Spyware, Viruses, & Security forum


NEWS - March 01, 2013

by Carol~ Forum moderator / February 28, 2013 11:03 PM PST
New attack on current Java version

Security firm FireEye reports that cyber criminals are exploiting previously unknown vulnerabilities in the current Java versions to deploy malware. The hole allows attackers to access the memory of the Java Virtual Machine (JVM). There, the exploit will look, for example, for the area that determines whether Java's Security Manager is active, and it will then try to overwrite this area with a zero. The Security Manager controls which system resources can be accessed by the code running in the JVM; once it is disabled, the exploit is free to execute the downloaded malware.

The FireEye researchers say that the discovered exploit isn't very reliable because it will try to overwrite large memory data blocks; however, it is likely only a matter of time before the approach is perfected. The hole is found both in Java version 7 update 15 and in version 6 update 41. The version 6 branch is no longer actively maintained by Oracle.

To protect themselves, users can completely uninstall Java or at least disable it in their browser. Another useful option is the click-to-play feature in Firefox and Chrome; which, when enabled, will require explicit user approval before a plugin can be executed. Talking to The H's associates at heise Security, researcher Adam Gowdiak confirmed that the exploited vulnerability is not one of the flaws he recently discovered and reported to Oracle.


Related: Zero-Day Affecting Java 6 U41 and Java 7 U15 Exploited in the Wild
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 01, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 01, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cybercriminals Hop On the Google Project Glass Bandwagon
by Carol~ Forum moderator / February 28, 2013 11:07 PM PST
In reply to: NEWS - March 01, 2013

From the Trendlabs Security Intelligence blog:

Cybercriminals tend to leverage what's popular and new. Case in point, the much-anticipated Google Project Glass is being used as a social engineering lure to trick unsuspecting users into scams.

We found that one of the top results for the search term "free Google glasses" is an eye-catching YouTube link with the title [{FREE}] Google Project Glass [[FREE GOOGLE GLASSES]: [Screenshot: Search results for 'free Google glasses']

The video was copied from the original Google Glass YouTube advertisement. The YouTube video also contains information on how to get the Google Glass for free as seen in the screenshot below: [Screenshot: YouTube video]

The text below the video reads:

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-hop-on-the-google-project-glass-bandwagon/

Collapse -
Fake Antivirus Renewal Email Rises from the Dead
by Carol~ Forum moderator / February 28, 2013 11:07 PM PST
In reply to: NEWS - March 01, 2013

From the Symantec Security Response blog:

Over the last few years, many reports, white papers, and blogs have been released detailing targeted attacks. For example, some attacks employ sophisticated infection methods, such as watering hole attacks, and some rely on exploit code hidden in document files mixed with social engineering schemes. Some time ago, when the malware world was still dominated by mass-mailing worms that used fake emails as the infection method, one of the schemes was a fraudulent license renewal notification from well-known antivirus vendors.

Some may think that this scheme had become extinct but we saw evidence recently that it is still alive and kicking when an email was sent to an electric power company and a major industrial company in Japan. [Screenshot]

Inside the attached .zip file there is a file with a .doc.exe extension, which smells fishy. The file name is gibberish as well. [Screenshot]

Continued : http://www.symantec.com/connect/blogs/fake-antivirus-renewal-email-rises-dead

Collapse -
Web code weakness allows data dump on PCs
by Carol~ Forum moderator / March 1, 2013 1:10 AM PST
In reply to: NEWS - March 01, 2013

Gigabytes of junk data could be dumped onto PCs via a loophole in web code, a developer has found.

The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.

Developer Faross Aboukhadijeh found the bug and set up a demo page that fills visitors hard drives with pictures of cartoon cats.

In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.
Clever code

Most major browsers, Chrome, Internet Explorer, Opera and Safari, were found to be vulnerable to the bug, said Mr Aboukhadijeh.

While most websites are currently built using version 4 of the Hyper Text Markup Language (HTML), that code is gradually being superseded by the newer version 5.

