Google Chrome updated to 18.0.1025.168

Posted by:
Date: Tuesday, May 1st, 2012, 06:04
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 18.0.1025.168 for the Mac. The new version, a 35.4 megabyte download, offers the following changes:

- Security and bug fixes.

Google Chrome 18.0.1025.168 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Dr. Web points out dormant nature of Flashback, cites that malware could remain on 650,000 Macs

Posted by:
Date: Tuesday, April 24th, 2012, 06:13
Category: News, security, Software

Well, this is a bit of a kick in the head.

Per Russian security company Dr. Web and Macworld, the Mac Flashback Trojan horse was still installed on more than half a million Apple computers late last week and is declining only slowly.

Although all security companies now agree that the best days for Flashback (or “Flashflake”) are now behind it, the new numbers suggest a greater level of infection than that has been reported by rivals.

Measured by UUID device identifiers, Dr. Web now believes that at its greatest extent, the bot controlled around 817,000 machines, with an average of 550,000 contacting the command and control servers during any 24-hour period.

By April 19, the bot was communicating with 566,000 Macs, down from 673,000 three days earlier, still considerably higher than Symantec’s estimate last week that the bot’s size had shrunk to 270,000 infected systems, and Kaspersky’s figure of 237,000 on April 14 and 15.

Some of the confusion could be down to measuring the bot using either IP addresses or device IDs (UUIDs), and doing so at different points in time.

However, Dr. Web thinks it has a better explanation for the understands this discrepancy, which, it said, has to do with attempts by an unnamed entity (presumably a security company) to block the bot’s activity.

Infected bots had been connecting to a server at 74.207.249.7, which was putting them into a suspended state. All machines doing this would no longer be able to communicate and be registered as ‘active’ by security company sinkholes despite still being infected.

“This is the cause of controversial statistics on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of Backdoor.Flashback.39 bots, on the other hand, Dr. Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably,” the company argued.

At least one security company—Mac security specialist Intego—agrees with Dr. Web’s contention that Flashback’s infection numbers have recently been underestimated.

“Intego has analyzed the malware, and, following discussions with other security companies, has determined that not only are these numbers [the lower estimates] incorrect, they are underestimating the number of infected Macs,” the company announced in a Friday blog post.

If this is correct, it does at least mean that while infected, these machines are now dormant and presumably beyond the control of the bot controllers.

On Friday, Kaspersky offered more information on how the malware was able to infect its victims through WordPress blog sites that had been compromised to host a malware redirection script.

Stay tuned for additional details and if you haven’t downloaded the latest security updates through Mac OS X’s built-in Software Update feature to help nix the Flashback malware on your Mac.

Kaspersky Lab states Flashback infections drop to under 30,000, warn of potential exploits en route

Posted by:
Date: Thursday, April 19th, 2012, 10:30
Category: News, security, Software

This too shall pass.

Per the cool cats at Ars Technica, Flashback infections have plummeted since Apple released a tool to stop the Trojan, but a security firm has cautioned that more malware could be on the horizon.

Researchers from Kaspersky Lab held a press conference Thursday morning in which they revealed that the number of machines infected by Flashback has dropped to just 30,000. That’s significantly down from the 600,000 Macs it was estimated to have infected at its peak, as well as the 140,000 Macs estimated to have been infected on Tuesday of this week.

Presence of the Trojan has been limited as Apple released a Java update to rid machines of Flashback. And for those that don’t have Java installed and could be harboring a dormant version of the malware, Apple also issued a separate removal tool.

But researchers at Kaspersky believe Flashback could just be the beginning. They believe that hackers will continue to target the Mac, as Apple has gained significant market share in recent years and continues to outgrow the rest of the PC market.

“Market share brings attacker motivation,” Kaspersky officials said. “Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe’s Flash Player installer package.

Earlier this week, another Mac Trojan was discovered that takes advantage of an exploit in Microsoft Word to spread. Dubbed “LuckyCat,” it uses a Java exploit to infect a targeted machine, allowing a remote user to analyze and even steal data from the system.

Stay tuned for additional details as they become available.

Flashback trojan emerges as “LuckyCat” variant, exploit found to spread malware via Microsoft Word documents

Posted by:
Date: Monday, April 16th, 2012, 09:44
Category: News, security, Software

You’ve got to hand it to whoever developed it: they’re persistent.

Per SecureList, a new version of a backdoor trojan for Apple’s OS X operating system takes advantage of an exploit in Microsoft Word to spread.

The latest variant of the attack known as “LuckyCat” was discovered and detailed by Costin Raiu, Kasperskky lab expert. Raiu found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.

“We are pretty confident the operation of the bot was done manually — which means a real attacker, who manually checks the infected machines and extracts data from them,” Raiu wrote in a post.

The new Mac-specific trojan, named “Backdoor.OSX.SabPub.a,” uses a Java exploit to infect targeted machine. It spreads through Microsoft Word documents that exploit a vulnerability known as “CVE-2009-0563.”

The new trojan is noteworthy because it stayed undetected for more than a month and a half before it came alive and data was manually extracted from the machine. That’s different from MaControl, another bot used in attacks discovered in February 2012.

There are currently at least two variants of the “SabPub” trojan, which remains classified as an “active attack.” It is expected that new variants of the bot will be released in the coming weeks, as the latest was created in March.

Security on the Mac has been in the spotlight of late as a result of the “Flashback” trojan that infected more than 600,000 Macs worldwide. Apple addressed the issue with a series of software updates last week designed to remove the trojan from affected machines.

The Flashback botnet harvested personal information and Web browsing logs from infected machines. The trojan, which disguises itself as an Adobe Flash installer, was first discovered last September.

Stay tuned for additional details as they become available.

