15 total posts
Rapid7 Issues Vulnerability Warning to Safari Users
On Thursday, Rapid7 advised users of Apple's Safari Web browser to avoid opening ".webarchive" files, after the discovery of a vulnerability in the security model of the webarchive format.
In Safari, the webarchive format saves all of the resources within a given webpage, including images, scripts, and stylesheets into a single file. In a blog post, Rapid7's Joe Vennix explained the Universal Cross-Site Scripting vulnerability, which has serious repercussions to Safari users on both the Windows and Mac OS X platforms.
Apple has not addressed the issue because exploitation requires an attacker to trick a victim into opening the .webarchive file manually. This can only happen after they ignore a generic warning message that says in part "...this content was downloaded from a webpage..."
"This is a potentially dangerous decision, since a user expects better security around the confidential details stored in the browser, and since the webarchive format is otherwise quite useful. Also, not fixing this leaves only the browser's file:// URL redirect protection, which has been bypassed many times in the past," Vennix explained.
Also: Researchers Warn Over Apple Safari Flaw
US Judge: Hacking into Suspects' Computers is a No-No
The FBI's petition to plant spyware on suspects' computers to harvest information helpful for an investigation has been dismissed by a judge in the U.S. District Court for the Southern District of Texas.
The petition was sent in March, when the FBI sought a warrant to search a computer of an unknown suspect at an unknown location, in relation to e-banking fraud.
According to Computerworld, the software would disclose the location of the device, take snapshots of the suspects using the device via the webcam and exfiltrate browsing activity, firewall logs, caches, cookies, bookmarks and search queries.
U.S. Magistrate Judge Stephen Smith dismissed the request in a 13-page ruling this week, as this type of search would be "overly intrusive and infringing on Fourth Amendment protections against unreasonable search."
Continued : http://www.hotforsecurity.com/blog/us-judge-hacking-into-suspects-computers-is-a-no-no-6052.html
Also: U.S. judge says FBI can't hack crime suspect's computer
Samsung Delays Release of Security Software for Galaxy Phone
In February, Samsung Electronics introduced Knox, a version of Android with security features to make the company's phones more suitable for businesses, expected for release this spring. But the company has delayed the release of the software until summer, according to two people briefed on the company's plans.
Samsung initially said Knox would launch on the Galaxy S4, which is to arrive in AT&T stores on Saturday. But two people working with Samsung on Knox, who asked not to be named because they were not authorized to speak about their relationships with the company, said Samsung had decided to delay the release because it needed more time to test the software internally and with carriers. Samsung informed one of these people that Knox would be out around July.
Knox is expected to ship on some Samsung Galaxy devices. Analysts say the software puts Samsung, the leading manufacturer of Android devices, in a position to replace BlackBerry as the phone for professionals.
Google bans self-updating Android apps, possibly including..
"Facebook end run around Google Play store followed by change in Google policy."
About six weeks ago, users of Facebook's Android application noticed that they were being asked to install a new version—without going to the Google Play app store.
Android is far more permissive than iOS regarding the installation of third-party applications, even allowing installation from third-party sources if the user explicitly allows it. However, it's unusual for applications delivered through the official Google store to receive updates outside of the store's updating mechanism.
Google has now changed the Google Play store polices in an apparent attempt to avoid Facebook-like end runs around store-delivered updates. Under the "Dangerous Products" section of the Google Play developer policies, Google now states that "[a]n app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism." A Droid-Life article says the language update occurred Thursday. APK (standing for application package file) is the file format used to install applications on Android.
Microsoft Windows XP Support Also Ending in the Malware ..
From Symantec's Security Response Blog:
Recently, I discovered a back door Trojan horse program that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat be used in targeted attacks.
The fseek function
In this threat, the author uses the fseek function, which is unusual as it is normally used to process data. For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes. [Screenshot]
However, in the case of this Trojan, there are three functions that continue in a loop:
1. Append one string to another string (strcat)
2. Move zero bytes from the end of the file (fseek)
3. Split a string into tokens (strtok)
Usually, code reads or writes data after the fseek function, but in this case this process does not happen. It is also strange that such a function is written in a loop.
