AV-Test researched Antivirus Products in protecting the base product. ESET was a strong finisher in the results.
AV-Test researchers gathered 24 consumer-side security products and eight products geared toward business. For each product, they performed a simple census. They enumerated every executable file, dynamic link library, driver, and .sys file associated with the application and noted whether each module implemented DEP, ASLR, or both. They evaluated 32-bit and 64-bit products separately.
As I mentioned, the results covered a wide range. ESET was the only consumer product with 100 percent coverage; Symantec was the only business product at that level. Avira, G Data, McAfee and AVG completely protect their 64-bit products with DEP and ASLR. However, coverage in their 32-bit editions ranged from 90 to not-quite-100 percent
Lookout Security documents increased sophistication in latest version of an Android Malware agent called “NotCompatible”
QUOTE: The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks
A particularly nasty mobile malware campaign targeting Android users has hit between four million and 4.5 million Americans since January of 2013, according to an estimate by Lookout, a San Francisco mobile security company that has been tracking the malware for about two years.
Lookout first encountered the mobile malware, called NotCompatible, two years ago and has since seen increasingly sophisticated versions. Lookout said it believes, based on attempted infections of its user base of 50 million, that the total number of people who have encountered the malware in the United States exceeds four million.
The attackers goal, researchers say, is to infect as many smartphones as possible and turn them into a so-called botnet, a network of infected devices that can be used by attackers for various malicious purposes. Lookout’s researchers say there is evidence that Not Compatible’s authors are renting out control of infected mobile devices to people who have used them to simply send out more spam or buy up event tickets in bulk from from Ticketmaster, Live Nation, EventShopper and Craigslist. Some have used infected devices to try to crack WordPress accounts.
Details of Facebook’s forthcoming PRIVACY terms of service starting in 2015:
Facebook has announced a set of new privacy focused terms of service, which aims to let users of the social network ‘control their information’, according to The Independent.
The changes, which will be live as of 1 January 2015, introduce ‘Privacy Basics’, a tool that shows users who can see any information they share on the site, from links to photos tagged in. It will also include simple instructions on privacy issues, like removing your name from a photograph you’ve been tagged in.
Lifehacker claims that Privacy Basics will be broken up into three main categories: ‘What Others See About You’, ‘How Others Interact With You’ and ‘What You See.’ The update won’t be changing any settings on people’s accounts, rather choosing to inform users of how they can control the their data, should they wish.
The update will also give people more control over the types of advertising they’re served, allowing you to opt out of advert types across all devices, rather than just the desktop site, reports Business Insider. Additionally, the new policies give a bit more detail on how mobile data such as battery, signal strength and location are used by the company to serve ‘relevant adverts’.
The 2nd link provides the detailed study
ThreatTrack Security today published the study 2015 Predictions from the Front Lines which found that expectations for data security next year are surprisingly optimistic given the harsh reality of 2014, which has been the worst year on record for data breaches. Enterprise security staffers are so confident that 81% of survey respondents said they would “personally guarantee that their company’s customer data will be safe in 2015.”
Windows 10 will feature a new Continuum interface that is still in development and may offer improved ease of use for traditional Windows users
During its big unveiling of the new Windows 10 operating system, Microsoft demonstrated a feature called Continuum, which is designed to make it easy for users to switch between touch interfaces and non-touch environments. With Continuum, Microsoft says the new interface design smoothes those transitions. Microsoft says this interface was built specifically for devices such as the Surface Pro 3 and Lenovo Yoga, which have users switching between touch and non-touch interfaces often. Users will be prompted to switch between the touch and non-touch modes whenever they connect or disconnect the keyboard, and the Start screen and apps will adjust themselves accordingly.
The new Windows 10 Consumer version of new operating system is expected to preview in early 2015
Microsoft is planning to detail the consumer features of Windows 10 at an event in January. While Microsoft will be present at the Consumer Electronics Show in early January, sources familiar with the company’s plans tell The Verge that Microsoft will hold a separate press event in late January to unveil the consumer preview of Windows 10. Microsoft previously promised “early 2015” for a discussion on consumer features, and it appears the company is on track.
The Internet Storm Center shares heightened awareness of spam, adware, phishing attacks actively circulating
QUOTE: Likely every reader out there, their friends and family, even their pets with email accounts, have received Black Friday SPAM or phishing attempts today. An Amazon sample for One Click Black Friday Rewards is circulating. Of course, that one click goes no where near Amazon and directs you to the likes of Black Fiday Can’t speak to the payload there, don’t bother, just use it at as ammo for heightened awareness and safe shopping on line during these holidays, and…well, all the time. Be careful out there. 🙂
PC Magazine shares safe shopping practices in “Keeping Your Data Safe While Shopping For The Holidays”
QUOTE: With so many major retailers hit by point-of-sale malware over the past year, many consumers may decide to shift the bulk of their holiday shopping to online retailers, said Mark Stanislav, a security researcher at Duo Security. Analysts estimate holiday shoppers will spend over $304 billion online this year, a 15.5 percent increase from 2013. Online shopping may seem less dangerous than swiping a card at the payment terminals in the store, but “don’t be fooled,” Stanislav warned. There are risks at both brick-and-mortar stores as well as online.
Safety tips are organized into following categories:
1. Things to Do Before You Go Shopping
2. Protecting Your Online Accounts
3. Things to Keep in Mind While Shopping
4. Shopping With Mobile Devices
Users should update Adobe products as prompted and below is a new OOB emergency update released just a few days ago
Adobe has released an out-of-band update to fix a vulnerability in Flash Player which was reported by F-Secure. We discovered the vulnerability while analyzing a Flash exploit from an exploit kit called Angler. We received the sample from Kafeine, a renowned exploit kit researcher. He asked us to identify the vulnerability which was successfully exploited with Flash Player 184.108.40.206 but not with 220.127.116.11. That would imply the vulnerability was something patched in APSB14-22. However, based on the information that we had received via Microsoft Active Protections Program the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569).
Symantec documents that high risk during the forthcoming holiday seasons still remains high. While it is likely many companies have strengthened controls, it still is a cat-and-mouse game in staying ahead of latest malware developments
As Americans gear up for another holiday shopping season, the threat posed by point-of-sale malware remains high. More than a year after the discovery of the first major attacks against POS networks, many US retailers are still vulnerable to this type of attack and are likely to remain so until the complete transition to more secure payment card technologies in 2015.
While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time. While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods.