Spyware, Viruses, & Security forum

Alert

NEWS - January 10, 2013

by Carol~ Forum moderator / January 9, 2013 11:25 PM PST
Firefox 18 Brings 21 Updates, Fixes Nearly 3000 Bugs

Developers at Mozilla have pushed out the latest build of their flagship Firefox browser, fixing several security and stability issues for Windows, Mac, Linux and Android platforms.

2917 bugs were patched in total, while 21 security updates -- 12 critical, seven high, one moderate - are addressed in Firefox 18.

A fix for the recent TURKTRUST certificate kerfuffle is included in the update, as Firefox has removed the company's most recent root certificate from its code and marked two other intermediate certificates previously issued by the Turkish authority as untrusted. A post by Michael Coates, Firefox's Director of Security Assurance on the company's Security Blog last week notes that TURKTRUST's new certificate had been included in the Firefox 18 beta but has since been suspended.

According to a post on Mozilla's blog yesterday, Firefox 18 also boasts a new phishing and malware protection component. Now the browser will warn users when they stumble upon sites that may be spreading malware or trying tFirefoxo phish users.

Firefox 18 also comes with a new mechanism, turned off by default, that stops the browser from sending insecure requests from otherwise secure, HTTPS pages. A bug in the browser had long given users trouble when visiting mixed content sites but when turned on, the new feature will now outright block any unsafe content on HTTPS sites.

PDF.js, Firefox's integrated own PDF viewer, present in the beta version of the browser did not make the jump to Firefox 18. The viewer can still be downloaded from Firefox via Github but appears to be relegated to beta for the immediate future.

Continued : https://threatpost.com/en_us/blogs/firefox-18-brings-21-updates-fixes-nearly-3000-bugs-010913
Post a reply
Discussion is locked
You are posting a reply to: NEWS - January 10, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 10, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Yahoo email critical flaw patch ineffective, say security ..
by Carol~ Forum moderator / January 10, 2013 12:08 AM PST
.. researchers

"Yahoo fixed an XSS flaw in its email application earlier this week but it apparently doesn't repair the problem"

Security researchers say a patch released by Yahoo earlier this week for a serious email vulnerability did not fix the problem, leaving users at risk.

The cross-site scripting flaw was found by Shahin Ramezany, who goes by the nickname "Abysssec." The vulnerability can allow an attacker to harvest a victim's cookie for their Yahoo account if the victim is successfully tricked into clicking on a malicious link.

The vulnerability was patched by Yahoo on Monday, but penetration testing company Offensive Security and Ramezany say that the patch did not fix the problem.

"With little modification to the original proof-of-concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim's account," Offensive Security wrote on its blog.

Continued : http://news.techworld.com/security/3419751/yahoo-email-critical-flaw-patch-ineffective-say-security-researchers/
Collapse -
Microsoft to issue emergency IE patch before next Patch Tues
by Carol~ Forum moderator / January 10, 2013 12:08 AM PST

"Uptick in attacks, bypasses of recommended workarounds will force Microsoft to fix flaw criminals already using to hijack Windows PCs"

Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer (IE) in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said Tuesday.

The company will move on the IE6, IE7 and IE8 bug before the next regularly-scheduled Patch Tuesday because of increasing attacks and proof that temporary workarounds can be circumvented.

"I wouldn't be surprised if they go 'out-of-band,'" said Andrew Storms, director of security operations at nCircle Security, using the term for an emergency update. "They won't want to wait for five weeks, and there's enough pressure on them now to work on an out-of-band."

The pressure Storms referred to includes reports that additional websites have been spotted serving up "drive-by" attacks against older versions of IE, as well as claims from researchers that both the "Fixit" tool Microsoft deployed last week and a long-available advanced anti-exploit tool can be sidestepped.

Continued : http://news.techworld.com/security/3419866/microsoft-issue-emergency-ie-patch-before-next-patch-tuesday/

Related : Microsoft Fixes Dozen Flaws, but Not IE Zero-Day Threat, in Update

Collapse -
Zero-Day Java Exploit Debuts in Crimeware
by Carol~ Forum moderator / January 10, 2013 12:09 AM PST

The hackers who maintain Blackhole and Nuclear Pack - competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.

The curator of Blackhole, a miscreant who uses the nickname "Paunch," announced yesterday on several Underweb forums that the Java zero-day was a "New Year's Gift," to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don't need it. I will update this post as more information becomes available.

Update, 8:47 a.m. ET: Alienvault Labs say they have [urlhttp://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/]reproduced and verified the claims of a new Java zero-day that exploits a vulnerability in fully-patched versions of Java 7.

https://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/

Collapse -
Police Arrest Alleged ZeuS Botmaster "bx1"
by Carol~ Forum moderator / January 10, 2013 12:09 AM PST

A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.

As reported by The Bangkok Post, 24-year-old Hamza Bendelladj, an Algerian national, was detained this weekend at Bangkok's Suvarnnabhumi airport, as he was in transit from Malaysia to Egypt. This young man captured news media attention when he was brought out in front of Thai television cameras handcuffed but smiling broadly, despite being blamed by the FBI for hacking into customer accounts at 217 financial institutions worldwide.