Continued : http://www.symantec.com/connect/blogs/microsoft-windows-xp-support-also-ending-malware-community
Mom, I Bought You a Public Toilet Survival Kit for Mother's
"Hello mom. I know I haven't called you in a while, but here I was, at the office, and got an e-mail with a major discount for Mother's Day. When can I stop by to drop off the public toilet survival kit I got for you?"
If you find yourself having this implausible conversation with your mom, check your inbox - you're probably infected with the latest Mother's day spam. [Screenshot]
Scammers mostly pull out the same old tricks, boring our beloved Bitdefender Labs experts to tears. But some days are full of surprises. The most recent one is a spam campaign that starts with sensitive Mother's Day messages, ups the offer to cheap flowers ... and then appeals to any man's heart. [Screenshot]
Instead of low price on roses and tulips, men end up on a web site offering great gifts for... men. Gadgets, living, style, rides, body and entertainment presents are just a few of the "exciting" stuff users can get for their mothers on May 12th.
The scammers' mechanisms are pretty simple:
Stage 1: Tell men they should buy flowers for their moms.
Continued : http://www.hotforsecurity.com/blog/mom-i-bought-you-a-public-toilet-survival-kit-for-mothers-day-6039.html
Dutchman Arrested in Spamhaus DDoS
A 35-year-old Dutchman thought to be responsible for launching what's been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.
According to a press release issued by the Public Prosecutor Service in The Netherlands, the National Prosecutor in Barcelona ordered SK's arrest and the seizure of computers and mobile phones from the accused's residence there. The arrest is being billed as a collaboration of a unit called Eurojust, the European Union's Judicial Cooperation Unit.
It is not clear who SK is, but according to multiple sources, the man identified as SK is likely one Sven Olaf Kamphuis. The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, "We are aware that this is one of the largest DDoS attacks the world had publicly seen." The Times quoted Kamphuis as saying that Cyberbunker was retaliating against Spamhaus for "abusing their influence."
Dutch Suspect Sven Olaf Kamphuis Arrested for Biggest Cyber Attack in Internet History
Suspect Arrested Over 'Biggest Cyber Attack Ever'
Kaspersky Warns UK Government Of 'Catastrophic' Cyber Attack
Government officials have been warned of the "catastrophic" consequences of a cyber attack on the UK population, by Eugene Kaspersky, chief of the Russian security firm that carries his surname.
Kaspersky, who recently told TechWeekEurope he backed calls for a non-proliferation treaty covering cyber weapons, said code could be used to "disable companies, cripple governments and bring whole nations to their knees by attacking critical infrastructure".
Kaspersky fears catastrophe
Eugene Kaspersky"The consequences for human populations could, as a result, be literally catastrophic," Kaspersky said at a dinner with Home Office Minister James Brokenshire, in front of various dignitaries, including Adrian Leppard, commissioner of the City of London Police, and Stephen Harrison, chief executive of the National Fraud Authority.
Continued : http://www.techweekeurope.co.uk/news/kaspersky-uk-government-cyber-attack-warning-114504
Cyberwar risks calamity, Eugene Kaspersky warns UK Government and spooks
Cyber terrorists are only a matter of time, warns Eugene Kaspersky
Brazen Crimeware Marketing Branches Out to Social Networks
The secrecy of underground forums where financial malware and crimeware kits are traded is well guarded, to the point that few are able to penetrate them without some kind of internal sponsor. Here, criminals value their privacy as much as those from whom they steal.
That's what makes a recent discovery from RSA Security's FraudAction Research Lab all the more jarring. Expert Limor Kessem found this week that a new fraud service was being marketed over Facebook. The developer, an Indonesian-speaking person, was selling a customized botnet panel for the Zeus Trojan.
Kessem said the Facebook page was updated frequently with information about botnets, exploits and their version of Zeus.
"Beyond having compiled a working Zeus Trojan kit, the developer customized an attractive control panel for the admin (basic and familiar in functionality, and taken from previous Zeus versions), the developer and his team created a demo website for potential buyers—which they have no qualms about sharing publicly," Kessem said.
