Phishing is a term used to describe a scam, a malicious attempt aimed at trying to trick you into divulging sensitive information via electronic communication. One recent avenue for this type of attack is through emails appearing to come from your IT helpdesk requesting information, such as your username and password.
It looks like some HTC Android phones which install malicious applications could have their Wifi passwords stolen according to an article by Network World last week.
HTC has released some patches to their software to help fix this issue.
I think that the materials that the Privacy Commissioner of Canada is promoting are great. Everyone should follow the advice they present to teach their families about online privacy. Here are the links to three great tools they have launched on their www.youthprivacy.ca website.
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in WebKit. A
man-in-the-middle attack while browsing the iTunes Store via iTunes may
lead to an unexpected application termination or arbitrary code execution.
Leaked copies of Skype for Android with video-conferencing capabilities
have been floating around. Before using, note that there is no security
of any kind on your personal & login information. It is literally stored
in text files with world-readable permissions. However, PCI DSS was
followed, so Credit Card information is safe.
Thanks to Kevin for the heads up.
"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.
"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.
"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."
All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.
There has been a recent compromise of a major registration authority
(RA) at Comodo.