Security Alerts & News
by Tymoteusz A. Góral

History
#433 Why are so few Android phones encrypted, and should you encrypt yours?
On Monday, experts speaking to The Wall Street Journal about the ongoing smartphone encryption debate estimated that roughly "10 percent of the world's 1.4 billion Android phones were encrypted," compared to 95 percent of all iPhones. For iPhones, that estimate is based on data provided by the company's OS distribution chart—this isn't a perfect source since it also includes iPods and iPads. In any case, the vast majority of iDevices are running iOS 8 or 9 and are thus encrypted in a way that makes it impossible for Apple or others to directly access data on them without their passcodes.
#432 VMware patches XSS vulnerabilities in vRealize products
VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation. The bugs, stored XSS vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms.
#431 To bypass code-signing checks, malware gang Suckfly steals lots of certificates
There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
#430 Smart Reply for Google's Inbox Gmail app comes to the web
Smart Reply, which has been on the Inbox app for a few months, relies on a trained system consisting of a pair of neural networks that interpret email and offer sensible short responses. The first network encodes words from incoming email while the second cooks up a grammatically correct reply.
#429 Special antivirus tools put to the test: performance of system rescuers in an emergency
Special antivirus tools are the typical rescue tool of choice after a malware attack. The lab at AV-TEST tested 5 popular special tools for almost a year to see whether they can reliably rescue infected Windows PCs from malware and repair everything again.
#428 Exploit Kits in 2015: Scale and Distribution
The data was taken from analysis of exploit kit URLs that were blocked by Trend Micro products over the entirety of 2015. This information represents a sizable sample of the overall threat landscape. This allows us to observe any long-term trends in the overall landscape and protect our users accordingly.
#427 Amazon Web Services (AWS) makes Database Migration Service available to all customers
According to AWS, the migration service is a fully managed service that allows customers to migrate their production Oracle, SQL Server, MySQL, MariaDB, and PostgreSQL databases from on-premises datacentres to AWS' cloud.
#426 OpenSSH with X11Forwarding enabled should heed recent security update
The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH disabled X11Forwarding long ago—it is no longer the default configuration—thus limiting the risk to most users. But some vendors—OpenSSH singled out Red Hat in particular—turn X11Forwarding on and those versions prior to 7.2p2 with X11Forwarding enabled are at risk.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12