10 total posts
Inside an Attack on Broadband Analysis Site SpeedTest.Net
SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.
The situation has since been cleaned up. Details and pictures can be found here on Invincea's blog.
The exploit used a number of tactics and techniques to evade detection while exploiting the Java software plug-in, the company stated in a blog post. In addition, Invincea discovered this particular attack campaign utilized "the lesser-known" g01pack exploit kit, which is known to typically drive traffic to a landing page via malvertising where victims would be served with rogue antivirus.
Continued : http://www.securityweek.com/inside-attack-popular-broadband-analysis-site-speedtestnet
Security alert for D-Link routers
Security expert Michael Messner has identified several holes in D-Link's DIR-300 and DIR-600 routers that allow potential attackers to execute arbitrary commands with little effort. Although current firmware versions are also affected, the router manufacturer does not appear to be planning to close the hole.
Messner describes on his blog how a simple POST parameter allows Linux commands to be executed at root level on vulnerable routers. No password or other authentication is required to do so. In a short test, The H's associates at heise Security found that many of the devices can even be accessed from the internet and managed to inject a harmless command into such a router. A real attacker could randomly exploit systems, for example to divert a router's entire internet traffic to a third-party server.
Even if a router is not directly accessible via the internet, the hole poses a significant security risk: an attacker could use a specially crafted page to trick router owners into sending the script call to their routers through their local network (Cross-Site Request Forgery, CSRF). Messner said that he also discovered further security issues: among other things, the router saves the root password in plain text in the var/passwd file. Together with the previously described hole, this turns the task of extracting the root password into child's play - not that it is necessary, as potential attackers can already execute commands at root level anyway.
Continued : http://www.h-online.com/security/news/item/Security-alert-for-D-Link-routers-1798804.html
WhiteHole Exploit Kit Emerges
From the TrendLabs Security Intelligence Blog:
We analysed the related samples, including the exploit malware cited in certain reports. The malware (detected as JAVA_EXPLOYT.NTW) takes advantage of the following vulnerabilities to download malicious files onto the system:
Worth noting is CVE-2013-0422, which was involved in the zero-day incident that distributed REVETON variants and was used in toolkits like the Blackhole exploit kit and Cool exploit kit. Because of its serious security implication, Oracle immediately addressed this issue and released a software update, which was received with skepticism.
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/whitehole-exploit-kit-emerges/
Facebook will be closed for maintenance between Feb 29-31 ..
... - joke chain letter spreads
Messages have been spreading on Facebook claiming that the social network will be closed between February 29th and February 31st, 2013.
And, of course, it's kinda true. You won't be able to log into Facebook on February 29th, February 30th or February 31st this year. Nor will you have much luck, although the messages don't mention this, on June 31st.
Umm.. that's because those days don't exist.
Clearly whoever started spreading this message intended it as a practical joke - but it seems some users have taken it at face value and shared it with their friends, unaware of the silliness.
The messages appear to be particularly prevalent in French - maybe it was a gallic wag who started off the chain letter? [Screenshot]
Continued : http://nakedsecurity.sophos.com/2013/02/06/facebook-closed-maintenance-february/
Crooks Net Millions in Coordinated ATM Heists
Organized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned. The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year.
According to sources in the financial industry and in law enforcement, the thieves first struck on Christmas Eve 2012. Using a small number of re-loadable prepaid debit cards tied to accounts that they controlled, scammers began pulling cash out of ATMs in at least a dozen countries. Within hours, the perpetrators had stolen approximately $9 million.
Then, just prior to New Year's Eve, the fraudsters struck again, this time attacking a card network in India and making off with slightly less than $2 million, investigators say.
The accounts that the perpetrators used to withdraw money from ATMs were tied to re-loadable prepaid debit cards, which can be replenished with additional funds once depleted. Prepaid card networks generally enforce low-dollar limits that restrict the amounts customers can withdraw from associated accounts in a 24 hour period. But in both ATM heists, sources said, the crooks were able to increase or eliminate the withdrawal limits for the prepaid accounts they controlled.
Continued : http://krebsonsecurity.com/2013/02/crooks-net-millions-in-coordinated-atm-heists/
Nearly a third of all computers are infected with malware
PandaLabs released its annual security report which details an extremely interesting year of data theft, social networking attacks and cyber-warfare.
The most devastating news? 31.98 percent of all computers scanned around the world had malware. With the addition of 2012's numbers, the grand total of all malware samples in PandaLabs' database has reached approximately 125 million and researchers estimated that at least 27 million new strains of malware were created in 2012 alone.
Trojans continued to account for most of the new threats, comprising three out of every four new malware strains created in 2012. [Screenshot]
In 2012, Trojans dominated the threat landscape more than ever before. Three out of every four malware infections were caused by Trojans (76.56 percent), up ten points compared to 2011. One of the reasons for this growth was the increased use of exploit kits such as Black Hole, which are capable of exploiting multiple system vulnerabilities to infect computers automatically without user intervention.
Continued : http://www.net-security.org/malware_news.php?id=2404
Also: Panda Security: 27 Million New Malware Strains Discovered in 2012
Murdoch alleges Chinese hackers still attacking WSJ
Media figure Rupert Murdoch has said that cyberattacks apparently originating from China against publication The Wall Street Journal are still taking place.
Taking to Twitter, the Australian CEO of News Corp. claimed his publication was still the victim of hacking. Although no direct, substantial evidence has come to light over the attacks, the finger is being pointed at the Chinese:
Murdoch has not elaborated on the claims. The tweet comes soon after the Journal reinforced its security network in order to try and stop Chinese hackers having a poke around "for the apparent purpose of monitoring the newspaper's China coverage."
It came to light last week that the New York Times was a victim of persistent cyberattacks. The publication said that most-likely Chinese hackers had been "persistently" attacking it over the past four months, and not only managed to access the email accounts of journalists, but were also stealing credentials.
Continued : http://www.zdnet.com/murdoch-alleges-chinese-hackers-still-attacking-wsj-7000010904/
Fear of government snooping hinders cloud adoption
Almost half of IT experts are deterred from keeping sensitive data in the cloud because of fear of government intervention and possible legal action, according to Lieberman Software.
The survey, which looked at IT and cloud experts' attitudes to storing data in the cloud, revealed that government and legal interference puts 48% of them off from entering the cloud environment.
These figures highlight that IT managers are deterred from the cloud, because they are unsure if their organization's sensitive data is adequately protected and will therefore pass IT security audits or indeed government regulatory checks which hosted cloud environments are subjected to.
Commenting on the research, Philip Lieberman, President and CEO of Lieberman Software, said: "There are a number of reasons why IT experts might be apprehensive about storing corporate data in the cloud. However, in my opinion, the key issues are around Government surveillance, cloud legislation and data security. IT managers fear that they will put their data at risk by moving to a cloud provider as they are unsure they will keep the data properly protected, which could ultimately affect their job and their business.
Continued : http://www.net-security.org/secworld.php?id=14360
Also: Lieberman: IT Doesn't Trust the Cloud