Spyware, Viruses, & Security forum


NEWS - April 02, 2012

by Carol~ Forum moderator / April 2, 2012 6:34 AM PDT
Global Payments: Rumor and Innuendo

Global Payments Inc., the Atlanta-based credit and debit card processor that recently announced a breach that exposed fewer than 1.5 million card accounts, held a conference call this morning to discuss the incident. Unfortunately, that call created more questions than it did answers, at least for me. The purpose of the this post is to provide some information that I have gathered, and a few observations about the reporting on this breach so far.

In a conference call this morning, Paul Garcia, Chairman and CEO of Global Payments (NYSE: GPN), declined to offer few new details about how the breach happened, beyond the details the company released in its press release last night. He also declined to comment on reports that the breach may have dated back to at least January 2012. Garcia emphasized that the company self-reported and discovered the intrusion in early March, and proactively notified law enforcement officials and hired independent forensics investigators.

When asked about the timeline first reported by KrebsOnSecurity.com last Friday — that Visa and MasterCard were warning of a payment processor that had an exposure between Jan 21, 2012 and Feb. 25, 2012 — Garcia said, without elaborating:

"There's a lot of rumor and innuendo out there which is not helpful to anyone, and most of it incredibly inaccurate. In terms of other timelines, I just cannot be specific further about that."

He went on to state that, "This does not involve our merchants, our sales partners, or their relationships with their customers. Neither merchant systems, or point of sale devices, were involved in any way. This was self-discovered and self-reported." Databreaches.net has a decent round-up of the call details, as well as other reporting on this breach.

Continued : http://krebsonsecurity.com/2012/04/global-payments-rumor-and-innuendo/

Global Payments: 1.5MM Cards 'Exported'
How to Tell if You're Caught in the Giant Global Payments Credit Card Fraud
Updated: Global Payments Says 1.5 Million Cards May Be Affected By Breach
Post a reply
Discussion is locked
You are posting a reply to: NEWS - April 02, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 02, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mac Flashback Exploiting Unpatched Java Vulnerability
by Carol~ Forum moderator / April 2, 2012 7:47 AM PDT
In reply to: NEWS - April 02, 2012

From F-Secure Antivirus Research Weblog:

A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now. [Screenshot]

Oracle released an update that patched this vulnerability back in February... for Windows.

But — Apple hasn't released the update for OS X (yet).

It appears that the Flashback gang is keeping up with the latest in exploit kit development. Last week, Brian Krebs reported that the CVE-2012-0507 exploit has been incorporated into the latest version of the Blackhole exploit kit. And that's not all. Though it is unconfirmed, there are rumors of yet another available exploit for an "as-yet unpatched critical flaw in Java" on sale.

So if you haven't already disabled your Java client, please do so before this thing really become an outbreak. Check out our previous post for instructions on how to disable Java on your Mac.

Our previous instructions on how to check whether you are infected with Flashback is still applicable. However, for this variant, there is an additional updater component that is created in the infected user's home folder. By default it is created as "~/.jupdate".

Continued: http://www.f-secure.com/weblog/archives/00002341.html

Related: New Java Attack Rolled into Exploit Packs

Collapse -
Security vulnerability at TweetDeck
by Carol~ Forum moderator / April 2, 2012 7:47 AM PDT
In reply to: NEWS - April 02, 2012

The TweetDeck Twitter client apparently suffered from a security breach on Friday that gave some users the ability to take over other people's accounts. Twitter, which owns TweetDeck, reacted quickly and disabled the client's access to the system. TweetDeck's functionality was restored less than a day later, once the bug had been fixed.

TweetDeck user Geoff Evason discovered the bug which gave him access to the Twitter and Facebook accounts of hundreds of other TweetDeck users. TweetDeck allows its users to pull together both Twitter and Facebook accounts under a TweetDeck account to aggregate updates from both services. Evason publicly reported the problem on Twitter, posting a screenshot to document the vulnerability. To back up his claims, he also posted several messages from other people's accounts.

In a statement to VentureBeat and other US media, Twitter representatives said that no account passwords were compromised and that, as far as Twitter is aware, the vulnerability had not been exploited maliciously. Facebook told the Wall Street Journal that fewer than 250 of its users were affected, that no abuse of those accounts had occurred and it was working with Twitter to "understand the full scope of this issue".


Collapse -
UK government plans to spy on email, web and internet phone
by Carol~ Forum moderator / April 2, 2012 7:48 AM PDT
In reply to: NEWS - April 02, 2012

The British government is proposing new legislation which would allow the police and secret service to monitor internet users' email and web activity.

Unsurprisingly, privacy campaigners are up in arms about the plan which would force internet service providers to give British intelligence agencies' real-time access to electronic communications.

However, the authorities argue that it is necessary for national security and to fight terrorism, online child abuse and organised crime.

Presently, ISPs keep details of which websites users visit, and who they send and receive emails and internet phone calls from, for 12 months. This information can be accessed retrospectively by investigators, provided the correct legal hoops (such as being granted a warrant from a magistrate's court) were jumped through.

Under the new proposals, ISPs would install hardware from GCHQ - the Government's electronic snooping agency - allowing investigators to tap into a real-time feed of data, and examine when communications were sent, and who to, in order to build up intelligence on criminal activity.

Continued : http://nakedsecurity.sophos.com/2012/04/02/uk-government-spy-plans/

Collapse -
Pastebin.com arms itself against misuse
by Carol~ Forum moderator / April 2, 2012 7:48 AM PDT
In reply to: NEWS - April 02, 2012

The owner of Pastebin.com plans to monitor posted content more carefully. According to a BBC article, Jeroen Vader, the 28-year-old Dutch entrepreneur who bought the platform in early 2010, is going to hire employees to watch for any sensitive information that may be posted on Pastebin.com.

