Spyware, Viruses, & Security forum

Alert

NEWS - March 22, 2013

by Carol~ Forum moderator / March 21, 2013 11:36 PM PDT
South Korea misidentifies China as cyberattack origin

SEOUL, South Korea (AP) — South Korean investigators said Friday they had mistakenly identified a Chinese Internet address as the source of a cyberattack that paralyzed tens of thousands of computers at banks and broadcasters earlier this week. But they said they still believe the attack originated from abroad.

The error by South Korean regulators raises questions about their ability to track down the source of an attack that hit 32,000 computers at six companies Wednesday and exposed South Korea's Internet security and vulnerability to hackers.

South Korean investigators said Thursday that a malicious code that spread through the server of one target, Nonghyup Bank, was traced to an Internet Protocol address in China. Even then it was clear that the attack could have originated somewhere else, because such data can easily be manipulated by hackers. Experts suspect North Korea was behind the attack.

Continued : http://www.usatoday.com/story/news/world/2013/03/22/south-korea-cyberattack-china/2008617/

Also:
Cyber-attack on South Korea may not have come from China after all: regulator
South Korea says hacking not from Chinese address
S. Korea Says Source of Cyberattack Didn't Come From China

Related: DPRKurious: Is North Korea Really Behind Cyber Attacks On The South?
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 22, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 22, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Apple Enables Two-Factor Authentication for iCloud, Apple ID
by Carol~ Forum moderator / March 21, 2013 11:57 PM PDT
In reply to: NEWS - March 22, 2013

Apple this week launched two-factor authentication for iCloud and Apple IDs.

The optional feature will require users to verify their identities beyond providing their passwords when: signing in to an Apple ID to manage an account; buying something on iTunes, the App Store, or iBooks; or getting Apple ID-related support from Apple.

"Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account," Apple said on its support website.

If you sign up for two-factor authentication, Apple will send a four-digit code to a trusted device capable of receiving such messages (like your iPhone) every time you try to sign in to your iCloud or Apple ID account, which you will have to enter as well as your standard password. [Screenshot]

Continued : http://www.pcmag.com/article2/0,2817,2416929,00.asp

Also: Apple follows Google, Facebook, and others with two-step authentication

Collapse -
AlienVault Exposes New Details of Sykipot Attacks
by Carol~ Forum moderator / March 21, 2013 11:57 PM PDT
In reply to: NEWS - March 22, 2013

Researchers at AlienVault shed some light on the evolution of the Sykipot malware attacks.

The Sykipot attacks have exploited a number of zero-days during the past few years, including vulnerabilities affecting Adobe Reader, Adobe Flash Player and Microsoft Internet Explorer.

"In the past most of the campaigns which we found related to the Sykipot actors were based on [spear-phishing] mails with attachments that exploited vulnerabilities in software like Microsoft Office, Adobe Flash, Adobe PDF and sometimes Internet Explorer," blogged Jaime Blasco, director of AlienVault Labs. "During the last 8-10 months we have seen a change and the number of [spear-phishing] campaigns which have included a link instead of an attachment and this has increased. Once the victim clicks in the link the attackers will use vulnerabilities in Internet Explorer, Java, etc to access the system."

The campaigns include one where a malicious site was set up in attempt to phish government employees by masquerading as a webpage about GSA SmartPay charge cards. The page also exploited CVE-2012-1889, a vulnerability affecting Microsoft XML Core Services.

Continued : http://www.securityweek.com/alienvault-exposes-new-details-sykipot-attacks

Collapse -
Privacy 101: Skype Leaks Your Location
by Carol~ Forum moderator / March 21, 2013 11:57 PM PDT
In reply to: NEWS - March 22, 2013

The events of the past week reminded me of a privacy topic I've been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.

The fact that Skype betrays its users' online location information is hardly news. For example, The Wall Street Journal and other news outlets warned last year about research showing that it was possible to coax Skype into revealing the IP addresses of individual Skype users. But I believe most Skype users still have no clue about this basic privacy weakness.

What's changed is that over the past year, a number of services have emerged to help snoops and ne'er-do-wells exploit this vulnerability to track and harass others online. For example, an online search for "skype resolver" returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target's Skype account name.

