More details on Windows XP zero day exploit circulating … Ensuring Adobe Acrobat reader is patched will help mitigate dangers and all users have until April 2014 to move to later versions of Windows.
QUOTE (Trend Labs): We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in May of this year. This vulnerability is used in tandem with the Windows zero-day vulnerability (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server. This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.
Home and corporate users will benefit greatly in phasing out Windows XP, for the more secure kernel and browser architectures offered by Windows 7 and 8.1 … PC Magazine shares awareness of new vulnerability affecting older Windows XP version only.
QUOTE: Microsoft confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 is currently being exploited in active attacks. If you are still running XP, why don’t you put a new computer on your wish list? Originally reported by researchers at FireEye, the the issue is an elevation of privilege flaw which allows an attacker to run arbitrary code in kernel mode. By exploiting this bug, an attacker could install additional programs, view or modify data, or create new administrator accounts on the computer, Microsoft said in its security advisory, released on Wednesday. Microsoft also said the attackers must first log in with valid account credentials to launch the exploit, and the vulnerability cannot be triggered remotely or by anonymous users. “It is being abused in the wild in conjunction with an Adobe Reader vulnerability that had a fix published in August 2013,” said Wolfgang Kandek, CTO of Qualys. Users running outdated versions of Adobe Reader 9, 10, and 11 on Windows XP SP3, FireEye researchers Xiaobo Chen and Dan Caselden wrote on the company blog. Chen and Caselden recommended. Later versions of Windows are not affected.
PC Magazine shares awareness of extensive connectivity to Twitter, Facebook, Instagram and other social networks. Users need to think ahead of security risk especially with large # of malicious applications in circulation
QUOTE: They’re so popular, those ubiquitous mobile devices. For better or worse, we’ve evolved into a society that is a texting, Facebooking, Snapchatting, online-banking, TMI-ing, forever-connected, 24/7-kind of world. And 85% of users are connecting to social media sites via public WiFi! There’s positives to that, for sure, and is a great way to stay connected. But have you ever considered the negatives when you’re doing all that in a public wireless hotspot? After all, identity theft is a huge epidemic — have you ever thought about the risks to your personal life by using a “free” Internet connection? What information are you (over)sharing? Is that data protected and encrypted from prying eyes? What security tools do you use regularly?
Interesting head-to-head comparison of latest two advanced gaming console systems.
QUOTE: Now that the PlayStation 4 and the Xbox One are both on sale, we are officially in the next-generation of console gaming. For many of you, deciding which one to buy is going to be the toughest shopping decision you’ll make this holiday season. Buying a console is a highly personal decision, but it’s worth outlining the specific use cases that might tip you one way or the other. While I don’t have a deep loyalty to either Sony or Microsoft, you should know that I bought an Xbox One because it best fit my overall gaming/entertainment needs. You can also check out our occasional gamer guides for the PS4 and the Xbox One if you need more help deciding.
The Xbox One is designed to serve as your living room’s primary media device, so it may be the better option if you’re looking for an all-in-one system. Unlike the PS4, the new Xbox has an HDMI input that can be used for watching live TV. The conversation around the next-gen consoles has centered around the PS4 being best for gamers and the Xbox One is being tailored for users who want an all-in-one package. That characterization may feel reductive, but, based on the time we’ve spent with both systems, it’s also pretty accurate.
This article warns of possible mis-use in this legitimate tracking where parents monitor cell phone usage by their kids
QUOTE: Those of you interested in preserving your privacy will want to watch out for the mSpy app. When installed on an Android or iOS device, it can track phone calls, location data and keyboard strokes in the background without your knowledge. The app is ostensibly intended for legal monitoring use, and there are certainly legitimate reasons to install the software. Companies, for instance, could inform their employees that they’re surveilling company phones for security purposes, or concerned parents could include the software on devices they give to their kids.
Thankfully, the app requires physical access for installation. The iOS version requires that the client device is jailbroken, and it isn’t currently compatible with iOS 7 and recent versions of iOS 6 (6.1.3 and 6.1.4). mSpy for Android works with some of the platform’s most popular devices, including the Galaxy S4, Moto X and the HTC One, but spying on apps like Facebook, Skype, Viber and Whatsapp requires the phone to be rooted. Older BlackBerry and Symbian phones are also supported.
PC Magazine awarded Editor’s Choice rating on this advanced new gaming system
QUOTE: Well, Microsoft’s ambition has paid off. Not only is the Xbox One $499.99 at Microsoft Store a powerful game system that rivals the PlayStation 4, it really is the comprehensive entertainment hub Microsoft envisioned. (And it turns out that it doesn’t require an always-on Web connection and you can turn off the camera.) Kinect voice controls, television integration, and multitasking features make the Xbox One an ideal combination of game system, media hub, universal remote, program guide, and Blu-ray player. The Xbox One’s voice controls and TV integration are revolutionary and could pave the way for game systems to become true all-in-one entertainment centers. …but it does so much so well that its flaws and price can be forgiven, making it an Editors’ Choice.
McAfee reports of new Android attacks circulating and targeting Korean users
PC Magazine offers numerous safety tips to reduce risks while traveling
QUOTE: If you are among the 43 million Americans planning to travel over the next days, you are most likely not leaving your electronics behind. Make sure you secure your data before you hit the road (or the air). … KEY BEST PRACTICES include:
1. Protect the Device – The fewer devices you are carrying, the smaller the chances of losing or breaking them. Password protect, encrypt data, and set up anti-theft applications on mobile devices
2. Backup Your Data – Before you leave, take the time to back up all the files on the devices. That’s ebooks, documents, pictures, videos, everything. Do it again before coming home. Back up those pictures you took and the files you created before you head out again. Upload those images and files to Flickr, Dropbox or any cloud storage service of your choice
3. Beware of Public Networks – Beware of public networks, even if they aren’t free. You may think you are hopping on to the hotel wireless, or the one belonging to the airport, but it may actually be a rogue network set up to trap unsuspecting users.
Hoaxes are designed as pranks to confuse users with false information. Just as email virus hoaxes were once popular, the concept has spread to social networking sites as well
QUOTE: Let’s first take a look at the warning which has circulated on Facebook for the past three years. There is no evidence that the Christmas Tree app warning described a real threat in 2010, much less in 2013. You should always be careful when installing Facebook apps, but we this warning appears to be false and outdated.
HOAX TEXT: WARNING!!!!!! ….. Do not use the Christmas tree app. on Facebook. Please be advised it will crash your computer. Geek squad says its one of the WORST trojan-viruses there is and it is spreading quickly… Re-post and let your friends know ;-}
This agency is similar to FBI in warning of breaking news, investigating incidents, and working with law enforcement agencies to prosecute online criminal events.
QUOTE: The NCA is a new crime-fighting agency with national and international reach and the mandate and powers to work in partnership with other law enforcement organisations to bring the full weight of the law to bear in cutting serious and organized crime.