Apple updates iTunes account security protocols, adds new security prompts for users

Posted by:
Date: Friday, April 13th, 2012, 07:41
Category: News, security, Software

blueituneslogo.jpg

This could make your iTunes account that much more secure.

Or it could make you want to put an axe through the screen as you just want to buy a cool 99 cent app.

Per Ars Technica, Apple has begun asking users to select and answer a series of questions associated with their Apple IDs to enhance security measures.

The security prompts began popping up on iOS devices on Wednesday, wherein users were met with a prompt that states “Security Info Required.”

After being shown the message, users are asked to select from a number of security questions and provide personal answers. Users are also prompted to provide a backup e-mail address in case the primary address associated with their Apple ID is compromised.

The changes are meant to curb fraud and phishing attempts that have been used for many years to hijack iTunes accounts. Because credit card information is tied to a user’s account, nefarious people will steal and resell accounts, allowing people to buy content like music, movies and applications on someone else’s dime.

This week’s changes are only the latest in a series of measures by Apple over the years to improve security associated with iTunes accounts. Some of the steps taken include requiring users to verify their account information when they log into new devices, and upgrading passwords to make them more complex with varying characters.

Some users have been confused by the new security prompts appearing this week, and have expressed concern on the Apple Support Communities website that the alerts could be bogus phishing attempts. However, the revised measures have been proven to be legitimate, and Apple has admitted they are part of an ongoing effort to bolster security.

If you’ve seen these prompts on your end, please let us know what you make of them in the comments.

Apple releases Java for Mac OS X 10.6 Update 8, Java for Mac OS X Lion 2012-003 updates, looks to remove Flashback malware

Posted by:
Date: Friday, April 13th, 2012, 06:25
Category: News, Software

applelogo_silver

Maybe this will settle it once and for all.

Late Thursday, Apple released Java for Mac OS X 10.6 Update 8, the update removing the most common variants of the Flashback malware. The 80.6 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-003, which also looks to remove the most common type of the now-infamous Flashback malware. The 63.8 megabyte download requires OS X 10.7 or later to install and run.

The updates, which can be located, downloaded and installed via Mac OS X’s Software Update feature. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.

Researchers estimate 600,000 Macs infected by “Flashback” trojan, offer removal/online safety advice

Posted by:
Date: Thursday, April 5th, 2012, 08:21
Category: News, security

Even if you’re a Mac user, you have to be careful out there.

According to Russian antivirus company Dr. Web, a trojan horse virus named “Flashback” that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.

The outfit issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the virus, as highlighted by ArsTechnica.

An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple’s hometown of Cupertino, Calif.

According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.

Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the virus is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.

Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.

Researchers F-Secure have provided instructions on how to detect and remove the malware.

So, be sure to snag the Java update via Mac OS X’s built-in Software Update feature, be careful out there and if they do catch whoever wrote this thing, I’ll happily serve marshmallow ‘smores and free drinks to the angry mob that corners them with torches and pitchforks.

Apple releases Java for Mac OS X 10.6 Update 7, Java for Mac OS X Lion 2012-001 updates

Posted by:
Date: Wednesday, April 4th, 2012, 06:51
Category: News, Software

applelogo_silver

Have updates, will travel.

Late Tuesday, Apple released Java for Mac OS X 10.6 Update 7, providing “improved reliability, security and compatibility.” The 76 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-001, which claims to offer improved compatibility security and reliability. The download comes in at 63.8 megabytes and requires OS X 10.7 or later to install and run.

The updates, which can be located, downloaded and installed via Mac OS X’s Software Update feature, focus on multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.

Flashback trojan changes tactics, can now install on your Mac without a password

Posted by:
Date: Monday, April 2nd, 2012, 15:43
Category: News, security, Software

Well, you’ve gotta admit, they’re persistent.

Per Macworld and F-Secure, the Flashback Mac trojan uncovered by security firm Intego last year can now infect your computer from little more than a visit to a website.

Originally, Flashback masqueraded as an installer for Adobe’s Flash Player. Since then, the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password.

No fix is currently available for this vulnerability on the Mac, although the hole was patched in Java for Windows back in February. Unfortunately, Apple has long been criticized for lagging behind Windows when it comes to updating Java for security patches. However, given that Apple rolls out updates every few months, it seems likely that the company will distribute a patch in the not too distant future.

Until then, F-Secure suggests users deactivate Java on their Macs. The company has also given instructions for checking if your system is currently infected by the Flashback Trojan.

It’s also worth noting that the Java vulnerability has recently been included in the popular BlackHole exploit kit used by many attackers.

While there’s no need for widespread panic, the fact that this latest version of the malware can install itself without the user’s password is enough of a reason for concern that some precautions are necessary. Disabling Java is a good step, but the first line of defense is, as always, to be cognizant of the websites you visit and use common sense.

Stay tuned fora additional details as they become available.

Swedish security firm’s video demonstrates simplicity of bypassing iOS, Android passcodes, reaping data from stolen devices

Posted by:
Date: Wednesday, March 28th, 2012, 07:15
Category: iPad, iPhone, iPod, security

The goal isn’t to make you paranoid (which, according to the movie “End of Days”, is just reality on a finer scale), but to help show you what’s out there.

Per Forbes, Swedish security firm Micro Systemation has posted the following video as to how quickly both iOS and Android-based devices can be cracked, the firm’s XRY 6.2 software suite cracking the device’s passcode, dumping its data to a Windows PC, decrypting it and showing tender morsels of information such as the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes.
The report said the firm uses the same kind of exploits that jailbreakers use to gain access to the phone. Once inside, they have access to just about everything.

Take a gander at the video and try to be careful out there:



As always, please let us know what’s on your mind via the comments.