Spyware, Viruses, & Security forum


NEWS - March 15, 2013

by Carol~ Forum moderator / March 14, 2013 9:56 PM PDT
Thomson Reuters Editor Is Charged in Hacking of News Site

Matthew Keys, a 26-year-old deputy social media editor at Thomson Reuters, has been charged with assisting the hacking collective Anonymous in an attack on the Web site of The Los Angeles Times, the Justice Department said Thursday.

A federal indictment of Mr. Keys, formerly a Web producer at KTXL Fox 40, which, like The Los Angeles Times, is owned by the Tribune Company, said that he went by a user name of "AESCracked" and assisted in a cyberattack on the newspaper's Web site. The attack reportedly allowed the group to gain access and alter a news feature.

The three-count indictment includes charges that Mr. Keys provided Anonymous with login information for computers owned by the Tribune Company. The indictment also states that he encouraged the hackers, with whom he worked from Dec. 10 to Dec. 15, 2010, to log on to the Tribune Company server "to make unauthorized changes to Web sites" owned by the company and "to damage computer systems" used at the Tribune Company.

Continued : http://mediadecoder.blogs.nytimes.com/2013/03/14/thomson-reuters-editor-indicted-on-charges-of-aiding-hackers-group/

Reuters social-media editor indicted in hack of L.A. Times site
Reuters Editor Indicted for Helping Hackers Break Into Tribune Co.
Reuters social media editor charged over Anonymous hack of LA Times
Reuters editor indicted for allegedly helping Anonymous hack news site
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 15, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 15, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Apple Pushes Massive Wave of Updates Alongside OS X 10.8.3
by Carol~ Forum moderator / March 14, 2013 11:57 PM PDT
In reply to: NEWS - March 15, 2013
Apple Pushes Massive Wave of Security Updates Alongside OS X 10.8.3

Apple on Thursday released Mac OS X Mountain Lion v10.8.3 along with a wave of security updates spanning numerous products ranging from the operating system kernel to many components and applications and its Safari Web browser.

Available immediately, OS X v10.8.3 and the associated security update address security flaws in Apache, Identity Services, ImageIO, Messages, Messages Server, PostgreSQL, Podcast Producer Server, QuickTime, Ruby and more.

The software update also addresses an interesting issue (CVE-2013-0967) in CoreTypes that allows a malicious website to launch a Java application automatically even if the Java plug-in is disabled.

In addition to the software updates, Apple addressed an unauthorized digital certificates issue that linked back to Turkish certificate authority, TURKTRUST in an incident that was reported in January.

Continued : http://www.securityweek.com/apple-pushes-massive-wave-security-updates-alongside-os-x-1083

Related :
Apple Addresses 22 OS X Security Issues with First 2013 Update
Apple tears itself away from iThings to squash Mac OS X bugs
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
About the Security Content of OS X Mountain Lion v10.8.3

See Vulnerabilities / Fixes:
Apple Mac OS X Multiple Vulnerabilities
Apple Safari Multiple Vulnerabilities
Collapse -
Treacherous backdoor found in TP-Link routers
by Carol~ Forum moderator / March 14, 2013 11:57 PM PDT
In reply to: NEWS - March 15, 2013

Security experts in Poland have discovered a treacherous backdoor in various router models made by TP-Link. When a specially crafted URL is called, the router will respond by downloading and executing a file from the accessing computer, reports Michal Sajdak from Securitum.

The expert says that when a browser sends an HTTP GET request to, the contacted router will establish a connection back to the visitor's IP and contact any TFTP server there. It will retrieve a file called nart.out from the TFTP server and execute it as root. However, this normally only works within a local network; an indirect exploit such as a CSRF attack should fail because the required TFTP server must be accessible within the LAN. [Screenshot]

The advisory states that at least the TL-WDR4300 and TL-WR743ND models are affected; however, it often turns out later that the features in question exist on other models as well. Only the manufacturer can ultimately provide clarity - but there has been no response. Sajdak says that he has repeatedly notified TP-Link of the problem but never received a reply, and that this prompted him to publish the details. For those who are interested, the researcher has also documented how he used valid access data to establish an interactive root shell on the router, which ultimately led to the discovery of the backdoor that requires no authentication.


Collapse -
Seagate's blog pushes malware on unsuspecting visitors ..
by Carol~ Forum moderator / March 14, 2013 11:57 PM PDT
In reply to: NEWS - March 15, 2013
.. via rogue Apache modules

SophosLabs has been tracking an infection of Mal/Iframe-AL on Seagate's blog since late February.

SophosLabs informed Seagate of the issue back in February, but at the time of writing the site remains infected.

Two weeks ago, Fraser Howard reported how rogue Apache modules were pushing iFrame injections with the intention of driving traffic to the notorious Blackhole exploit kit.

SophosLabs has seen countless victims of this attack, with Mal/Iframe-AL remaining the most prevalent of the web threats encountered.

