’s Internet Explorer. Fire Eye Research Lab, an Internet security software company, announced the presence of the Internet Explorer bug on Saturday. There is no viable solution available for the time being to negate the bug. So, the government has asked users to opt for an alternative to it till the company fixes this blunder. This is the first bug to have emerged ever since Microsoft discontinued giving out security updates for Windows XP, which was earlier this month. This has not only turned the PCs running on Windows XP quite vulnerable to this security breach, but has also left scope for total compromise of your affected PC, even if Microsoft releases Internet Explorer updates to add a layer of protection. However, it is not known if Microsoft will release a patch for this vulnerability. Meanwhile, you can safeguard your system from malicious attacks by simply disabling the Adobe flash plug-in within Internet Explorer. Internet Explorer version 6 to 11 are highly vulnerable to the attack, however, at present only Internet Explorer 9 and Internet Explorer 10 are being targeted. About 55% of PCs across the globe run Internet Explorer; the best alternative at the moment is to run other browsers such as Google Chrome or Mozilla Firefox. Also, make sure that you are using...

Read More

Trend Micro releases free Heartbleed detectors for Android and Chrome

Trend Micro has released a Chrome browser plug-in and an Android mobile app to mitigate the security threat caused by Heartbleed bug. These two Heartbleed detectors are easily available on Chrome web store and Google Play app store. The Chrome browser add-on is a multi-platform plug-in, which permits users to enter and detect vulnerable URLs whereas the Android app for it helps you find the affected app. You can then uninstall the app and neutralize the security risk. The Heatbleed security bug was first detected on April 7 in the open source OpenSSL cryptography library, which is used on a broad scale to execute Transport Layer Security (TLS) protocol. This posed threat to various Internets’ secure web servers, which were certified by trusted authorities. Amidst all this, Trend Micro came up with a rescue option to provide effective tools to all Internet users to protect their personal data. It made a vital solution available to users to counteract this bug and continue operating their digital devices without bothering about their security. This Heartbleed scanner is available for Mac and Windows-based computers to provide essential security feature. Now, Trend Micro has come up with the essential upgrades to its previous version. Its refreshed vulnerability protection solution will save your device against operating system glitches and applications until required patches are installed. Another feature, endpoint encryption, allows preboot authentication and management...

Read More

iBanking Android Trojan App Attacks Facebook Users

Cybercriminals hit Facebook, again. This time, they are using a more sophisticated tool which Facebook users mostly resort to – mobile app. They have devised this Android Trojan app which is intended for online banking fraud to hit Facebook users. Cybercrooks have designed this iBanking Trojan app in order to bypass two-step verification process on Facebook. How does iBanking Android Trojan app work? A group of experts of RSA which is the security division of EMC has brought the news and warned of the this iBanking Android Trojan app. They reported that cyber frauds may use the source code of iBanking Android Trojan app in their attempt to collect banking information to swindle net banking users. Researchers cautioned that the app was found on an online forum and will pose a grave threat for mobile banking users. Once users install iBanking Android Trojan app on any Android phone, the app can capture outgoing and incoming text messages and is also capable of redirecting calls to certain phone numbers. The iBanking Android Trojan app is capable of stealing more than just the data we key in – it captures audio using the microphone of the device, steals contact details from the phone book and also logs from call history. A group of researchers of ESET reputed security software discovered a similar variant of iBanking Trojan app called Qadars. Qadars is a computer...

Read More

Watch out PayPal Users, Samsung Galaxy S5 Fingerprint Scanner Hit by Hacker

dSamsung Galaxy S5 is just out in market and here is the bad news which may leave existing users sleepless nights. Here is why: the Samsung Galaxy S5 fingerprint sensor is reportedly hacked. Hacked fingerprint sensor has exposed PayPal account owners and Samsung Galaxy S5 Smartphone owners vulnerable to data theft. Researchers of German Security Research Labs had demonstrated how anyone can sneak past the fingerprint sensor of Samsung Galaxy S5 device by using ‘wood glue spoof’. Researchers took a photo of a fingerprint blotch left on the device screen and made a mold of wood glue. Later, the researcher was done following the same method they used while demonstrating hacking fingerprint scanner of Apple iPhone 5S, last year. However, they claimed that Samsung Galaxy S5 fingerprint sensor hack is considered more threatening. Why Samsung Galaxy S5 fingerprint sensor hack is more dangerous?  The fingerprint scanner in Apple iPhone 5S is more secure with dual-layer verification system. Apple iPhone 5S owners need to key in passwords to unlock and authenticate after using the fingerprint sensor. Likewise, users also require inputting password every time the Smartphone restarts. Though many users complained of annoying and time-consuming, but made the device secure from becoming easily hacked. On the other hand, Samsung Galaxy S5 does not require any password after using the fingerprint sensor. Even after you reboot the device, users can unlock...

Read More

Post Heartbleed Bug, Reverse Heartbleed Bug is a Threat to Computers and Devices

After Heartbleed bug took cyber space by storm last week, security researchers and experts had just discovered the treat is not limited to the OPenSSL websites, but personal devices too. Changing passwords and patching servers will not let you escape the Heartbleed bug, security researchers warned. Personal computers and devices are now under threat by this potent risk called ‘Reverse Heartbleed’, as security researchers have defined it. What is Reverse Heartbleed? This cloud identity and access management service provider called Meldium has explained about Reverse Heartbleed. While patching their systems, they discovered that bigger web servers are vulnerable to a new variant of Heartbleed bug which they have called as Reverse Heartbleed. According to their test results, Heartbleed bug may affect any random bits of memory resource fro, any unprotected peer device or PC. Earlier we learnt that Heartbleed bug attacks OpenSSL web servers to extract cookies, private keys and other information from the server. But, that’s not all. Such malevolent web server can attack client systems and send bad heartbeat packets to those client devices to steal data from client devices. Who are vulnerable to Reverse Heartbleed? Client devices which use OpenSSL are vulnerable to such data theft risks. Clients including browsers and apps such as Microsoft Office, Dropbox, according to Meldium, and many Android and iOS apps can be directed to a malicious server or an endpoint...

Read More