Pastebin.com is used for uploading texts, mostly by developers who want to post source code, Vader says. Users are asked not to post any email or password lists, login data, personal information or pornographic material.

According to the article, Vader receives around 1,200 reports every day from the platform's abuse notification system and via email. The additional employees will ensure that undesirable content, such as personal data, is removed more quickly than before.

Pastebin.com logs about 17 million users each month. This includes people claiming to belong to Anonymous and other hacker movements, who have used the site to publish stolen data and other information. Some of that information included data from Panda Security's compromised web site, emails from security consulting firm Stratfor, and email addresses and passwords from Youporn users.

Continued : http://www.h-online.com/security/news/item/Pastebin-com-arms-itself-against-misuse-1498988.html

Also: Pastebin.com hiring staff to get rid of activists' dumps

Collapse -
Alleged hacker Ryan Cleary is back in jail
by Carol~ Forum moderator / April 2, 2012 7:48 AM PDT
In reply to: NEWS - April 02, 2012

"A man accused of being associated with the Lulzsec hacktivist campaigns is back in jail."

Ryan Cleary, who allegedly ran the Internet Relay Chat rooms used by the group, was arrested last year but released on bail with some conditions.

His lawyer, Karen Todner, told The INQUIRER that Cleary has been re-arrested for breaking his bail conditions.

Cleary was ordered not to use the internet, but apparently broke that bail condition by emailing Hector Xavier Monsegur, otherwise known as Sabu, over Christmas.

He was re-arrested on 5 March, the day before other Anonymous-linked hackers were arrested and the US Federal Bureau of Investigation (FBI) went public with the news that Sabu had turned informant.

Cleary remains accused of hacking into the UK Serious Organised Crime Agency as well as some other organisatons. When he was released in June 2011, the conditions of his bail required him to stay home at night and stay off the internet.

Continued : http://www.theinquirer.net/inquirer/news/2165188/alleged-hacker-ryan-cleary-jail

LulzSec suspect Ryan Cleary sent back to jail - for contacting Sabu
Alleged LulzSec hacker back in jail after breaking bail conditions
LulzSec suspect Cleary sent back to jail

Collapse -
Pinterest VISA Giftcard Spamrun on Twitter
by Carol~ Forum moderator / April 2, 2012 7:58 AM PDT
In reply to: NEWS - April 02, 2012

From the GFI Labs Blog:

Avid users of Pinterest should be aware that a large spamrun involving the Twitter account "Pinterestdep" is underway right now, asking users to visit the Twitter page and associated URL. Here's one spam example in case the Twitter staff nuke the bot posts from orbit: [Screenshot]

The account in question has a solitary tweet, posted 18 hours ago: [Screenshot]

"Just tell us what you think of Pinterest, and get a free $150 VISA gift card now!"

The stats page for the Bi t .ly link tells us 204 people have clicked it since April 1st, and no doubt more will be taking a look while the spam bombardment continues from multiple bot accounts.

As for the page itself, it's along the same lines as the final destination URLs for the links served up by the Tumblr spam posts not so long ago. To get your hands on a "free" card, you have to do the following:

Continued : http://www.gfi.com/blog/pinterest-visa-giftcard-spamrun-on-twitter/

Collapse -
Adobe Releases Malware Classifier Tool
by Carol~ Forum moderator / April 2, 2012 8:09 AM PDT
In reply to: NEWS - April 02, 2012

Adobe has published a free tool that can help administrators and security researchers classify suspicious files as malicious or benign, using specific machine-learning algorithms. The tool is a command-line utility that Adobe officials hope will make binary classification a little easier.

Adobe researcher Karthik Raman developed the new Malware Classifier tool to help with the company's internal needs and then decided that it might be useful for external users, as well.

" To make life easier, I wrote a Python tool for quick malware triage for our team. I've since decided to make this tool, called "Adobe Malware Classifier," available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful," Raman wrote in a blog post.

"Malware Classifier uses machine learning algorithms to classify Win32 binaries - EXEs and DLLs - into three classes: 0 for "clean," 1 for "malicious," or "UNKNOWN." The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results."

Continued : http://threatpost.com/en_us/blogs/adobe-releases-malware-classifier-tool-040212

From the Adobe Secure Software Engineering Team (ASSET) Blog: Presenting "Malware Classifier" Tool

Collapse -
Potential first Android bootkit spotted
by Carol~ Forum moderator / April 2, 2012 8:23 AM PDT
In reply to: NEWS - April 02, 2012

Security researchers of US-based NQ Mobile have recently discovered what might be the first Android bootkit. Dubbed DKFBootKit, the malware piggybacks malicious payloads into legitimate apps that require root privilege.

"Specifically, by taking advantage of the root privilege, DKFBootKit adds itself as a part of the boot sequence of the original Android system and replaces a number of utility programs (e.g., ifconfig and mount)," claim the researchers. "By doing so, the malware can get started even before the entire Android framework is bootstraped."

The apps targeted for repackaging with the malicious payload are mostly utility apps, but a few are also apps that provide license keys for some paid apps: [Screenshot]

The malware's final goal is to make itself run earlier than the Android framework, and to deliver a bot payload that connects the device to several C&C servers and waits to receive additional commands.

Continued : http://www.net-security.org/malware_news.php?id=2051

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


CNET bought a house!

Take a look inside the house where we will be testing connected locks, thermostats and other smart home products so we can tell a complete story.