Spyware, Viruses, & Security forum

Alert

NEWS - February 05, 2014

by Carol~ Forum moderator / February 5, 2014 12:33 AM PST
Adobe releases unscheduled Flash update to patch critical zero-day threat

Adobe has released an unscheduled update for its ubiquitous Flash media player to patch a critical vulnerability that may already be under active exploit in the wild.

The security flaw exists in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and OS X and 11.2.202.335 and earlier versions for Linux, according to an advisory published Tuesday morning. The vulnerability stems from an integer underflow bug in the underlying code that could be exploited to execute arbitrary code on the affected system. Because attackers can typically trigger such vulnerabilities surreptitiously after luring victims to websites hosting attacks, Adobe rated the threat as "critical," the company's highest severity category.

"Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions," the Adobe advisory stated. It went on to thank Alexander Polyakov and Anton Ivanov of antivirus provider Kaspersky Labs for reporting the vulnerability, which was listed as CVE-2014-0497 under the standardized common vulnerabilities and exposure disclosure system.

Continued : http://arstechnica.com/security/2014/02/adobe-releases-unscheduled-flash-update-to-patch-critical-zero-day-threat/

See Stickie: Security updates for Adobe Flash Player (APSB14-04)

Vulnerabilities / Fixes: Adobe Flash Player Integer Underflow Vulnerability

Related:
Details Emerge on Latest Adobe Flash Zero-Day Exploit
Adobe Pushes Fix for Flash Zero-Day Attack
Adobe Flash flaw exploited in the wild, update now
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 05, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 05, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Misleading advertisements lead to hijacked browser settings
by Carol~ Forum moderator / February 5, 2014 1:24 AM PST

A few hours ago Mrs. W was looking to install a fresh copy of iTunes on her PC and performed a quick Google search.

Above the first (and correct) result was an ad. Nothing unusual about that, except that this particular ad screamed "SCAM!" [Screenshot]

As you can see, the URL could lead one to believe it is the iTunes download site, so I thought I would check it out.

The site I arrived at had a long list of legitimate applications with links to download them, including the one Mrs. W was interested in, iTunes. [Screenshot]

This is where it is handy to have a virus lab hanging around. You can look into these things safely and see what the scam artists are up to with little to no risk.

I clicked the download button and was taken to a page with information on iTunes, some of which was very misleading. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2014/02/05/misleading-advertisements-lead-to-hijacked-browser-settings/

Collapse -
Chrome Pop-Up to Warn Windows Users of Browser Hijacking
by Carol~ Forum moderator / February 5, 2014 1:25 AM PST

A rising number of online scams involve the modification of browser settings where a hacker spikes a free download or website with malware. The end result is generally a click-fraud scheme of some kind where the new browser settings might include spiked search engine pages or a new home page enticing the user to click on a link where the attacker would profit from the click.

Google says hijacked settings are Chrome users' No. 1 complaint, and late last week it enhanced an existing feature in the browser to get a little more in your face about fending off hijacking attempts.

Vice president of engineering Linus Upson said from now on, Windows users will be prompted via a dialog box that appears if Chrome settings have been changed. The warning will ask users if they would like to reset their Chrome settings to their original default.

Continued: http://threatpost.com/chrome-pop-up-to-warn-windows-users-of-browser-hijacking/104009

Collapse -
Firefox 27 is out - Tuesday's 2nd non-Patch-Tuesday update
by Carol~ Forum moderator / February 5, 2014 1:57 AM PST

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an update from Firefox 26 to Firefox 27.

Adobe's update came early when the company became aware of a vulnerability that was already being exploited (a so-called zero day).

Firefox's update is an as-expected release, but it neverthless closes the door on a number of so-far unexploited vulnerabilities.

