12 total posts
iMessage Used in Irritating Denial of Service Attacks
Some iOS app developers have reportedly been targeted in a denial of service (DOS) attack which makes use of some major oversights in Apple's iMessage app. Hopefully, Apple will take notice before the issue becomes more widespread.
According to the The Next Web, developers iH8sn0w, Grant Paul, and others have received innumerable messages on their iOS devices that can crash the app, and in some cases lock them out of their messaging systems entirely. This is particularly annoying because Apple's Messages app is used to manage both iMessages, which are sent from Apple's desktop messaging app, and text messages sent from cell phones.
"The iMessage spammer has now completely locked me out of my iOS Messages app, by sending long strings of Unicode chars," Tweeted Grant Paul on Friday. "Definitely a DoS."
Continued : http://securitywatch.pcmag.com/spam/309881-imessage-used-in-irritating-denial-of-service-attacks
Also:Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks
Who Wrote the Flashback OS X Worm?
A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple's version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I've gathered over the past year that point to the real-life identity of the Flashback worm's creator.
Before I delve into the gritty details, a little background on this insidious contagion is in order. A keenly detailed research paper (PDF) published last year by Finnish security firm F-Secure puts the impact and threat from Flashback in perspective, noting that the malware boasted a series of "firsts" for its kind. For starters, Flashback was the first OS X malware to be "VMware aware" — or to know when it was being run in a virtual environment (a trick designed to frustrate security researchers). It also was the first to disable XProtect, OS X's built-in malware protection program. These features, combined with its ability to spread through a then-unpatched vulnerability in Java made Flashback roughly as common for Macs as the Conficker Worm was for Windows PCs.
"This means Flashback is not only the most advanced, but also the most successful OS X malware we've ever seen," wrote F-Secure's Broderick Ian Aquilino.
Continued : http://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/
Related: The biggest Mac malware attack of all time - blogger names suspected mastermind
Firefox 20 Fixes 11 Critical Flaws, Adds Per-Tab Private
Mozilla has added a new privacy feature to Firefox that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs. Firefox 20 also includes patches for 11 critical security vulnerabilities.
The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention. Some of the other major browsers, including Google Chrome, have the same kind of feature, but the extension of the private browsing function to a per-tab basis is a significant one.
"Firefox includes a new enhancement to private browsing that allows you to open a new private browsing window without closing or changing your current browsing session. You can shop for a birthday gift in a private window with your existing browsing session uninterrupted. You can also use a private browsing window to check multiple email accounts simultaneously," Mozilla said in a blog post.
Mozilla also made the same change for the Android version of Firefox.
Continued : https://threatpost.com/en_us/blogs/firefox-20-fixes-11-critical-flaws-adds-tab-private-browsing-040213
Also: Firefox enhances private browsing
Banking Trojan disguised as innocuous Word and WinHelp files
Part of the job of a malware author is to constantly think up new ways of outsmarting researchers and bypassing automatic detection methods used by antivirus and other security software. These techniques are eventually recognized and incorporated into the defenses, but it's always interesting for malware analysts to unearth new ones.
Panda Security malware researcher Bart Blaze has recently discovered a banking Trojan targeting Brazilian online banking users that employs a novel way to hide its real nature: its executables are delivered in the guise of .hlp (WinHelp) files.
The attack starts with fake invoice notices delivered via email: [Screenshot]
Users who wish to review the invoice are urged to download a .zip file from a Dropbox account. Unfortunately, it contains an executable sporting a fake .docx extension and a MPEG-4 icon.
Once run, the currently poorly detected malware contacts a remote server and automatically downloads what seems to be a WInHelp file with a slightly better detection rate.
US Army Mobile Devices Lack Security
Some 14,000 mobile devices belonging to the US Military Academy and the US Army Corps of Engineers were found lacking proper security policies.
The devices, used by Army personnel and civilians, were given access to sensitive and critical military networks and data. The IG report found that no management software was installed on any of the devices, and that no remote wipe function was added in case they were lost or stolen.
Posing serious security risks, the IG reports that sensitive networks may have been extremely vulnerable due to the security gap. Concluding that companies and institutions should impose stricter BYOD (Bring-Your-Own-Device) policies, the IG report places a high risk factor on improperly authenticated and monitored handhelds that access critical systems.
