Will Stagefright force all mobile makers to release monthly security updates?
Stagefright took the Android world rather by surprise. As well as catching the industry with its pants down, it highlights a problem of mobile security: it's just not taken seriously enough. In response to the Stagefright vulnerability, both Samsung and Google announced new monthly security update cycles.
Not to be outdone, LG has now followed suit, and it would be surprising if we didn’t see more manufacturers of Android handsets doing exactly the same in the coming weeks. But in announcing its own monthly security update schedule, LG has highlighted another stumbling block for mobile security. Carriers.
Over half of UK smaller businesses spend less than 2 percent of their IT budget on security
Smaller businesses often have a limited budget for securing their IT systems which can leave them uniquely vulnerable. Antivirus company Avast launched its free Avast for Business cloud offering aimed at SMBs earlier this year and has been surveying users to find out how they handle their security.
Among the findings are that almost three-quarters of respondents say that all of their employees use the internet. Yet despite the high number of data breaches 57 percent of SMBs in the UK invest only between zero and two percent of their IT budget on security.
Microsoft doubles budget for bug bounty program
You might think you have the best programmers in the world, but chances are there’s a kid in his parents’ basement somewhere who’s smarter than all your engineers combined.
That’s why bounty hunting for bugs has become hugely popular among software makers, employing pretty much every hacker worldwide in their search for overlooked bugs. Microsoft is one of such companies, and it’s using the Black Hat conference to promote its new bug bounty program, which sees the bounty doubled.
Lookout launches Stagefright detector
Stagefright detectors seem to be flavor of the month at the moment, not surprising when the vulnerability could affect around 95 percent of Android devices. We reported yesterday on Zimperium's version and now mobile security specialist Lookout has launched its own detector.
The app will tell users whether or not their Android device is vulnerable to Stagefright. If it is affected, it provide a run-down on how to reduce the risk of being attacked. Uses will also be able to check back in after receiving a security patch to confirm it contained the fix for Stagefright.
Hackers can steal fingerprints from Android phones
Hackers can steal fingerprint data on a large scale through insecure Android phones, researchers claim, saying that vendors that ship with fingerprint sensors don’t lock them down well enough.
FireEye researchers Tao Wei and Yulong Zhang are singling out Samsung Galaxy S5 and HTC One Max as the most vulnerable examples, and are set to announce new research during the Black Hat conference in Las Vegas on Wednesday.
Zero-day vulnerabilities increase over 2014
Danish security company Secunia is using the Black Hat conference to reveal an early look at the vulnerability trends to date for 2015.
One of the main findings is that 15 zero-day vulnerabilites have been discovered so far in 2015, making it likely that the total for the year will exceed the 25 discovered in 2014. The 2015 zero-days were all discovered in popular Adobe and Microsoft products widely in use across both personal and professional IT systems.
Zimperium releases Stagefright detection tool and vulnerability demo video
We've already looked at the Stagefright vulnerability, discovered by Zimperium, and shown what can be done to deal with it. Affecting up to 95 percent of Android devices, the vulnerability has led to Google and Samsung announcing monthly security updates.
Now the mobile security company has released additional details about how the exploit works. To help explain the vulnerability, a video has been produced which uses a Stagefright demonstration to illustrate it in action. Zimperium has also released an Android app that checks devices for the vulnerability.
Apple will release OS X 10.10.5 to fix Thunderstrike 2 vulnerability
Apple has promised it will fix a major vulnerability which recently cropped up in its OS X Yosemite operating system.
The worrying zero-day vulnerability allows malware authors to modify a hidden configuration file to get root permissions on the victim machine, security firm Malwarebytes explained in a blog post, allowing for the installation of adware and other assorted malware nastiness.
Samsung and Google to release monthly OTA Android security updates
Google and Samsung announced today that they are taking steps to ensure the ongoing security of Android phones and tablets. Both companies said that over the air (OTA) updates will be released on a monthly basis with Google focusing on its range of Nexus devices.