Security holes patched proactively in this way can never be zero days, at least in theory, but if you don't apply security fixes promptly when they become available, you run the risk of being hit by what might as well be a zero day: a working exploit that appeared before you had closed the hole. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2014/02/05/firefox-27-is-out-tuesdays-second-non-patch-tuesday-update/

Also See:
Updates February 04, 2014: Mozilla Firefox v27.0 released
Vulnerabilities / Fixes : Mozilla Firefox Multiple Vulnerabilities

Collapse -
Alleged Silk Road Founder Indicted Again, This Time in NY
by Carol~ Forum moderator / February 5, 2014 1:58 AM PST

Federal authorities today announced a Grand Jury indictment against Ross Ulbricht, the alleged founder and owner of the underground drug emporium Silk Road.

The indictment, in New York, includes one count for narcotics conspiracy, one count of running a criminal enterprise, one count of conspiracy to commit computer hacking and one count of money laundering, according to the indictment (pdf).

It's the second indictment for the the 29-year-old, who was arrested last October in San Francisco. Ulbricht was previously charged in New York at the time of his arrest, but authorities had until December to obtain an indictment against him based on new evidence seized. They sought an extension of that time and announced the indictment today.

Continued : http://www.wired.com/threatlevel/2014/02/ross-ulbricht-indictment-ny/

Collapse -
How to Call Ransomware's Bluff
by Carol~ Forum moderator / February 5, 2014 1:58 AM PST

[Screenshot]
If your files have been taken over by the CryptoLocker ransomware, you had better hope your backups are current. Sure, you can pay the ransom, but that doesn't guarantee you'll get your files freed from hostile encryption. And if ransomware has taken over all of Windows, your best bet is a bootable rescue CD. But there's a new kind of ransomware spreading, a type that really doesn't have any teeth. I'll explain how to recognize it, and how to call its bluff.

Why Bluff?
Why would anybody write a ransomware program that can't make good on its threats? Well, all of the antivirus vendors naturally jump to develop protection against a high-profile threat like CryptoLocker. Every little change in its behavior is big news. And the system-level activities required by a ransomware tool that prevents normal Windows bootup are relatively easy to detect.

This new "paper tiger" type of ransomware escapes detection because it really doesn't do much. It displays its text and images, like any other Web page, and it users (or abuses) a common website tool that's actually needed by perfectly valid sites. That's it. And naturally the perpetrators constantly switch URLs, so a URL blacklist won't help.

Continued : http://securitywatch.pcmag.com/hacking/320316-how-to-call-ransomware-s-bluff

Collapse -
File Your Taxes Before the Fraudsters Do
by Carol~ Forum moderator / February 5, 2014 2:06 AM PST

Jan. 31 marked the start of the 2014 tax filing season, and if you haven't yet started working on your returns, here's another reason to get motivated: Tax fraudsters and identity thieves may very well beat you to it.

According to a 2013 report from the Treasury Inspector General's office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

There are countless shops in the cybercrime underground selling data that is especially useful for scammers engaged in tax return fraud. Typically, these shops will identify their wares as "fullz," which include a consumer's first name, last name, middle name, email address (and in some cases email password) physical address, phone number, date of birth, and Social Security number. [Screenshot]

The shop pictured above, for example, caters to tax fraudsters, as evidenced by its advice to customers of the service, which can be used to find information that might help scammers establish lines of credit (PayPal accounts, credit cards) in someone else's name:

Continued: http://krebsonsecurity.com/2014/02/file-your-taxes-before-the-fraudsters-do/

Collapse -
Abused update of GOM Player poses a threat
by Carol~ Forum moderator / February 5, 2014 4:11 AM PST

From the Kaspersky Lab Weblog:

Several media reported the news on January 7th, 2014, that a PC associated with "Monju" (the Fast Breeder Reactor of the Japan Atomic Energy Agency) was infected by malware and there was a suspicion of information leaks. Some pointed out that the infection had possibly been led by the abuse of the legitimate update of "GOM Player", which made it big news. GOM Player is a free media player with popular video/audio codecs built-in, favored by many Japanese people. It is different from similar free media players in some notable points: it supports major file formats such as AVI, DAT, DivX, MPEG, WMV to name just some; and it officially deploys a Japanese version. Its users are said to be more than 6 million in Japan.