Thai investigators told reporters that Bendelladj had amassed "huge amounts" in illicit earnings, and that "with just one transaction he could earn 10 to 20 million dollars. He's been travelling the world flying first class and living a life of luxury."

I didn't fully appreciate why I found this case so interesting until I started searching the Internet and my own servers for his email address. Turns out that in 2011, I was contacted via instant message by a hacker who said he was operating botnets using the Zeus and SpyEye Trojans. This individual reached out to me repeatedly over the next year, for no apparent reason except to brag about his exploits. He contacted me via Microsoft's MSN instant message platform, using the email address daniel.h.b@universityofsutton.com. That account used the alias "Daniel." I later found out that Daniel also used the nickname bx1.

Continued : http://krebsonsecurity.com/2013/01/police-arrest-alleged-zeus-botmaster-bx1/

Collapse -
Apple acts against "bait-and-switch" scammers in App Store
by Carol~ Forum moderator / January 10, 2013 12:45 AM PST

Apple announced today, in a short-and-sweet announcement in its developer news feed, that the bait-and-switch of software screenshots in the App Store will no longer be allowed.

Cupertino's finest didn't actually use the words "bait-and-switch", of course. They said: [Screenshot]

Beginning January 9, app screenshots will be locked in iTunes Connect once your app has been approved. New screenshots may be uploaded when you submit a binary for an update to an existing app or a new app.

The iTunes Connect service lets you promote and distribute your wares on iTunes, the App Store, the iBookstore, and the Mac App Store.

Bait-and-switch, where you are lured into a {shop, club, wine bar, website, online competition} with promises of great value, only to find yourself getting leaned on to buy something completely different, is nothing new in Apple's universe.

Continued : http://nakedsecurity.sophos.com/2013/01/10/apple-acts-against-bait-and-switch-scammers-in-the-app-store/

Collapse -
Japanese cops collar malware-carrying cat
by Carol~ Forum moderator / January 10, 2013 12:45 AM PST

When imagining law enforcement officers investigating and searching for cyber criminals or evidence about their activities, the last thing that you can probably envision is them searching for a stray cat.

But that was exactly what detectives of Japan's National Police Agency recently did as the last step in a complex "treasure hunt" started on New Year's Day by a person (persons?) who is allegedly the mastermind behind the so-called "Remote Control Virus".

The malware in question was instrumental in staging a continuous campaign of death and bomb threats sent to airline companies, kindergartens, schools, law offices, broadcasting networks and shrines.

The investigation into those threats revealed that a yet unidentified individual or group has been using the malware to compromise random Internet users' computers and sending the death threats from them without the users' knowledge.

Continued : http://www.net-security.org/malware_news.php?id=2371

Related:
Japanese Police 'Collar' Cat Carrying Malware Code
Japanese cops cuff cat carrying remote control virus

Collapse -
Bogus U.S. Airways registration confirmation leads to..
by Carol~ Forum moderator / January 10, 2013 1:22 AM PST
.. info-stealing malware

A new email spam campaign impersonating U.S. Airways is hitting inboxes, warns Webroot, and the airline's customers would do well to be on the lookout for the following "booking confirmation" email: [Screenshot]

There are obvious spelling mistakes that should alert users to the bogus nature of the email, but a lot of people - "blinded" by the legitimate looking graphics - don't regularly check for those.

The offered links take the victims to compromised sites that host the Blackhole exploit kit, and once it does its thing, they are unknowingly served with a variant of the Cridex information-stealing Trojan, currently detected by a little over half of the AV solutions employed by VirusTotal.

There are obvious spelling mistakes that should alert users to the bogus nature of the email, but a lot of people - "blinded" by the legitimate looking graphics - don't regularly check for those.

Continued : http://www.net-security.org/malware_news.php?id=2372
Collapse -
Iran Tied to DDoS Attacks Against U.S. Banks, Report
by Carol~ Forum moderator / January 10, 2013 2:26 AM PST

According to a report from the New York Times, Iran is to blame for a wave of DDoS attacks against several U.S. banks this summer. This nation-state attack was previously thought to be the work of a small band of hackers, but government officials and security researchers are now voicing their doubts.

"There is no doubt within the U.S. government that Iran is behind these attacks," James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington, told the Times.

Lewis said that traffic monitoring shows the overall volume directed at our nation's banks to be "multiple times" more than what Russia directed at Estonia in 2007 - routinely thought to be the first official nation-state attack.

The DDoS wave started towards the end of the summer last year, picking-up pace in October. None of the nation's financial giants were exempt, as traffic flooded the websites maintained by Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, and Fifth Third Bank.

Continued : http://www.securityweek.com/iran-tied-ddos-attacks-against-us-banks-report

Also:
US Banks Hacked in State-Sponsored Iranian Attacks, Officials Say
US gov blames Iran for cyberattacks on American banks

Collapse -
Extremely critical Ruby on Rails bug threatens 200,000 sites
by Carol~ Forum moderator / January 10, 2013 2:26 AM PST

"Servers that run the framework are by default vulnerable to remote code attacks."