Samsung made reference to the recent StageFright vulnerability in announcing that its Galaxy devices are in line for regular security updates. While Google will be pushing out OTA updates directly, Samsung is currently in talks with global carriers to ensure that updates can be delivered "about once per month".
Upgrade to Windows 10 and your kids may no longer be safe
Parents who are upgrading their computers to Windows 10 are warned that the move from Windows 7 or Windows 8.1 will obliterate the safety features used to protect children. You may have spent time putting restrictions in place in a bid to keep your offspring safe when using your computer, but Windows 10 will change these child-friendly accounts into standard accounts with no limitations whatsoever.
The upgrade process wipes out website restrictions, game and app age ratings, time limits, and other parental controls and monitoring options. Unless a parent goes to the trouble of reinstating each of these settings individually, their children will have unfettered computer access. The discovery, revealed by The Register, will come as a surprise to many, but the worry is that many parents will simply be unaware that their children are not protected. And this is far from being the first time Windows 10 has been criticized.
Ransomware targets prospective Windows 10 users
If you’re still waiting for your free update to Windows 10, be careful, as there’s serious malware circulating around the net. As usual, cyber crooks are fast to react to a trending topic and will try to take advantage of it to place malware on unsuspecting victims.
This time, they are tapping into the Windows 10 upgrade trend and are trying to sneak malicious code to people who think they’re getting their copy of the latest Microsoft OS. According to a report by Cisco’s security group Talos, someone is "impersonating Microsoft in an attempt to exploit their user base for monetary gain".
Today's top malware threats -- are you prepared?
Today, data breaches are nothing short of the norm. Organizations like Target, Home Depot, and even the United States Government have fallen victim to cyber criminals illegally accessing and tampering with the sensitive data in their private systems. While cloud computing has simplified the way organizations manage data, it has also made it easier than ever for hackers to gain access to systems and get their hands on critical corporate information.
Of all the players taking part in today’s cyber crimes, malware authors are among the most powerful. Not only are they able to create new ways to steal sensitive information, they are also making the existing types of malware stronger and more effective. As malware becomes increasingly sophisticated, more and more household names and large corporations are becoming data breach victims. As result, headlines are flooded with news of the latest threats to be on the lookout for. Here are some of the top malware threats that companies should have on their radar and be prepared for.
API security becomes a senior management concern
As APIs fast become the dominant channel for exchanging data between both external and internal audiences and services, there's increasing concern over the threats and vulnerabilities they present.
A new survey by API management company Akana reveals that API security is as much an issue for the business as it is for IT, with 75 percent of respondents saying that API security was a CIO-level concern whilst 65 percent say it's an issue for business managers. As APIs are increasingly being adopted to drive digital initiatives, both business and IT increasingly see value in securing them.
Web isolation platform adds threat intelligence to improve accuracy
We reported on the Menlo Security Web Isolation Platform, which aims to eliminate threats before they reach the desktop, earlier this year.
Now Menlo Security is beefing up its offering, announcing a partnership with threat intelligence specialist Webroot. The link up will deliver granular threat intelligence for the Web Isolation Platform through integration with Webroot's BrightCloud Web Classification Service.
Macs are vulnerable to Thunderstrike 2 firmware malware that survives formatting
Macs have long been touted as being immune to viruses and malware -- but there have been plenty of vulnerabilities that show this to be a fallacy. Apple's own claims that its hardware was not susceptible to the same firmware security flaws as PCs served only to encourage people to prove the company wrong.
At Black Hat USA on Thursday, researchers will demonstrate that not only can Macs be remotely infected with malware, but that this malware can survive a user formatting the system. In a talk at the InfoSec event in Las Vegas that focuses on all manner of security topics, Trammell Hudson, Xeno Kovah, and Corey Kallenberg will show that Macs are just as vulnerable to remote attacks as PCs using the Thunderstrike 2 backdoor.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.