A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and
SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don’t have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they’ve under-reported or failed to report
The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit in Brazil, which I’m pleased to do. This year the APWG is hosting it’s fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in São Paulo, Brazil. The Discounted Early Bird Registration rate will
Specifically spear-phishing, where the target is deliberately selected, as opposed to a random untargeted attack. An article at Dark Reading.com discusses the entirely unsurprising results of a test that concluded that the iPhone, BlackBerry, and Palm have essentially no protection against spear-phishing attacks. http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=221100150&cid=nl_DR_WEEKLY_T LinkedIn was used as the service to send a fake invitation
The City of Bozeman, Montana effectively joined the ranks of phishers when they asked job candidates for their usernames and passwords for social networking sites that the applicant belongs to. In a report at , after considerable outcry the city rescinded its mindless policy. To begin with, the city was asking applicants to breach their