"In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information," the report said. "As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cyber-security attacks and leakage of sensitive data."
Continued : http://www.hotforsecurity.com/blog/us-army-mobile-devices-lack-security-5836.html
Fool Me Once...
When you're lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to 'maximum.' But when you've gained access to an elite black market section of a closely guarded crime forum to which very few have access, it's easy to let your guard down. That's what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be cybersleuths.
On Jan. 16, 2013, I published a post titled, "New Java Exploit Fetches $5,000 Per Buyer." The details in that story came from a sales thread posted to an exclusive subforum of Darkode.com, a secretive underground community that has long served as a bazaar for all manner of cybercriminal wares, including exploit kits, spam services, ransomware programs, and stealthy botnets. I've maintained a presence on this forum off and on (mostly on) for the past three years, in large part because Darkode has been a reliable place to find information about zero-days, or highly valuable threats that exploit previously unknown vulnerabilities in software — threats that are shared or used by attackers before the developer of the target software knows about the vulnerability. [Screenshot]
Continued : http://krebsonsecurity.com/2013/04/fool-me-once/
Ongoing malware attack targeting Apache hijacks 20,000 sites
"Mysterious "Darkleech" exposes visitors to potent malware exploits."
Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.
The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet's most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said.
Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren't ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes.
Continued : http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
Darkleech infects scores of Apache servers
Darkleech Attacks Hit 20,000 Websites
Update for Sophos Web Protection Appliance
Security firm Sophos has asked that its customers install version 188.8.131.52 of the Web Protection Appliance immediately. At the end of February, staff at security firm SEC Consult discovered vulnerabilities in the product's web-based user interface. Sophos has closed the security holes in the latest version.
The vulnerabilities allow attackers to harvest sensitive data such as passwords and session cookies and provide access to private certificate keys. These keys can be used to sign arbitrary certificates that could serve for man-in-the-middle attacks or phishing attacks within a company network because all clients in a network will accept the certificates.
Sophos says that SEC Consult Vulnerability Lab privately reported the security holes on 21 February. No public exploits for the vulnerabilities (CVE numbers CVE-2013-2641, CVE-2013-2642 and CVE-2013-2643) are believed to have appeared.
See Vulnerabilities / Fixes : Sophos Web Appliance Multiple Vulnerabilities
Stealthy BaneChant Trojan Lurks in Word File, Relies on
.. Multiple Mouse Clicks
Much like malware that was discovered last year, a new Trojan has been reported that relies on detecting mouse clicks to evade sandbox analysis. BaneChant masquerades as a Word document and incorporates advanced evasion techniques making it stealthier than its predecessor.
Researchers at FireEye spotted the malware in a malicious document that translates to "Islamic Jihad.doc," a title that suggests the malware is targeting governments via spear phishing attacks in the Middle East and Central Asia, according to a post on the company's blog by Chong Rong Hwa yesterday.
The malware, discovered by FireEye's Abhishek Singh, can send information about the infected computer to attackers and can also set up backdoors to allow remote access that could let an attacker further execute malicious activities.
Once victims open the document, the malware downloads a binary and leverages a shortened URL to disguise what it's doing from malware detection services. Instead of communicating directly with a command and control server, this Trojan communicates with the URL shortening service, ow.ly, which then contacts the C+C server.
Continued : https://threatpost.com/en_us/blogs/stealthy-banechant-trojan-lurks-word-file-relies-multiple-mouse-clicks-040213
Aggressive Android adware and malware on the rise
With adware gleaning more user data from people devices than they would normally need too and developers bundle more than one adware framework into their apps, user privacy is increasingly taking a backseat to profit for developers and advertisers.
More and more unknown third parties now have access to user browsing history, phone numbers, email address and everything they need to compile comprehensive and personalized user profiles.
User privacy is taking a serious blow as adware targeting Android devices jumped 61 percent worldwide in the five months through January, while malware expanded 27 percent and adware in the US expanded 35 percent, according to a study by Bitdefender Labs. The number of Trojan reports spiked 37 percent in December 2012.
Continued : http://www.net-security.org/malware_news.php?id=2452