Seagate is just one of the high profile examples of a site that has been hit. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2013/03/14/seagate-rogue-apache-modules/
Collapse -
Brian Krebs tells Ars about hacked 911 call that sent SWAT..
by Carol~ Forum moderator / March 15, 2013 3:11 AM PDT
In reply to: NEWS - March 15, 2013
.. team to his house

"Brian Krebs may be first journalist to suffer vicious hack known as swatting."

Brian Krebs has always been a trailblazer among security reporters. His exposes completely shut down a California hosting service that coddled spammers and child pornographers and severely disrupted an organized crime syndicate known as Russian Business Network. More recently, his investigative journalism has followed the money to the people who sell malware exploit kits, illicitly procured credit reports, and denial-of-service services in underground forums.

Now, Krebs has achieved a decidedly more grim distinction. On Thursday, he became one of the first journalists to be on the receiving end of a vicious hoax that prompted a raid on his Northern Virginia home by a swarm of heavily armed police officers. The tactic, known as "swatting," has long been a favorite of depraved hackers. They use computers or special phone equipment to make emergency calls that appear to come from their target's phone number. When a 911 operator answers, they report a life-threatening, sometimes horrific crime in progress. Police, often armed with assault rifles, descend on the target's home, sometimes breaking down doors in the mistaken belief that their lives are on the line by gun-toting criminals carrying out home invasion robberies or drugged-out maniacs committing multiple homicides.

Continued : http://arstechnica.com/security/2013/03/security-reporter-tells-ars-about-hacked-911-call-that-sent-swat-team-to-his-house/
Collapse -
Brian Krebs: The World Has No Room For Cowards
by Carol~ Forum moderator / March 15, 2013 5:45 AM PDT

It's not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what's happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home.

Well, as one gamer enthusiast who follows me on Twitter remarked, I guess I've now "unlocked that level."

Things began to get interesting early Thursday afternoon, when a technician from Prolexic, a company which protects Web sites (including KrebsOnSecurity.com) from denial-of-service attacks, forwarded a strange letter they'd received earlier in the day that appeared to have been sent from the FBI. The letter, a copy of which is reprinted in its entirety here, falsely stated that my site was hosting illegal content, profiting from cybercriminal activity, and that it should be shut down. Prolexic considered it a hoax, but forwarded it anyway. I similarly had no doubt it was a fake, and a short phone call to the FBI confirmed that fact.

Around the same time, my site came under a series of denial-of-service attacks, briefly knocking it offline. While Prolexic technicians worked to filter the attack traffic, I got busy tidying up the house (since we were expecting company for dinner). I heard the phone ring up in the office while I was downstairs vacuuming the living room and made a mental note to check my voicemail later. Vacuuming the rug near the front door, I noticed that some clear plastic tape I'd used to secure an extension cord for some outdoor lights was still straddling the threshold of the front door.

Continued : http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/#more-19437

Collapse -
Potential weakness in SSL/TLS security downplayed by ..
by Carol~ Forum moderator / March 15, 2013 3:12 AM PDT
In reply to: NEWS - March 15, 2013
.. certificate group

"Certificate Authority Security Council says crypto flaw as described in article not really practical as TLS/SSL certificate attack"

Claims by a cryptography researcher this week about weaknesses in the RC4 algorithm used in SSL/TLS certificates is being downplayed by the group known as the Certificate Authority Security Council (CASC) which was recently established to address questions on security in this area.

"While interesting, the attacks don't represent an immediate practical threat to users of SSL/TLS (including online banking, e-commerce, social networking, etc.)," said Rick Andrews, technical director at Symantec on behalf of CASC. "Such attacks require an attacker to run malicious software on a user's computer which would connect to a particular website and send the same message over and over again many times. In fact, if the attacker's software could send the same message over and over 10 times per second, it would still take more than three years for the attack to succeed." The group also commented on its blog at the questions raised.

Continued : http://www.networkworld.com/news/2013/031413-ssl-tls-267739.html

Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessions
Two new attacks on SSL decrypt authentication cookies
HTTPS cookie crypto CRUMBLES AGAIN in hands of stats boffins
Collapse -
Computer Leasing Co. Harvested 185,000 E-mails w/ Private
by Carol~ Forum moderator / March 15, 2013 3:12 AM PDT
In reply to: NEWS - March 15, 2013
.. Information from Customers

Computer and furniture leasing company Aaron's took 185,000 e-mails with highly sensitive information from its customers via spyware installed on the leased machines.

The spyware application provided by DesignerWare came preinstalled on the laptops leased through Aaron's. It was designed to allow the rental company to kill the laptop remotely if customers fell beyond payment, but also was able to record keystrokes, take screenshots or use the webcam to take pictures without the user's consent. The collected information was then sent to base via e-mail.