Continued : http://threatpost.com/brazen-crimeware-marketing-branches-out-to-social-networks/
Phishers Hack Hosting Providers To Launch Mass Attacks
"Nearly half of all phishing attacks in the second half of last year came via hacked hosting providers, according to new data from the Anti-Phishing Working Group (APWG)"
Spearphishing is hot, especially when it comes to targeted attacks. But for phishing campaigns looking for maximum impact and victims, the most popular method is to compromise legitimate hosting providers, and new data shows that vector on the rise worldwide.
According to the Anti-Phishing Working Group (APWG), some 47 percent of all phishing attacks the second half of 2012 were via hacked hosting providers. Phishers used 89,748 unique domain names in the second half of the year, up from 64,204 domains in the first half of the year.
Phishing via hosting provider works like this: The attacker breaks into a Web server hosting multiple domains -- a shared virtual server -- and launches phishing attacks on each domain on that server. It's an efficient method that allows the attacker to infect hundreds or even thousands of websites.
Continued : http://www.darkreading.com/attacks-breaches/phishers-hack-hosting-providers-to-launc/240153663
Hackers increasingly target shared Web hosting servers for use in mass phishing attacks
Phishing attacks skyrocketing
Study finds hosting providers offer phishing paradise
Brad Arkin Named Adobe CSO
Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company's product security and privacy initiatives.
Adobe has been in the security spotlight for several years now, as attackers have focused their attention on the company's portfolio of products that enjoy user counts in the billions. Flash and Reader have been frequent targets for attackers who are always on the lookout for vulnerabilities in widely deployed applications, which give them the best chance of compromising a high number of users. Exploits for Adobe products often pop up in the commercial exploit kits such as Cool, Blackhole and others and Flash and Reader zero days are highly prized in the hacking underground.
As the threats to Adobe's products have escalated, so too have the company's efforts to combat them. Arkin joined the company in 2008, just as Adobe was emerging as a key target. Before that, attacker mainly had focused on Microsoft, Oracle and browsers, but the ubiquity of Adobe's products drew their attention. Arkin began addressing the problem from the bottom up, implementing a software security program designed to help developers write more secure code and eliminate vulnerabilities before products ship.
Continued : http://threatpost.com/brad-arkin-named-adobe-seo/
Security of hosted services is top priority for Adobe's first CSO
Adobe Appoints Brad Arkin as Chief Security Officer
Adobe names Brad Arkin its first-ever CSO
VirusTotal now analyses network traffic
The popular VirusTotal service, which can run more than 20 anti-virus scanners over a sample in one pass, can now also look for signs of malware infections in captured network traffic. To perform a check, users upload network packets that are captured in the common PCAP format instead of sending VirusTotal the more traditional suspicious EXE, PDF or HTML file. [Screenshot]
Such network traffic dumps can be created with sniffers like Wireshark or tcpdump. VirusTotal will extract all transmitted files and present them to the familiar virus scanners; registered users will also receive copies of the extracted files. The scan service also looks at the network traffic data with the Snort and Suricata intrusion detection systems. These services can, for instance, detect the communication between a botnet client and its command & control server, as well as other typical attack patterns.
However, this type of analysis will produce numerous "Potentially Bad Traffic" messages and users will need to decide for themselves whether they are dealing with a false alarm. Another interesting aspect is the extra information that is generated during analysis, which can provide insights into the activities within a network. For example, VirusTotal lists all found DNS queries and web page (HTTP) requests.
LivingSocial confirms hacking; 50 million accounts affected
"LivingSocial is the latest major online property to be hacked. Here are more details about what to do next from company leaders."
Following reports earlier on Friday, LivingSocial confirmed that it is has been the victim of a major cyber attack.
The Washington, D.C.-based business asserted via email that is already in the process of notifying more than 50 million customers whose data may have been affected by the cyber-attack.
Those emails started going out this afternoon, and company reps assured that it will continue until all customers have been reached.
The hacking spans borders, affecting members of the Amazon-owned property worldwide -- except in Thailand, Malaysia, Indonesia, and the Philippines because TicketMonster and Ensogo use different data systems.
LivingSocial PR responded to our request and provided copies of the following two emails to serve as the daily deal company's official statements:
Continued : http://www.zdnet.com/livingsocial-confirms-hacking-more-than-50-million-accounts-affected-7000014606/