Monday, January 14, 2013

Apple Locking App Screenshots to Stop Bait & Switch Scams

Apple App StoreAny scammers that were hoping to pull the ol’ bait & switch routine in the Apple app store by switching the screenshots for their apps after it has been approved may have a rough time doing so thanks to Apple’s new policy change.

Last Wednesday, Apple announced to Apple Developers that “app screenshots will be locked in iTunes Connect once your app has been approved.”  The only way developers can upload new screenshots is to submit a binary for an update for an existing app, or a brand new app.

The idea behind this change is to stop the widely-used scam tactic where ill-willed developers upload legitimate screenshots to get their app approved and then swap them out with different screenshots (sometimes from another popular app) to trick users into downloading the app.

Hopefully this will prevent users from paying for apps that aren’t quite what they seem.

[via Security Watch]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , ,

(Updated) A Patch Coming for IE Zero-Day Later Today

Internet Explorer

Update: Microsoft has released the patch, as promised. Users can update via Windows Update or download & apply the patch manually.

Microsoft is planning on releasing an out-of-band update later today to address the zero-day vulnerability in Internet Explorer 6, 7 & 8 (CVE-2012-4792) which could allow attackers to execute malicious code.

This is excellent news considering cybercriminals have been exploiting the bug since December, and researchers wound up bypassing the temporary FixIt solution that Microsoft issued to help users defend themselves against attacks.

When it is released, users can download and apply the patch via Windows Update and other standard distribution channels. If you happened to install the temporary FixIt solution, Microsoft stated that it is not necessary to uninstall it before applying the permanent patch.

Microsoft will be holding a special, live webcast to answer any questions related to this update today, Monday, January 14th at 1 p.m. PST. You can register for the webcast here.

[via Microsoft]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , ,

Tuesday, January 8, 2013

Spam Alert: More FedEx Phishing Emails Hitting Inboxes

FedExBrace yourselves, folks - more FedEx spam is coming your way!

Our last copy of FedEx spam arrived back in early December, and it doesn’t look like much has changed since. The sender’s address is still some random email (not a fake fedex.com address), the subject line is still a random tracking number, and the goal is still to infect your computer with Win32/TrojanDownloader.Zortob.B.

Here’s the email (the previous version can be seen here):

FedEx Spam (1/7/12)
From: Shipping Service (clients-262@corpuschristi.com)
Subject: Tracking ID (387)91-387-387-9611-9611

FedEx

Order: JN-1454-28625287
Order Date: Thursday, 3 January 2013, 11:23 AM

Dear Customer,

Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.

GET & PRINT RECEIPT

Best Regards, The FedEx Team.

For those of you who are curious (or possibly new to this FedEx spam thing), when you click the ‘Get & Print Receipt’ link, you will be taken to a third-party site that will download the file Postal-Receipt.zip onto your PC. Hopefully you will not make the mistake of opening this file as it contains the aforementioned Zortob.B Trojan.

What to Do With FedEx Spam


If you receive an email like the one above, it is strongly recommended that you:

  • Do not click on any links or open any attached files.

  • Report the email to FedEx by forwarding it to abuse@fedex.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , , , ,

Yahoo! Fixes XSS Exploit Used to Hijack Yahoo! Mail Accounts

Yahoo! MailAn unknown number of Yahoo Mail users found their accounts compromised yesterday, thanks to a document object model-based cross-site scripting vulnerability that was discovered by a security researcher by the name of Shahin Ramezany.

Ramezany posted a video on YouTube demonstrating the XSS vulnerability, which only takes minutes to execute and affects all current browsers, on January 6th. According to the video, a Yahoo! Mail user can fall victim to the exploit by simply clicking on a malicious link sent to them via email, putting an estimated 400 million accounts at risk of being taken over.

Users that were affected by the exploit took to Twitter to complain and warn anyone that received an email from them not to click any embedded links.

Thankfully Yahoo! stepped in to close the security hole yesterday evening, issuing the following statement to The Next Web in the process:
“At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

Lesson to be learned here? Exercise caution when following links, even when they are sent by a friend - you never know what hides behind it!

Update: Researchers say Yahoo! Mail exploit still active, despite claim of being fixed

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , , , ,

Friday, January 4, 2013

Buy of the Week: OKI B411d Laser B/W Printer for $117

This deal expired on 1/11/13.


OKIDATA B4111d Laser B/W PrinterIf you're looking to improve the productivity and lower the operating costs of your business, the B411 series offers all of that and more.