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers.

The bug is present in Rails versions spanning the past six years and in default configurations gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to crash, according to Ben Murphy, one of the developers who has confirmed the vulnerability. As of last week, the framework was used by more than 240,000 websites, including Github, Hulu, and Basecamp, underscoring the seriousness of the threat.

"It is quite bad," Murphy told Ars. "An attack can send a request to any Ruby on Rails sever and then execute arbitrary commands. Even though it's complex, it's reliable, so it will work 100 percent of the time."

Murphy said the bug leaves open the possibility of attacks that cause one site running rails to seek out and infect others, creating a worm that infects large swaths of the Internet. Developers with the Metasploit framework for hackers and penetration testers are in the process of creating a module that can scan the Internet for vulnerable sites and exploit the bug, said HD Moore, the CSO of Rapid7 and chief architect of Metasploit.

Continued : http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/

Related :
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
Critical Ruby on Rails flaws fixed, upgrade immediately
Ruby on Rails Releases 'Extremely Critical' Security Fixes - Exploit Code En Route

Collapse -
Fraudulent e-Commerce Websites Exploit the Post-New Year's..
by Carol~ Forum moderator / January 10, 2013 2:26 AM PST
.. Day Sales Drive

From Websense Security Labs :

As we welcome the New Year, we must be aware that the bad guys will use every opportunity to exploit events of a positive and negative nature. Yes, even the recent disastrous weather experienced on the east coast of the United States was exploited to try and obtain valuable information that could be used for identity and monetary theft from grief-stricken or worried families and friends.

The New Year and its first month brings with it the familiar drive of businesses trying to clear stock, slashing prices to entice us to part with our money and to snap up a bargain in the process. Our desire for a great bargain is something not unknown to the bad guys - they are very aware that we might just be tempted to go for that seemingly 'too good to be true' bargain. The associated costs to fraudulent websites are minimal compared to the numbers game the bad guys play; they cast a wide net and you may be the catch of the day. [Screenshot]

Let us explore this further through an example. A Swarovski (the brand name of a popular crystal jewelry manufacturer) fraudulent site was detected by the Websense ThreatSeeker network. The site hxxp://www.swarovskisale.co/ purports to be selling discounted Swarovski jewelry. The first indicator that something may not be all that it seems is the Top Level Domain, .co. Proving popular among the bad guys due to its lexical relationship to the .com TLD, the .co TLD is assigned to Colombia.

Continued : http://community.websense.com/blogs/securitylabs/archive/2013/01/09/fraudulent-e-commerce-websites-exploiting-the-post-new-year-s-sales-drive.aspx
Collapse -
Current Foxit Reader can execute malicious code
by Carol~ Forum moderator / January 10, 2013 3:18 AM PST

Security expert Andrea Micalizzi has discovered a critical vulnerability in the current Foxit Reader's browser plugin; according to the researcher, the hole can be exploited to inject malicious code. When a web page instructs the npFoxitReaderPlugin.dll plugin to open a PDF document from a very long URL, a buffer overflow is created on the stack. Micalizzi's advisory also includes an appropriate exploit for the vulnerability.

Secunia has rated the hole highly critical. Foxit Reader installs the browser plugins for Chrome, Firefox, Opera and Safari by default. Since the current version 5.4.4.1128 (plugin version 2.2.1.530) is affected, the only available protective measure is to disable the plugin in the browser. To do this in Firefox, click on the Firefox menu, select Tools and then select Add-ons, Plugins; in Chrome, the fastest way of accessing the plugin menu is to visit the chrome://plugins/ URL.

http://www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html

Collapse -
Europol Launches European Cybercrime Centre (EC3)
by Carol~ Forum moderator / January 10, 2013 4:09 AM PST

At the end of 2010, Europol's Director Rob Wainwright revealed the agency's plans to create a European cybercrime center whose goal would be to centralize reports about illicit online activities. That day has finally come.

The European Cybercrime Centre, or EC3, will be officially opened on Friday, January 11, and it will be based at Europol headquarters in The Hague, Netherlands.

The new center's main role is to aid the European Union in the fight against cybercrime and to protect citizens and businesses against threats from cyberspace.

"EU citizens and businesses require an open, free and transparent cyberspace so we need to protect the online world just as we do the off-line world. EC3 will be a valuable tool for the EU and its Member States to help coordinate and support efforts that keep the Net safe from criminals," says Troels Oerting, Head of EC3.

The EC3 will particularly focus on crimes carried out by organized groups against financial institutions and their customers, ones that affect critical infrastructures and information systems, and online exploitation of children.

Continued : http://news.softpedia.com/news/Europol-Launches-European-Cybercrime-Centre-EC3-320071.shtml

Also:
Europe's anti-cybercrime centre to go live this week
European Cybercrime Centre opens for business
Europol launches European Cybercrime Centre

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.