We received the sample file named "GoMPLAYER_JPSETUP.EXE": [Screenshot]

The sample is an executable file compressed in RAR format. When it is executed, it unpacks itself and runs the executable file included in the archive. Fig1 shows the files included in the RAR archive:

Fig1: Files within "GoMPLAYER_JPSETUP.EXE" [Screenshot]

Continued : http://www.securelist.com/en/blog/208216055/Abused_update_of_GOM_Player_poses_a_threat

Collapse -
These Guys Battled BlackPOS at a Retailer
by Carol~ Forum moderator / February 5, 2014 4:11 AM PST

Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Target's cash registers.

Recently, I spoke at length with Tom Arnold and Paul Guthrie, co-founders of PSC, a security firm that consults for businesses on payment security and compliance. In early 2013, these two experts worked directly on a retail data breach that involved a version of BlackPOS. They agreed to talk about their knowledge of this malware, and how the attackers worked to defeat the security of the retail client (not named in this story).

While some of this discussion may be geektacular at times (what I affectionately like to call "Geek Factor 5"), there's something in here for everyone. Their observations about the methods and approaches used in this attack point to an adversary that is skilled, organized, patient and thorough.

So you first saw BlackPOS at a retailer in early January 2013?

Continued : http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer/

Collapse -
Target Hackers Broke in Via HVAC Company
by Carol~ Forum moderator / February 5, 2014 7:56 AM PST

Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.

Sources close to the investigation said the attackers first broke into the retailer's network on Nov. 15, 2013 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems.

Fazio president Ross Fazio confirmed that the U.S. Secret Service visited his company's offices in connection with the Target investigation, but said he was not present when the visit occurred. Fazio Vice President Daniel Mitsch declined to answer questions about the visit. According to the company's homepage, Fazio Mechanical also has done refrigeration and HVAC projects for specific Trader Joe's, Whole Foods and BJ's Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia and West Virginia.

Continued : http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

Collapse -
The Rise of Android Scarevertising
by Carol~ Forum moderator / February 5, 2014 4:26 AM PST

"Malwarebytes Unpacked" Blog:

Android scareware, in the form of mobile advertising pop-ups alert to a potential infection on your device, are on the rise. Fellow researcher Jerome Segura came across one using similar tactics we've written about in the past.

In this scam, the mobile ad pop-up warns of my device having 13 infections and offers a way to remove them. [Screenshot]

There is no actual scan or malware found, but links to an app with an unfamiliar name in security, Teebik. I was unable to find much information about Teebik Mobile Security.

Teebik's Facebook page is interesting in that their "Contact Info" links to Lookout Security and under "About" it says Armor for Android — two different companies with their own Mobile Security offerings — perhaps Teebiks way of adding some legitimacy, most customers wouldn't know the difference. [Screenshot]

Typically these scareware tactics are used by malicious apps, but what we're seeing more and more advertisers using them to drive traffic to generate revenue.

Continued: http://blog.malwarebytes.org/mobile-2/2014/02/the-rise-of-android-scarevertising/

Collapse -
British spies cyberattacked Anonymous hackers, Snowden docs
by Carol~ Forum moderator / February 5, 2014 5:32 AM PST
.. reveal

A British spy agency waged cyberattacks against the online chat rooms of Anonymous and LulzSec hacktivists, documents leaked by Edward Snowden (pdf) and obtained by NBC News reveal. And they used computerized "weapons" similar to those used by the hacktivists themselves to do it.

In a PowerPoint presentation created for the 2012 NSA conference SIGDEV, slides show that Government Communications Headquarters Communications (GCHQ), Britain's NSA counterpart, used denial of service (DoS) attacks against IRC chat rooms used by Anonymous and LulzSec. The mission, dubbed Rolling Thunder, was carried out by GCHQ's special spy unit Joint Threat Research Intelligence Group (JTRIG), and is said to have scared off some 80-percent of the IRC chat room users.

Launched in 2011, Rolling Thunder came in response to Anonymous's late-2010 "Operation: Payback" campaign against PayPal, MasterCard, Visa, and others, which was itself launched in retaliation for these companies' blockage of donations to WikiLeaks. The hacktivists used a downloadable tool known as the Low Orbit Ion Cannon, or LOIC, to wage distributed denial of service (DDoS) attacks - which are similar to DoS attacks - against targeted websites.

