Spyware, Viruses, & Security forum


NEWS - February 08, 2013

by Carol~ Forum moderator / February 8, 2013 1:13 AM PST
Microsoft to Quash 57 Vulnerabilities in February

On Thursday, as part of the ritual of advance notification, Microsoft announced its plans to address 57 security vulnerabilities within Windows, Internet Explorer, and Office. Of the 12 bulletins that are addressing the fixes, five are critical while the rest are ranked as important.

Tuesday's pending security cycle means that some IT teams will be busy, due to the large amount of fixes to be deployed. Yet, the release is both a blessing and a curse it seems.

"It's good because administrators probably don't have to worry about applying multiple patches for the same advisory to a single host. It's bad because an organization with even the simplest deployment of Microsoft products will probably be hit by all of these advisories, meaning their desktop and server teams will be extra busy," explains Rapid7's Senior Manager of Security Engineering, Ross Barrett.

"The exceptions to the OS vulnerability trend are bulletins 4, which applies to MS Exchange 2007, and 2010 and bulletin 5, which applies to Microsoft FAST Search Server 2010. Bulletin 4 (affecting Microsoft Exchange) is listed as critical, which could mean it is something that a malformed email message would trigger," Barrett explained. "If so, this will be the most directly exploitable of the advisories and should be a top priority."

Continued : http://www.securityweek.com/microsoft-quash-57-vulnerabilities-february

Patch Tuesday: IE at risk of malware attacks; 57 flaws in total
Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday
Microsoft Announces Five Critical February Patch Tuesday Updates Coming Next Week
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 08, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 08, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Bush family privacy shattered after e-mails, photos exposed
by Carol~ Forum moderator / February 8, 2013 1:35 AM PST
... online

A brazen intrusion into several e-mail accounts belonging to friends and family of former President George H. W. Bush have exposed a wealth of personal photos, correspondence, home addresses, and other sensitive information, prompting a criminal investigation, according to published reports.

The trove of Bush communications, which were sent from 2009 to 2012, were lifted from at least six separate e-mail accounts, including the AOL account of Dorothy Bush Koch, daughter of George H. W. Bush and sister of former President George W. Bush, according to The Smoking Gun. The hack opens a window into some of the extended family's most personal and intimate moments, including several members planning the funeral of the older former president when he was hospitalized late last year.

One e-mail reported that George H. W. Bush's condition was so perilous in late December that his chief of staff informed the former president's adult children that "your dad's funeral team is having an emergency meeting at 10 a.m. just to go through all the details." The Bush aide, Jean Becker, went on to say the former president's health status "fell under the broadening category of things NOT TO TELL YOUR MOTHER."

Continued : http://arstechnica.com/security/2013/02/bush-family-privacy-shattered-after-e-mails-photos-exposed-online/

Hacker gains access to private Bush family emails and photos; criminal investigation launched
Hacker accesses Bush family emails, photos, report says
Hacker compromises email accounts of Bush family members
Collapse -
Children turning into malicious code developers
by Carol~ Forum moderator / February 8, 2013 1:35 AM PST

In a world filled with laptops, tablets and smartphones, today's children become digitally fluent far earlier than previous generations.

Now, AVG has found evidence that pre-teens are writing malware designed to steal login details from online gamers, both young and old.

While stealing someone's game logins may at first seem a minor problem, online gaming accounts are often connected to credit card details to enable in-game purchases, and may also have virtual currency attached to them amounting to hundreds of dollars.

Furthermore, many gamers unfortunately use the same login details for social networks such as Facebook and Twitter, potentially putting the victim at risk of cyber-bullying, in addition to identity theft and major inconvenience.

"We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada," said Yuval Ben-Itzhak, CTO at AVG Technologies. "The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page."

Continued : http://www.net-security.org/malware_news.php?id=2406

Also: AVG finds 11 year-old creating malware to steal game currency

Collapse -
Battered Twitter, Phish but no Chips!
by Carol~ Forum moderator / February 8, 2013 3:22 AM PST

From the Websense Security Labs Weblog:

Hot on the heels of Friday's announcement by Twitter that they 'detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data' and subsequent confirmation that 'attackers may have had access to limited user information' for 'approximately 250,000 users', Websense Security Labs are tracking a phishing campaign propagated via Twitter's direct message functionality.