According to The Associated Press, Aaron's received about 185,000 such e-mails containing pictures of nude children, people having sex, screenshots with Social Security numbers, social media and email passwords, and customer keystrokes.

The case raised concerns last year, when it was moved to the Federal Trade Commission, but lack of cooperation from the leasing company amplified it into a class action lawsuit.

Continued : http://www.hotforsecurity.com/blog/computer-leasing-company-harvested-185000-e-mails-with-private-information-from-customers-5664.html
Collapse -
New ZeuS source code based rootkit available for purchase..
by Carol~ Forum moderator / March 15, 2013 6:44 AM PDT
In reply to: NEWS - March 15, 2013
.. on the underground market

Dancho Danchev @ the Webroot Threat Blog:

We have recently spotted a new underground market ad, featuring a new commercially available malware bot+rootkit based on the ZeuS crimeware's leaked source code. According to its author, the modular nature of the bot, allows him to keep coming up with new plugins, resulting in systematic "innovation" and the introduction of new features.

What's the long-term potential of this malware bot with rootkit functionality? Does it have the capacity to challenge the market leading malware bot families? What are some of the features that differentiate it from the rest of competing bots currently in the wild? What's the price of the bot, and what are the prices for the separate plugins available for purchase? Let's find out.

More details:

Continued : http://blog.webroot.com/2013/03/14/new-zeus-source-code-based-rootkit-available-for-purchase-on-the-underground-market/
Collapse -
Ongoing "Invoice" Attack Campaign Delivers Booby-trapped PDF
by Carol~ Forum moderator / March 15, 2013 6:44 AM PDT
In reply to: NEWS - March 15, 2013

An ongoing malicious email campaign is masquerading as an unpaid invoice, a Kaspersky Lab researcher said Thursday.

In this recurring campaign, cyber-criminals are sending out emails with a malicious PDF attachment masquerading as notices and reminders to pay overdue bills, Ben Godwood, a researcher with Kaspersky Lab, wrote on the SecureList blog on Thursday. The email campaign appears to have been ongoing since November, and follow a set schedule, hitting victim inboxes either on the 4th or the 21st of the month.

Kaspersky Lab detected the latest batch of specially crafted PDF messages on March 4, Godwood said. Most of the emails were sent from German IP addresses, and appear to have been sent from compromised home computers, Godwood said. The attack emails were mostly sent from German IP addresses in the latest iteration of the campaign, Godwood said, previous messages appear to have been sent from infected bots in other countries.

Continued : http://www.securityweek.com/ongoing-invoice-attack-campaign-delivers-booby-trapped-pdfs

Collapse -
Java's security problems unlikely to be resolved soon,
by Carol~ Forum moderator / March 15, 2013 6:44 AM PDT
In reply to: NEWS - March 15, 2013
.. researchers say

Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.

Just this week, security researchers said the hackers behind the recently uncovered MiniDuke cyberespionage campaign used Web-based exploits for Java and Internet Explorer 8, along with an Adobe Reader exploit, to compromise their targets. Last month, the MiniDuke malware infected 59 computers belonging to government organizations, research institutes, think tanks and private companies from 23 countries.

The Java exploit used by MiniDuke targeted a vulnerability that hadn't been patched by Oracle at the time of the attacks, Kaspersky Lab said in a blog post. Vulnerabilities that are made public or exploited before a patch is released are known as zero-day vulnerabilities, several of which have been used in the attacks against Java this year.

Continued : http://www.computerworld.com.sg/resource/security/javas-security-problems-unlikely-to-be-resolved-soon-researchers-say/
Collapse -
Microsoft issues fix to address Windows USB vulnerability
by Carol~ Forum moderator / March 15, 2013 7:03 AM PDT
In reply to: NEWS - March 15, 2013

If you've yet to update Windows in recent days, do so now - especially if you have a proclivity towards plugging in random USB drives on your computer, or if there's someone else who uses your computer at home. A recently issued Windows update contains a patch that fixes a Windows vulnerability that allows your system to be exploited by malware introduced by thumb drives.

When compromised flash drives are plugged into a computer, the system can automatically execute malicious codes that could install viruses and keyloggers on your computer, giving attackers remote access to your sensitive files and data. Companies with huge networks of interconnected computers are the most at risk, as all it takes to be infected is one not-so-tech-savvy worker to use a USB stick of unknown origin. A notable example of a security breach caused by an infected thumb drive is the 2008 widespread virus infection at a U.S. military base in the Middle East. The malware that came from an unknown thumb drive plugged into a laptop went on to infect the base's whole network, even its computers containing classified information.

Continued : http://www.digitaltrends.com/computing/microsoft-usb-vulnerability-patch/

Microsoft Patches Hollywood-Style USB Windows Exploit
New Microsoft patch purges USB bug that allowed complete system hijack

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


CNET bought a house!

Take a look inside the house where we will be testing connected locks, thermostats and other smart home products so we can tell a complete story.