Continued : http://www.digitaltrends.com/web/british-spies-attacked-anonymous-hackers/

Related:
GCHQ DoSed Anonymous' IRC server
GCHQ reportedly infiltrated and attacked hacktivist groups
UK government launched DoS attack against Anonymous hackers doing the same thing
Collapse -
Facebook releases "Conceal," a tool to make Android apps ..
by Carol~ Forum moderator / February 5, 2014 5:32 AM PST
Facebook releases "Conceal," a lightweight tool to make Android apps safer

Producing secure cryptographic code has never been easy, especially for developers cranking out smartphone apps on tight deadlines. Now, Facebook engineers hope to ease the pain with an open-source tool that automates some of the more difficult tasks.

Conceal, as the code library has been dubbed, provides a set of easy-to-use programming interfaces for securely storing sensitive app data on an Android-based smartphone's secure digital (SD) card. Using an SD card to stash authentication tokens and similar data helps speed up bandwidth- and resource-constrained mobile apps, but it often comes at a cost. Android designates SD cards as a public resource, a design that allows other apps to access the same files. That means developers who want to improve the performance of their apps have frequently struggled to secure SD-residing data so it can't be accessed by other programs.

Continued : http://arstechnica.com/security/2014/02/facebook-releases-conceal-a-lightweight-tool-to-make-android-apps-safer/

Related:
Facebook Releases to Open Source its Conceal Android Crypto Library
Facebook Shares Its Groundbreaking Android Security Tool With World
Smartphone Apps Can Be Invasive; Facebook Protects User Privacy with 'Conceal'
Collapse -
Fake Flash App Targets Android
by Carol~ Forum moderator / February 5, 2014 5:32 AM PST

One of the early differences between iOS and Android was Flash support: Android had it, Apple ignored it. But it was short lived; even before the most recent version of Android, Flash was all but abandoned.

Still, people are very familiar with alerts from Adobe to update Flash on their computer. As F-Secure explained in their tip this week, this makes it a prime target for attackers trying to trick you into downloading malware.

Fake Flash
This week, F-Secure analyzed a malicious application posing as Adobe Flash Player. "One of the most common social engineering tactics used by Android malware is pretending to be an update for a popular third-party application such as Adobe Flash Player," said F-Secure.

Though this particular application appears to be in Russian, F-Secure was unable to determine the origin of the app. But it's possible that this fake Flash app is being circulated on third-party Android marketplaces, which don't always have the same protections as Google Play. It's also possible that victims received text messages or emails encouraging them to download the malware.

Continued : http://securitywatch.pcmag.com/mobile-security/320339-mobile-threat-monday-fake-flash-app-targets-android

Collapse -
Sochi visitors entering hacking 'minefield' by firing up ..
by Carol~ Forum moderator / February 5, 2014 7:42 AM PST
...electronics

"According to an NBC News report, Russian hackers are attacking Olympics visitors' computers and phones the instant they turn them on. Par for the course for the broken $51 billion event." - [VIDEO]

If you've read anything about the Sochi Olympics over the last few days, there's as much a chance that it was about broken and unfinished infrastructure as actual athletics. And now comes word that hackers are having a field day with unsuspecting Sochi visitors.

According to an NBC News report, unprepared Olympics attendees are being hacked the second they fire up their electronic devices.

NBC reporter Richard Engel worked with a security expert to set up two test computers in order to see just how quickly he'd be attacked when logging onto Russian networks. But, he reported, when sitting down at a cafe with the expert, "before we even finished our coffee" the bad actors had hit, downloading malware and "stealing my information and giving hackers the option to tap or even record my phone calls."

Continued : http://news.cnet.com/8301-1009_3-57618407-83/sochi-visitors-entering-hacking-minefield-by-firing-up-electronics/

Related: Hacked in Sochi in minutes: Russian cyberspace full of risks
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.