Ironically, the vulnerability is introduced by a class of firewalls cellular carriers use. While intended to make the networks safer, these firewall middleboxes allow hackers to infer TCP sequence numbers of data packets appended to each data packet, a disclosure that can be used to tamper with internet connections.

In June 2009, Microsoft issued security update MS09-027, which fixed a remote code execution vulnerability in the Mac version of Microsoft Office. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet – which is how nearly three years later, malware has emerged that exploits the issue on machines running Office on Mac OS X. Fortunately, our data indicates that this malware is not widespread, but during our investigation we found a few interesting facts we’d like to share with you.

[Kaspersky CTO Nikolay] Grebennikov originally stated that Apple had invited Kaspersky Lab to work with the company on improving its security, but has since issued a clarification. The company has now said that its analysis of OS X was "conducted independently" but that "Apple is open to collaborating with [Kaspersky] regarding new OS X vulnerabilities."</p><p>

In Computing's original interview, Grebennikov was specifically asked three times if Apple had requested Kaspersky Lab's assistance.

Between May 8 and 9, 2012, the Websense® ThreatSeeker® Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in 2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.

As you may have heard, some <a href="http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/">security researchers recently released information outlining</a> a long-standing vulnerability within the PHP-CGI code. The short of it is that remote attackers may be able to pass command line arguments in a query_string that will be passed directly to the PHP-CGI program.

Based on our current research,  NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. As previously mentioned, this appears to be the first time that compromised websites have been used to distribute malware targeting Android devices.

Do you work for Apple? If so, please suggest - to the highest authority in the company you dare to email directly - that your employer tweaks its update publishing system. Make sure that [security article] HT1222 is updated at the same time as any security-related product update is published, not hours or days later. This will have a positive outcome: your users will apply security fixes more promptly.

A four-year investigation, resulting in the FBI's arrest of six Estonian computer criminals in November, could have implications on Internet users as soon as July 9.</p><p>

Computers infected with the DNSChanger malware, which -- according to CNET.com -- worked by setting up a background process in an affected computer that changed the user's DNS server settings to the rogue DNS network, which was then used by hackers to redirect valid URLs to malicious Web sites, won't be able to access the Internet July 9 -- without knowing the site's IP address -- after the Feds shut down the temporary servers used to keep the infected computers online.

Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple’s tool for disinfecting their machines or installing antivirus.</p><p>

“It’s going very slowly, and there’s still a ways to go, but I think in a month it will be over,” says Boris Sharov, Dr. Web’s chief executive.

Of the Macs that have been infected by the Flashback malware, nearly two-thirds are running OS X 10.6, better known as Snow Leopard, a Russian antivirus company said Friday.</p><p>

Doctor Web, which earlier this month was the first to report the largest-ever malware attack against Apple Macs, mined data it's intercepted from compromised computers to come up with its findings.

Doctor Web's virus analysts continue to monitor the largest to date Mac botnet discovered by Doctor Web on April 4, 2012. The botnet statistics acquired by Doctor Web contradicts recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39 The number is still around 650,000.

Intego has discovered a new variant of the Flashback malware, Flashback.S, which continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:</p><p>

~/Library/LaunchAgents/com.java.update.plist<br />
~/.jupdate<br />
It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.

The partner program was based on script redirects from huge numbers of legitimate websites all over the world. Around the end of February/early March 2012, tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using vulnerable versions of WordPress or they had installed the ToolsPack plugin. Websense put the number of affected sites at 30,000 , while other companies say the figure could be as high as 100,000. Approximately 85% of the compromised blogs are located in the US.</p><p>

Code was injected into the main pages when the blogs were hacked. As a result, when any of the compromised sites were visited, a partner program TDS was contacted. Depending on the operating system and browser version, the browser then performed a hidden redirect to sites in the rr.nu domain zone that had the appropriate set of exploits installed on them to carry out an infection.

This Java security update removes the most common variants of the Flashback malware.</p><p>

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

Although there are no reliable stats, China appears to have a big problem when it comes to malicious mobile apps either finding their way onto legitimate sites such as those run by the operators, or dubious third party platforms.</p><p>

Roy Ko, a consultant at the Hong Kong Computer Emergency Response Team Coordination Center, told The Register that part of the problem lies with Chinese mobile users themselves.</p><p>

“In China people like to crack software and make it available for free but that is dangerous because Google Play at least has some quality control, but on the other sites you get these cracked apps alongside malicious ones,” he argued.</p><p>

The most common end goal for the creators of these malicious apps is either to steal data, or make money out of premium dialler malware, although increasingly hackers are using these infection channels to turn smartphones into botnets, Ko explained.

This is anecdotal, and I don’t have survey numbers to back it up, but I’ve been probably the most prominent writer on Mac security for the past 5 years, and talk to a ton of people in person and over email. Nearly universally Mac users are and have been, concerned about security and malware.</p><p>

So where does this myth come from? I think it’s 3 sources.

any hacker who happens to know one Bangkok-based security researcher who goes by the handle “the Grugq”–or someone like him–has a third option: arrange a deal through the pseudonymous exploit broker to hand the exploit information over to a government agency, don’t ask too many questions, and get paid a quarter of a million dollars–minus the Grugq’s 15% commission.

VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers.</p>

<p>Update, 4:32 p.m. ET: Atlanta-based processor Global Payments just confirmed that they discovered a breach in early March 2012. See their full statement and several other updates at the end of this story.

France-based VUPEN is one of the highest-profile firms trafficking in zero-day exploits. Earlier this month at the CanSecWest information security conference, VUPEN declined to participate in the Google-sponsored Pwnium hacking competition, where security researchers were awarded up to $60,000 if they could defeat the Chrome browser’s security and then explain to Google how they did it. Instead, VUPEN—sitting feet away from Google engineers running the competition—successfully compromised Chrome, but then refused to disclose their method to Google to help fix the flaw and make the browser safer for users.

“We wouldn’t share this with Google for even $1 million,” said VUPEN founder Chaouki Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”

the suggestion that the Duqu Framework might have been developed using old-school Object Orientated C (OO C) hit the bullseye. Code compiled using C and Microsoft Visual Studio 2008 was a close match for the code in the Duqu framework, allowing Kaspersky researchers to conclude that the framework had been written using a custom object-orientated extension to C or plain C with a changed dialect, as Kamluk described it.

"It's old school C. These are techniques used by professional software developers but not malware writers," Kamluk explained.

Apple has unveiled iOS 5.1, the latest version of its mobile operating system, with fixes for over 80 vulnerabilities.

Most of the plugged vulnerabilities involve the WebKit framework used to render web pages in Safari and other applications. Apple warned that visiting a malicious website could lead to a “cross-site scripting attack”, an “unexpected application termination”, or “arbitrary code execution”, according to a <a href="http://support.apple.com/kb/HT5192">security advisory

Security researchers are warning that some 30,000 WordPress websites, 85% of them based in the US, have been compromised by a mass-injection hijack attack which sees visitors to any of more than 200,000 individual pages redirected to a Trojan infected rogue AV scam.

We recently <a href="http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-delivery-method-to-infect-macs/">reported about a new variant of the Flashback Trojan horse</a> which is using novel techniques to infect Macs. Since then, we have discovered a number of samples of this latest variant, Flashback.G, and have seen evidence that many Mac users have been infected by this malware.

Symantec has backtracked from assertions last week that 13 Android apps distributed by Google's Android Market were malicious, and now says that the code in question comes from an aggressive ad network that provides revenue to the smartphone programs.