Spyware, Viruses, & Security forum


NEWS - February 06, 2013

by Carol~ Forum moderator / February 6, 2013 3:31 AM PST
Federal Reserve Confirms Security Breach, Calls Anonymous Hack Claim 'Overstated'

A Federal Reserve spokesperson confirmed a temporary security breach of its computers to The Huffington Post on Tuesday morning.

"Information was obtained by exploiting a temporary vulnerability in a website vendor product," the spokesperson told HuffPost in a phone interview, adding that the problem was "fixed after discovery and is no longer an issue."

According to the spokesperson, who asked not to be identified by name, the breach "did not affect critical operations."

The confirmation comes in the wake of a claim by hacker group Anonymous on Sunday that it had stolen sensitive information on 4,000 American bank executives from Federal Reserve computers.

Although the security breach has now been confirmed, the spokesperson called Anonymous' claim "overstated," and would not comment on the nature of the data obtained other than to confirm that contact information was taken.

Continued : http://www.huffingtonpost.com/2013/02/05/federal-reserve-security-breach_n_2622698.html

US Federal Reserve confirms it was hacked during the Super Bowl
Federal Reserve Admits It was Briefly Hacked During Super Bowl
Federal Reserve admits website compromised by Anonymous
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 06, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 06, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Inside an Attack on Broadband Analysis Site SpeedTest.Net
by Carol~ Forum moderator / February 6, 2013 3:43 AM PST

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.

The situation has since been cleaned up. Details and pictures can be found here on Invincea's blog.

"The exploit analysis shows that potentially a large number of users were exposed to a Java-based exploit temporarily hosted by speedtest.net," according to Invincea. "Indicators show the exploit implemented by injected Javascript and used the "g01pack" exploit kit likely compromised speedtest.net as part of a malvertising campaign."

The exploit used a number of tactics and techniques to evade detection while exploiting the Java software plug-in, the company stated in a blog post. In addition, Invincea discovered this particular attack campaign utilized "the lesser-known" g01pack exploit kit, which is known to typically drive traffic to a landing page via malvertising where victims would be served with rogue antivirus.

Continued : http://www.securityweek.com/inside-attack-popular-broadband-analysis-site-speedtestnet

Collapse -
Security alert for D-Link routers
by Carol~ Forum moderator / February 6, 2013 4:18 AM PST

Security expert Michael Messner has identified several holes in D-Link's DIR-300 and DIR-600 routers that allow potential attackers to execute arbitrary commands with little effort. Although current firmware versions are also affected, the router manufacturer does not appear to be planning to close the hole.

Messner describes on his blog how a simple POST parameter allows Linux commands to be executed at root level on vulnerable routers. No password or other authentication is required to do so. In a short test, The H's associates at heise Security found that many of the devices can even be accessed from the internet and managed to inject a harmless command into such a router. A real attacker could randomly exploit systems, for example to divert a router's entire internet traffic to a third-party server.

Even if a router is not directly accessible via the internet, the hole poses a significant security risk: an attacker could use a specially crafted page to trick router owners into sending the script call to their routers through their local network (Cross-Site Request Forgery, CSRF). Messner said that he also discovered further security issues: among other things, the router saves the root password in plain text in the var/passwd file. Together with the previously described hole, this turns the task of extracting the root password into child's play - not that it is necessary, as potential attackers can already execute commands at root level anyway.

Continued : http://www.h-online.com/security/news/item/Security-alert-for-D-Link-routers-1798804.html

Collapse -
WhiteHole Exploit Kit Emerges
by Carol~ Forum moderator / February 6, 2013 4:18 AM PST

From the TrendLabs Security Intelligence Blog:

In our 2013 security predictions, Trend Micro Chief Technology Officer Raimund Genes predicted that we will be seeing new toolkits this year. True enough, there is news of an emerging exploit kit dubbed WhiteHole Exploit Kit. The name Whitehole Exploit kit is just a randomly selected name to differentiate it from BHEK. While it uses similar code as Blackhole Exploit kit, BHEK in particular uses JavaScript to hide its usage of plugindetect.js, while Whitehole does not. It directly uses it without obfuscating this.

We analysed the related samples, including the exploit malware cited in certain reports. The malware (detected as JAVA_EXPLOYT.NTW) takes advantage of the following vulnerabilities to download malicious files onto the system:


Worth noting is CVE-2013-0422, which was involved in the zero-day incident that distributed REVETON variants and was used in toolkits like the Blackhole exploit kit and Cool exploit kit. Because of its serious security implication, Oracle immediately addressed this issue and released a software update, which was received with skepticism.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/whitehole-exploit-kit-emerges/

Collapse -
Facebook will be closed for maintenance between Feb 29-31 ..
by Carol~ Forum moderator / February 6, 2013 4:18 AM PST
... - joke chain letter spreads

Messages have been spreading on Facebook claiming that the social network will be closed between February 29th and February 31st, 2013.

And, of course, it's kinda true. You won't be able to log into Facebook on February 29th, February 30th or February 31st this year. Nor will you have much luck, although the messages don't mention this, on June 31st.

Umm.. that's because those days don't exist.

Clearly whoever started spreading this message intended it as a practical joke - but it seems some users have taken it at face value and shared it with their friends, unaware of the silliness.

