9 total posts
Apple patches the Java hole its own developers fell into -
Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. [[Screenshot]
Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off.
Curiously, Cupertino did push out a patch early in February, but only for OS X 10.6 users. Lion and Mountain Lion users have been in limbo until now.
Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases).
This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled.
Both Facebook and Apple have now admitted to being owned due to malicious Java code hosted inadvertently by a website popular with mobile developers.
Twitter, too, admitted to a breach recently, didn't say how it happened, but suggestively invited everyone to turn off Java in their browser as part of its official statement.
Continued : http://nakedsecurity.sophos.com/2013/02/20/apple-patches-its-own-java-hole/
Related: Apple Victim of Facebook, Twitter Hackers; Java to Blame
Timeline: Hacks Related to Apple
From the F-Secure Antivirus Research Weblog:
The hacks related to Apple involve a lot of complexities. Let's review the time line:
February 1st: Twitter's Director of Information Security, Bob Lord, posted "Keeping our users secure" on Twitter's blog. On a Friday. The weekend of the NFL's Super Bowl. Lord explained that Twitter had been hacked, and that 250,000 accounts have had their passwords reset as a result. Lord advised people to disable Java's browser plugin.
February 1st: The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issues Alert (TA13-032A) warning of multiple vulnerabilities in Oracle Java.
February 1st: Oracle releases a critical patch update for Java (JRE 7 Update 11 and earlier).
February 4th: Monday. We asked contacts at Apple: Based on Lord's post, we suspect a Mac payload, do you have any samples that you are allowed to share with us? The reply: "Twitter has not shared any samples with us."
February 4th: our post "What is Java technology and why do I need it?" speculated that a Twitter developer's Mac had been compromised via Java's browser plugin, and also noted with interest that Apple's XProtect was blocking Java 7 Update 11 (and earlier).
Continued : http://www.f-secure.com/weblog/archives/00002507.html
Bit9 Breach Began in July 2012
Malware Found Matches Code Used Vs. Defense Contractors in 2012
Cyber espionage hackers who broke into security firm Bit9 initially breached the company's defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.
Earlier this month, KrebsOnSecurity broke the story of the breach at Waltham, Mass.-based Bit9, which involved the theft of one of the firm's private digital certificates. That certificate was used to sign malicious software, or "malware" that was then sent to three of the company's customers. Unlike antivirus software, which tries to identify and block known malicious files, Bit9's approach helps organizations block files that aren't already digitally signed by the company's own certificates.
After publishing a couple of blog posts about the incident, Bit9 shared with several antivirus vendors the "hashes" or unique fingerprints of some 33 files that hackers had signed with the stolen certificate. KrebsOnSecurity obtained a list of these hashes, and was able to locate two malicious files that matched those hashes using Virustotal.com — a searchable service and database that lets users submit suspicious files for simultaneous scanning by dozens of antivirus tools.
Continued : http://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012/
Firefox 19 brings PDF viewer and 4 critical security fixes
Alongside improvements in startup performance, the desktop version of Firefox 19 also adds, disabled by default, an experimental Remote Web Console, which can connect to Firefox for Android and Firefox OS web applications and interact with them from within the desktop installation of Firefox. Another experimental addition is a Browser Debugger for add-on and browser developers.
Continued : http://www.h-online.com/security/news/item/Firefox-19-brings-PDF-viewer-and-4-critical-security-fixes-1806437.html
@ The Mozilla Blog: Firefox introduces PDF viewer to browse the Web without interruption
Google blocks Adblock Plus in Android security tweak
The maker of Adblock Plus is upset its users must jump through hoops to get its advert-banishing app working on devices running Android - the mobile OS made by advertising giant Google.
The complaint follows moves by Google that made it more difficult for Google Chrome users to use Adblock Plus as a browser extension.
The Android app no longer works out of the box on non-rooted devices running Android 4.1.2 or 4.2.2. Instead it shows a warning box telling users they must manually configure a proxy server: that's because the app works by routing web traffic through a server running on the handheld that filters out websites' adverts before they appear in a browser.
But Google took the position that there is a significant security risk in allowing software to automatically redirect web connections in this manner. The internet giant has now fenced off proxy configuration because malicious programs can use it to intercept users' data and endanger their privacy.
Continued : http://www.theregister.co.uk/2013/02/20/google_adblock_plus/
New E-shop offers access to 100's of hacked PayPal accounts
New underground E-shop offers access to hundreds of hacked PayPal accounts
Dancho Danchev @ the Webroot Threat Blog:
On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cybercriminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal.
We've recently spotted a newly launched underground E-shop that's exclusively selling access to hacked PayPal accounts. How much does it cost to purchase a hacked PayPal account on the underground marketplace these days? What pricing method is the cybercriminal behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in 2012?
Let's take a peek inside the E-shop.
Sample login page for the E-shop: [Screenshot]
Continued : http://blog.webroot.com/2013/02/20/new-underground-e-shop-offers-access-to-hundreds-of-hacked-paypal-accounts/