Mac OS X is the most vulnerable OS, claims security firm.



The National Vulnerability Database reported an average of 19 vulnerabilities per day in 2014. Although that figure is an average across all areas, it’s still staggering and sobering to realize that 7,038 new security vulnerabilities were added to their database last year (not to mention what could be countless others that went unreported).


GFI Software recently crunched the numbers, separating vulnerabilities by distribution type and coming up with a list of the top operating systems as it relates to reported vulnerabilities. Here’s what they found.


In terms of distribution, a whopping 83 percent of vulnerabilities were found in applications while 13 percent were related to operating systems. The remaining four percent was credited directly to hardware issues.


Looking at operating system vulnerabilities, you may be surprised to learn that Microsoft is no longer among the top three in terms of reported security issues. The number one spot goes to Apple’s Mac OS X with 147 total vulnerabilities reported last year – 64 of which were considered high-level threats.


Second place belonged to another Apple operating system, iOS. Of the 127 reported issues, 32 were considered to be top-priority threats. Rounding out the top three was Linux with 119 reported incidents. Only 24 of them, however, were deemed high-level vulnerabilities.


It’s worth mentioning that the remaining seven operating systems in the top 10 were all Microsoft products. Specifically, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8, Windows 8.1, Windows Vista and Windows RT – in that order. If you were to consolidate all of those into a single “Windows” category, then Microsoft would jump ahead of all others by a sizable margin.


Internet Explorer topped the list of application vulnerabilities followed by Google Chrome and Mozilla Firefox. To see a trio of browsers at the top is no surprise given our heavy reliance on the Internet.

Credit TechSpot


Xbox Live and PlayStation Network Down Due To Apparent Attack



Merry Christmas to all the gamers. Xbox Live and PlayStation network are down today due to what appears to be a DDoS (denial of service) attack. A few weeks ago, the hacker group Lizard Squad threatened to take both services down on Christmas. They have taken the services down before, and their Twitter feed is indicating they are at it again. Lets hope they back off soon as Sony and Microsoft are basically at their mercy until they do.

Unfortunately many games require that the user be logged into Xbox Live or PlayStation Network before they can play, and with today being Christmas there are surely many people with new game consoles and games they are wanting to play. Ba humbug!



FTC Releases “Package Delivery” Themed Scam Alert



The Federal Trade Commission (FTC) has released a Scam Alert addressing a “Package Delivery” themed phishing campaign regarding package delivery notifications from the U.S. Postal Service.  Scam operators often use false information linked to reputable organizations to imply the email is legitimate.

Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams.




Malware from Yahoo ads did not affect US and Mac and mobile users


Malware from Yahoo ads did not affect US and Mac and mobile users

Yahoo said that malware spread by advertisements served by its European websites had not affected users in North America, Asia Pacific and Latin America as people in these locations were not served the advertisements.

In addition, users using Apple’s Mac computers and mobile devices were not affected, Yahoo said on a customer care page late Sunday. The company did not, however, disclose how many people in Europe had been affected.

Security company Fox-IT in the Netherlands said on Friday that users visiting Yahoo were receiving advertisements that were malicious. The malicious advertisements were iframes hosted on five domains.

“On January 3 we detected and investigated the infection of clients after they visited yahoo.com,” the firm said in a blog post. The malicious ads were found to redirect users to a “Magnitude” exploit kit that installed several malware files.

SurfRight, another security company in the Netherlands, confirmed on Sunday that Yahoo’s advertisement network was redirecting to an exploit kit.

Yahoo said it had promptly removed the advertisements. “We will continue to monitor and block any advertisements being used for this activity,” the Internet company said Sunday, promising more information shortly for its users.

The countries most affected by the exploit kit were Romania, U.K. and France, according to Fox-IT. “At this time it’s unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo,” it said. Fox-IT estimated that the malware resulted in 27,000 infections every hour based on traffic to the site and assuming an infection rate of 9 percent.

SurfRight and Fox-IT both said they first detected signs of the infection on Dec. 30, which will likely push up the number of computers that have been infected.