Continued : http://www.bbc.co.uk/news/technology-21628622

Exploit lets websites bombard visitors' PCs with gigabytes of data
HTML5 Web Storage loophole can be abused to fill hard disks with junk data

Collapse -
China Publicly Claims to Be the Victim of U.S. Cyberattacks
by Carol~ Forum moderator / March 1, 2013 1:10 AM PST
In reply to: NEWS - March 01, 2013

On Thursday the Chinese government, long considered the aggressor in highly publicized U.S. cyberattacks, publicly spoke about being the victim. Two of its military Web sites were attacked an average of 144,000 per month and two-thirds of those strikes came from the United States, according to a ministry spokesman.

"The Defense Ministry and China Military Online Web sites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said ministry spokesman Geng Yansheng, according to a Reuters report. "According to the IP addresses, the Defense Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the U.S. accounted for 62.9 percent," he said.

The Chinese response, said during a closed meeting and later reported on a ministry Web site, comes after U.S. security company Mandiant fingered a Shanghai-based elite military unit of the People's Liberation Army as the most likely source behind a number of advanced persistent threats against U.S. government and industries.

Continued : https://threatpost.com/en_us/blogs/china-publicly-claims-be-victim-us-cyberattacks-022813

US hackers attacked military websites, says China's defence ministry
China Says US-based Hackers Attack its Military Websites
US hackers target our websites, China's Defence Ministry complains

Collapse -
Cyber-Spy Hacking Gang Steals a Terabyte of Data Each Day,
by Carol~ Forum moderator / March 1, 2013 1:11 AM PST
In reply to: NEWS - March 01, 2013
... Report Shows

From Bitdefenders' "HOTforSecurity" blog:

An as-yet unknown gang of cyber-spy hackers is stealing more than a terabyte of data per day from major firms, governments and others, and security experts say cyber-war will get even worse, according to a report by Team Cymru published by The Verge. Some hackers use custom-made software to take control of computer systems.

The Florida-based security company said victims of the massive hacking operation include military and academic facilities, search engines, government agencies and embassies. The hacking group is using a network of 500 servers to nab trade secrets and sensitive details from thousands of companies worldwide.

"This is Internet theft on an industrial level," said Team Cymru director Steve Santorelli, a former detective with Scotland Yard.

One of the main countries targeted in the cyber-war is the United States. Security firm Mandiant also showed recently how a hacking group employed by China has breached the servers of hundreds of American companies in recent years in search of important data. But security experts say China isn't necessarily to blame.

Continued : http://www.hotforsecurity.com/blog/cyber-spy-hacking-gang-steals-a-terabyte-of-data-each-day-report-shows-5514.html
Collapse -
Avast 8 generates detection of entire malware families
by Carol~ Forum moderator / March 1, 2013 1:11 AM PST
In reply to: NEWS - March 01, 2013

At RSA Conference 2013 in San Francisco, Avast Software introduced a new version of its consumer security software line, with a number of new technologies and improvements to deliver proactive detection, vulnerability prevention, and user comfort.

Avast version 8 brings:

• Malware-similarity search technology to deliver automatic identification and blacklisting of files similar to other known infected files. These detections are pulled in real-time from the Avast cloud database.

• A new dynamic-detection engine combined with the AutoSandbox feature. The AutoSandbox allows Avast to analyze suspicious files in an isolated environment before they are allowed to run on the user's system. The new engine helps users make more intelligent decisions, whether files running in the sandbox are malicious or not, and it quarantines infected files automatically. The technology is based on an in-memory SQL database, allowing for complex queries on the file's overall execution trace.

Continued : http://www.net-security.org/secworld.php?id=14523

Collapse -
Facebook fixes bug that leaked users' phone numbers
by Carol~ Forum moderator / March 1, 2013 1:11 AM PST
In reply to: NEWS - March 01, 2013

Facebook has fixed a bug that was leaking users' phone numbers to application developers.

