Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Cisco patches DoS vulnerability pair in IOS

Updates have been issued by Cisco to fix a vulnerability in their IOS regarding holes that could lead to an extended DoS attack. The vulnerabilities are limited to IOS that supports BGP as well as the four-octet Autonomous Systems (AS) number.

Click here for more information.

Malware afflicts 1.5% of Symbian handsets

In a recent survey of 1958 Symbian devices in India and Europe, 1.6% were found to have been infected with some form of malware. The malware detected could have explainable reasons for being on the phone, while others is seen as basically a non-threat. The fact, though, is while malware for Symbian devices is in its infancy, the concern is we are seeing the start of malware being designed for Symbian devices.

Click here for more information.

Mac flaw could let hackers get scrambled data

Three forms of malware have been detected for the Mac platform.

The most sophisticated, and unnamed, of the three forms of malware, allows a hacker to tack complete control of an infected Mac.

“OSXPuper” is spread by users downloading a rogue video player from infected websites. The malware can then download other types of viruses.

“Machiavelli” takes control of Apple’s Safari browser, stealing encrypted data from a user’s bank account.

Click here for more information.

Hijacking iPhones and other smart devices using SMS

By sending a malformed SMS message to a user, an iPhone can be hijacked without the phone’s owner knowing. The attacker could then launch malware now residing on the iPhone.

Comment: Being that hackers go where they can receive the largest financial return for the time spent, Windows platforms have always been the greatest target. With iPhones being such a large percentage of the mobile market, will Apple’s iPhone be the next Windows platform as far as targets yielding the largest return?

Click here for more information.

‘MonkeyFist’ Launches Dynamic CSRF Web Attacks

Illustrating how sophisticated attacks can become researchers developed a tool that takes advantage of the emergence of integrated and aggregated content features, such as buttons used for “Twitter” and “Digg This”. CSRF, or cross-site request forgery, is when an attacker makes a Web request within the context of the victim’s Web session. Essentially what is happening here is the bad guy is silently riding on top of a victim’s existing Web session.

Click here for more information.