The messages appear to be particularly prevalent in French - maybe it was a gallic wag who started off the chain letter? [Screenshot]

Continued : http://nakedsecurity.sophos.com/2013/02/06/facebook-closed-maintenance-february/
Collapse -
Crooks Net Millions in Coordinated ATM Heists
by Carol~ Forum moderator / February 6, 2013 4:18 AM PST

Organized cyber criminals stole almost $11 million in two highly coordinated ATM heists in the final days of 2012, KrebsOnSecurity has learned. The events prompted Visa to warn U.S. payment card issuers to be on high-alert for additional ATM cash-out fraud schemes in the New Year.

According to sources in the financial industry and in law enforcement, the thieves first struck on Christmas Eve 2012. Using a small number of re-loadable prepaid debit cards tied to accounts that they controlled, scammers began pulling cash out of ATMs in at least a dozen countries. Within hours, the perpetrators had stolen approximately $9 million.

Then, just prior to New Year's Eve, the fraudsters struck again, this time attacking a card network in India and making off with slightly less than $2 million, investigators say.

The accounts that the perpetrators used to withdraw money from ATMs were tied to re-loadable prepaid debit cards, which can be replenished with additional funds once depleted. Prepaid card networks generally enforce low-dollar limits that restrict the amounts customers can withdraw from associated accounts in a 24 hour period. But in both ATM heists, sources said, the crooks were able to increase or eliminate the withdrawal limits for the prepaid accounts they controlled.

Continued : http://krebsonsecurity.com/2013/02/crooks-net-millions-in-coordinated-atm-heists/

Collapse -
Nearly a third of all computers are infected with malware
by Carol~ Forum moderator / February 6, 2013 5:51 AM PST

PandaLabs released its annual security report which details an extremely interesting year of data theft, social networking attacks and cyber-warfare.

The most devastating news? 31.98 percent of all computers scanned around the world had malware. With the addition of 2012's numbers, the grand total of all malware samples in PandaLabs' database has reached approximately 125 million and researchers estimated that at least 27 million new strains of malware were created in 2012 alone.

Trojans continued to account for most of the new threats, comprising three out of every four new malware strains created in 2012. [Screenshot]

In 2012, Trojans dominated the threat landscape more than ever before. Three out of every four malware infections were caused by Trojans (76.56 percent), up ten points compared to 2011. One of the reasons for this growth was the increased use of exploit kits such as Black Hole, which are capable of exploiting multiple system vulnerabilities to infect computers automatically without user intervention.

Continued : http://www.net-security.org/malware_news.php?id=2404

Also: Panda Security: 27 Million New Malware Strains Discovered in 2012

Collapse -
Murdoch alleges Chinese hackers still attacking WSJ
by Carol~ Forum moderator / February 6, 2013 5:51 AM PST

Media figure Rupert Murdoch has said that cyberattacks apparently originating from China against publication The Wall Street Journal are still taking place.

Taking to Twitter, the Australian CEO of News Corp. claimed his publication was still the victim of hacking. Although no direct, substantial evidence has come to light over the attacks, the finger is being pointed at the Chinese:

Murdoch has not elaborated on the claims. The tweet comes soon after the Journal reinforced its security network in order to try and stop Chinese hackers having a poke around "for the apparent purpose of monitoring the newspaper's China coverage."

It came to light last week that the New York Times was a victim of persistent cyberattacks. The publication said that most-likely Chinese hackers had been "persistently" attacking it over the past four months, and not only managed to access the email accounts of journalists, but were also stealing credentials.

Continued : http://www.zdnet.com/murdoch-alleges-chinese-hackers-still-attacking-wsj-7000010904/

Collapse -
Fear of government snooping hinders cloud adoption
by Carol~ Forum moderator / February 6, 2013 5:51 AM PST

Almost half of IT experts are deterred from keeping sensitive data in the cloud because of fear of government intervention and possible legal action, according to Lieberman Software.

The survey, which looked at IT and cloud experts' attitudes to storing data in the cloud, revealed that government and legal interference puts 48% of them off from entering the cloud environment.

These figures highlight that IT managers are deterred from the cloud, because they are unsure if their organization's sensitive data is adequately protected and will therefore pass IT security audits or indeed government regulatory checks which hosted cloud environments are subjected to.

Commenting on the research, Philip Lieberman, President and CEO of Lieberman Software, said: "There are a number of reasons why IT experts might be apprehensive about storing corporate data in the cloud. However, in my opinion, the key issues are around Government surveillance, cloud legislation and data security. IT managers fear that they will put their data at risk by moving to a cloud provider as they are unsure they will keep the data properly protected, which could ultimately affect their job and their business.

Continued : http://www.net-security.org/secworld.php?id=14360

Also: Lieberman: IT Doesn't Trust the Cloud

Collapse -
UPnP flaws turn millions of firewalls into doorstops
by Carol~ Forum moderator / February 6, 2013 6:07 AM PST

Last week security researcher HD Moore unveiled his latest paper "Unplug. Don't Play," which looked into vulnerabilities in popular Universal Plug and Play (UPnP) implementations.

What is UPnP? Paul Ducklin explained the principles and the reason behind it in his recent article about insecurity in video cameras, but the simple version is this: in my opinion, UPnP is one of the worst ideas ever.

Let's put it this way: UPnP is a protocol designed to automatically configure networking equipment without user intervention.

Sounds good, right? Until you think about it. UPnP allows things like XBoxes to tell your firewall to punch a hole through so you can play games.

UPnP also allows malware to punch holes in your firewall making access for criminals far easier.

Continued : http://nakedsecurity.sophos.com/2013/02/05/upnp-flaws-turn-millions-of-firewalls-into-doorstops/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.