Reported in June 2012, the API (application programming interface) bug was affecting the email field in some mobile apps that accessed Facebook's API.

The original report about the glitch was reproduced in a Facebook notice in which Facebook's Alvin Sng said it should now be resolved.

Facebook said that when retrieving a user's email address via graph API, app developers were receiving a 10-digit number once for every 1,000 users, more or less, instead of the properly formatted email address the documentation states that the field should return.

But as pointed out by IDG's Zach Miners, some app developers reported significantly higher incidences.

Continued : http://nakedsecurity.sophos.com/2013/03/01/facebook-fixes-bug-that-leaked-users-phone-numbers/

Collapse -
Apple blocks older versions of Adobe Flash Player plug-in
by Carol~ Forum moderator / March 1, 2013 4:23 AM PST
In reply to: NEWS - March 01, 2013

Apple has today updated Safari's web plug-in blocking mechanism to disable older versions of the Adobe Flash Player. The update, noted by Jim Dalrymple of The Loop, is likely in response to recently exposed vulnerabilities in Flash.

The update is automatic and affects the Adobe Flash Player plug-in system-wide using Apple's latest Xprotect file update. The file is a block list of currently banned plugins and includes Flash and Java. The notice reads: "To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player"

Adobe recently issued an emergency Flash update for three vulnerabilities affecting Windows, Mac and Linux. Two of those vulnerabilities were found to already be exploited in the wild against Flash Player in Firefox.

The minimum version of Flash Player in the latest update to Apple's 'Xprotect' file is 11.6.602.171 (thanks Charles). You can find instructions on how to update the Flash plug-in here.

Continued : http://thenextweb.com/apple/2013/03/01/apple-blocks-older-versions-of-adobe-flash-player-plug-in-in-safari-web-browser/

Collapse -
Dropbox users report spam emails after last year's breach
by Carol~ Forum moderator / March 1, 2013 4:23 AM PST
In reply to: NEWS - March 01, 2013

Dropbox users are reporting spam emails for dedicated email accounts associated with the cloud storage service, in what appears to be leftover problems from last year's data breach.

But the cloud storage company has not seen anything to believe that this may be a new problem or a fresh data breach. The firm said in a public posting that it "remains vigilant given the recent wave of security incidents at other tech companies."

One user explained the problem in a nutshell:

'I have an internal to my company email address that I used for Dropbox only and I am getting the same fake Paypal scam emails. This has been happening since about Monday.'

There was concern among forum members that following the hack of Zendesk, Dropbox users may have been at risk. "If Dropbox was affected, they should have already announced this like Twitter, Tumblr and Pinterest did," said another user.

Continued : http://www.zdnet.com/dropbox-users-report-spam-emails-after-last-years-data-breach-7000012019/

Dropbox users complain of spam emails reminiscent of last year's data leak, company is investigating
Dropbox Users Reporting More Spam Following Last Summer's Breach

Collapse -
Do Not Track bill is back on the table
by Carol~ Forum moderator / March 1, 2013 4:23 AM PST
In reply to: NEWS - March 01, 2013

Impatient with the glacial progress so far, Senator Jay Rockefeller is having another shot at getting a Do Not Track bill through Congress.

His bill would force the Federal Trade Commission to set out regulations covering the collection and use of personal information obtained by tracking people's online activity. It's an amended version of proposals first considered in 2011 following calls from the FTC.

The aim is to establish a set of standards and procedures through which consumers could opt out of having their web activity tracked. Until now, Do Not Track has been voluntary.

"The attitude had been, let's give self-regulation a chance," says John M. Simpson, director of Consumer Watchdog's Privacy Project. "We've spent 18 months and it's not working. Now is the time for legislative action and we welcome Sen. Rockefeller's commitment to getting Do Not Track done."

Continued: http://www.tgdaily.com/business-and-law-brief/69842-do-not-track-bill-is-back-on-the-table

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Big screens for the big game

Still looking for the best TV deals ahead of Sunday's game? Here are our top three big screen picks.