For starters, select series models deliver up to 35 ppm, with the first page printing in less than 5 seconds. They produce output in black and white that's clear and crisp, at up to 2400 x 600 dpi resolution, using a two-piece consumables system for long-lasting performance and a low cost of operation.

Until January 11th, 2013, you can order a OKI B411d Laser B/W Printer from Hyphenet for only $117, plus shipping!

Specifications for OKI B411d Laser B/W Printer

























































MFR# 91659801
Printer TypeWorkgroup Printer - LED - Monochrome
Print SpeedUp to 35 ppm (max speed)
Max Resolution (B&W)2400 dpi x 600 dpi
Duplex PrintoutDuplex
InterfaceParallel, USB
Processor330 MHz
RAM Installed ( Max )64 MB ( 320 MB )
Language SimulationPCL 5E, EPSON FX,
PCL 6, IBM ProPrinter III XL
Media TypeEnvelopes, plain paper,
bond paper, water resistant paper,
proofing paper
Media Handling250-sheet input tray,
1-sheet multipurpose tray
Monthly Duty Cycle80,000 pages
Warranty1-Year OKIDATA Warranty

Call (619) 325-0990 to order a OKI B411d Laser B/W Printer today!


Buy of the Week offer valid through January 11th, 2013.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This deal expired on 1/11/13.
Posted by at No comments:
Labels: , , , ,

Don't Accept Bikini Screensavers Offered via Spam

Bikini Photo

Sophos is warning users not to fall for the latest trap spammers are planting inside email inboxes: unsolicited messages claiming to have bikini photos inside an attached zip file.

Here’s one of the emails picked up by SophosLabs:
Subject: Merry Christmas
Hello my dear!!!

How are you? As I promised, here’s my bikini photos. I hope you will be love it!
This is my humble gift for Christmas! See you later :)
Your love Ciara
28.12.2012

If the poor grammar wasn't an indicator of a potential scam, then the attached file, Bikini.zip should raise some red flags as it contains a Windows screensaver file named “Bikini.scr” instead of a bunch of regular image files.

That's likely because .SCR files are executable (capable of installing code) and can unleash mayhem on your poor machine. So don't open them unless they're coming from a trusted source.

Sophos detects this threat as Troj/Agent-ZMO, but you should be able to avoid it as long as you don't open files attached to spam.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , , , , , , ,

Wednesday, January 2, 2013

Microsoft Issues FixIt for IE 0-day Being Exploited In-the-Wild

Internet ExplorerUsers that fire up older versions of Internet Explorer to surf the web may want to apply the FixIt solution that Microsoft released to help defend against attacks using a zero-day vulnerability that surfaced last week.

Microsoft stated that the remote code execution vulnerability, CVE-2012-4792 exists due to the way IE accesses an object in memory that was not properly allocated or deleted. Only Internet Explorer versions 6, 7 and 8 said to be affected by this flaw.

The vulnerability is actively been exploited in-the-wild to conduct drive-by-download attacks.

Security firm FireEye was the first to spot the flaw after receiving reports on December 27th, 2012 that the Council on Foreign Relations (CFR) website had been compromised & was serving malware.  FireEye later confirmed that the CFR website was hosting malicious content as early as Friday, December 21st; however, SophosLabs pushed the date back even further, suggesting that attacks began back on December 7th.

As if that wasn’t bad enough, Sophos warns that the vulnerability is being exploited on at least five other websites, hinting that the attacks may not be as limited as initial reports suggest.

Tips to Keep Your PC Safe


Until Microsoft releases an official patch to correct this security flaw, users are advised to:

  • Apply the easy one-click “Fix It” solution that Microsoft released; just keep in mind that this is a temporary fix until Microsoft can issue an official patch.

  • If possible, upgrade to Internet Explorer 9 (requires Vista or higher) or Internet Explorer 10 (requires Windows 8).

  • Switch to a different browser if you are unable to upgrade IE or apply the FixIt.

  • Always run antivirus software that offers real-time scanning. (Sophos & Symantec are two AV vendors that have updated their software to block attacks using this vulnerability.)

  • Use a Windows account with limited access. Microsoft’s security advisory states that attackers may inherit the same user rights as the victim, so limited privileges may limit the amount of damage done.

  • Keep your operating system & installed software current, and definitely apply the official patch when released.

  • Exercise caution when following links or suspicious URLs.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)