Continued : http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

Collapse -
VIDEO: Yahoo, LinkedIn, Twitter Accounts Vulnerable to ..
by Carol~ Forum moderator / March 22, 2013 1:23 AM PDT
In reply to: NEWS - March 22, 2013
.. Session Fixation Attacks

Security researcher Rishi Narang has identified a vulnerability that could be exploited by cybercriminals to hijack accounts belonging to Microsoft, Twitter, LinkedIn and Yahoo users. Google and Facebook customers are not impacted by the flaw.

According to the expert, the vulnerability, which can be leveraged to launch session fixation attacks, is caused by an issue with the management of cookies and sessions.

If an attacker can intercept authentication cookies, he can use them to hijack the account because although an expiry date is set, they're still valid even after the customer logs out.

"The cookie/session ID for an authenticated session is available even after the session has been terminated. There are examples where cookies can be accessible to hijack authenticated sessions," Narang explained.

Continued : http://news.softpedia.com/news/Yahoo-LinkedIn-Twitter-Accounts-Vulnerable-to-Session-Fixation-Attacks-Video-339448.shtml

Researchers blog: Old Cookies Die Hard.
Collapse -
Command and Control Used in Sanny APT Attacks Shut Down
by Carol~ Forum moderator / March 22, 2013 6:08 AM PDT
In reply to: NEWS - March 22, 2013

Two message boards used by the Sanny malware as a command-and-control channel have been shut down by the Korea Information Security Agency in conjunction with security company FireEye.

Sanny is a targeted attack, attributed to attackers in Korea, against individuals working in Russia's aerospace, IT, education and telecommunications industries. The malware spread via a rigged Microsoft Word document attached to spear phishing email. The text in the email is written in Cyrillic; the document is a decoy that drops a malicious executable and two .dll files.

The message board hosting the malicious C&C channel is a legitimate board, nboard[.]net. Previous Sanny-based attacks were communicating through pages called ecowas_1 and kbaksan_1.

"Based on the time stamps and other indicators, we believe that both samples were created and deployed at the same time," FireEye said in a blogpost. "The attacker probably used different boards/DBs to divide victims to make sure that if one goes down he/she still can keep getting the stolen data from the remaining ones."

Continued : https://threatpost.com/en_us/blogs/command-and-control-used-sanny-apt-attacks-shut-down-032213

Collapse -
vSkimmer malware targeting point-of-sale systems
by Carol~ Forum moderator / March 22, 2013 6:08 AM PDT
In reply to: NEWS - March 22, 2013
Researchers uncover vSkimmer malware targeting point-of-sale systems

"The malware is sold on cybercriminal forums, McAfee researchers say"

A new piece of custom malware sold on the underground Internet market is being used to siphon payment card data from point-of-sale (POS) systems, according to security researchers from antivirus vendor McAfee.

Dubbed vSkimmer, the Trojan-like malware is designed to infect Windows-based computers that have payment card readers attached to them, McAfee security researcher Chintan Shah said Thursday in a blog post.

The malware was first detected by McAfee's sensor network on Feb. 13 and is currently being advertised on cybercriminal forums as being better than Dexter, a different POS malware program that was discovered back in December.

Continued : http://www.networkworld.com/news/2013/032213-researchers-uncover-vskimmer-malware-targeting-268003.html
Collapse -
Apple blocks ad-injecting Mac trojan, Yontoo
by Carol~ Forum moderator / March 22, 2013 7:54 AM PDT
In reply to: NEWS - March 22, 2013

"Don't lift a finger: Yontoo has been added to OS X's built-in protections."

A day after Russian anti-virus firm Doctor Web highlighted an adware Mac trojan called "Yontoo," Apple has moved to block it. Confirmed by Intego, Apple has updated the definitions included in OS X's Xprotect.plist in order to detect the adware, meaning users don't need to run anything special in order to be protected.

"In testing, it appears this detection is very specific and potentially location-dependent," wrote Intego. "This extra specificity is likely there so as to catch only the surreptitious installations of this file."

As we wrote on Thursday, the Yontoo adware socially engineers users into installing it as a browser plugin. Once it's installed into Safari, Firefox, and Chrome, the plugin injects advertising into the websites you're visiting—including those that don't even normally show ads.

Continued : http://arstechnica.com/apple/2013/03/apple-blocks-ad-injecting-mac-trojan-yontoo/

Related: Trojan.Yontoo.1 leads among new adware Trojans for Mac

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

CNET's Tech Minute

Top 3 news reading apps

With the latest tech, getting news delivered to your phone is easier than ever. Here's a roundup of apps that are customizable and useful for getting the news.