Whilst no correlation between the two events can be drawn at this time, Twitter users should be on guard for signs of their own account being abused or compromised, as well for abnormal signs or unusual behavior (or perhaps in many cases, more unusual than normal) from those that they follow. Specifically, users should be cautious, as always, when following any links received from direct messages or Tweets particularly if the page you've been directed to is asking for your credentials or personal information.

Given the recent compromise, Websense Security Labs suggest that you regularly check your online accounts for signs of compromise and, as if anyone needs an excuse to do so, regularly update your suitably complex (and most definitely not your pet/team/town or dictionary word) password as well as reviewing the permissions granted to third-party applications that have access to your accounts (Twitter: How to Connect and Revoke Third-Party Applications). Should you have been unlucky enough to fall victim to this recent compromise, you'll have hopefully received a notification from Twitter that suggests these actions along with some general tips for account security: [Screenshot]

Continued : http://community.websense.com/blogs/securitylabs/archive/2013/02/05/battered-twitter-phish-but-no-chips.aspx

Collapse -
Facebook outage took several other sites with it
by Carol~ Forum moderator / February 8, 2013 3:51 AM PST

A Facebook glitch briefly took down a large number of sites that use the social network's login credentials on Thursday — highlighting just how wide Facebook's reach has become.

The glitch lasted a few minutes and affected only those who were logged into Facebook at the time. But there were widespread reports of users having trouble getting to sites such as Gawker, CNN, Mashable and, yes, The Washington Post. When users tried to visit those sites, they were sent to a Facebook page that displayed an error. To get around the bug, users had to log out of the social network.

Facebook released a short statement after the outage, saying, "For a short period of time, there was a bug that redirected people from third party sites integrated with Facebook to Facebook.com. The issue was quickly resolved."

The company has yet to provide further information about the flaw or say how many Web sites may have been affected.

Continued : http://www.washingtonpost.com/business/technology/facebook-outage-took-several-other-sites-with-it/2013/02/08/329d83e0-71ee-11e2-ac36-3d8d9dcaa2e2_story.html

Facebook Hijacks Internet Sites For An Hour Thursday Afternoon
Facebook briefly takes over entire Internet with redirection bug

Collapse -
Learn by doing: Phishing and other online tests
by Carol~ Forum moderator / February 8, 2013 4:46 AM PST

As a tech-savvy person in a family that mostly consists of low level Internet users - and especially because of my line of work - I'm often tasked with helping them when their computers become riddled with malware.

One of these shortcuts were online tests that let you test your ability to spot fake emails, webpages or software. After all, repetition IS the best teacher.

When the idea first came to me, I thought the Internet was rife with them, but I was wrong. So, I had to take the time to dig around and make a collection of links to present to my "pupils."

Learning how to spot phishing emails and websites

Phishing tests were relatively easy to find, but unfortunately there aren't many of them.

By far the most popular is MailFrontier's (renamed as SonicWALL Phishing IQ Test when SonicWALL acquired MailFrontier in 2006).

It's easy to see why. Once you go over the test and see the results, you are able to see the "warning signs" for each email: [Screenshot]

The explanations are simple and directly applied to each mail. Still, there is one downside: the email examples are always the same each time you take the test.

Continued : http://www.net-security.org/secworld.php?id=14375

Collapse -
Security Firm Bit9 Hacked, Used to Spread Malware
by Carol~ Forum moderator / February 8, 2013 6:37 AM PST
Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known "safe" files from computer viruses and other malicious software.

Waltham, Massachusetts-based Bit9 is a leading provider of "application whitelisting" services, a security technology that turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous.

But earlier today, Bit9 told a source for KrebsOnSecurity that their corporate networks had been breached by a cyberattack. According to the source, Bit9 said they'd received reports that some customers had discovered malware inside of their own Bit9-protected networks, malware that was digitally signed by Bit9's own encryption keys.

Continued : http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.