8 total posts
Apple Enables Two-Factor Authentication for iCloud, Apple ID
Apple this week launched two-factor authentication for iCloud and Apple IDs.
The optional feature will require users to verify their identities beyond providing their passwords when: signing in to an Apple ID to manage an account; buying something on iTunes, the App Store, or iBooks; or getting Apple ID-related support from Apple.
"Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account," Apple said on its support website.
If you sign up for two-factor authentication, Apple will send a four-digit code to a trusted device capable of receiving such messages (like your iPhone) every time you try to sign in to your iCloud or Apple ID account, which you will have to enter as well as your standard password. [Screenshot]
Continued : http://www.pcmag.com/article2/0,2817,2416929,00.asp
Also: Apple follows Google, Facebook, and others with two-step authentication
AlienVault Exposes New Details of Sykipot Attacks
Researchers at AlienVault shed some light on the evolution of the Sykipot malware attacks.
The Sykipot attacks have exploited a number of zero-days during the past few years, including vulnerabilities affecting Adobe Reader, Adobe Flash Player and Microsoft Internet Explorer.
"In the past most of the campaigns which we found related to the Sykipot actors were based on [spear-phishing] mails with attachments that exploited vulnerabilities in software like Microsoft Office, Adobe Flash, Adobe PDF and sometimes Internet Explorer," blogged Jaime Blasco, director of AlienVault Labs. "During the last 8-10 months we have seen a change and the number of [spear-phishing] campaigns which have included a link instead of an attachment and this has increased. Once the victim clicks in the link the attackers will use vulnerabilities in Internet Explorer, Java, etc to access the system."
The campaigns include one where a malicious site was set up in attempt to phish government employees by masquerading as a webpage about GSA SmartPay charge cards. The page also exploited CVE-2012-1889, a vulnerability affecting Microsoft XML Core Services.
Continued : http://www.securityweek.com/alienvault-exposes-new-details-sykipot-attacks
Privacy 101: Skype Leaks Your Location
The events of the past week reminded me of a privacy topic I've been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.
The fact that Skype betrays its users' online location information is hardly news. For example, The Wall Street Journal and other news outlets warned last year about research showing that it was possible to coax Skype into revealing the IP addresses of individual Skype users. But I believe most Skype users still have no clue about this basic privacy weakness.
What's changed is that over the past year, a number of services have emerged to help snoops and ne'er-do-wells exploit this vulnerability to track and harass others online. For example, an online search for "skype resolver" returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target's Skype account name.
Continued : http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/
VIDEO: Yahoo, LinkedIn, Twitter Accounts Vulnerable to ..
.. Session Fixation Attacks
Security researcher Rishi Narang has identified a vulnerability that could be exploited by cybercriminals to hijack accounts belonging to Microsoft, Twitter, LinkedIn and Yahoo users. Google and Facebook customers are not impacted by the flaw.
According to the expert, the vulnerability, which can be leveraged to launch session fixation attacks, is caused by an issue with the management of cookies and sessions.
If an attacker can intercept authentication cookies, he can use them to hijack the account because although an expiry date is set, they're still valid even after the customer logs out.
"The cookie/session ID for an authenticated session is available even after the session has been terminated. There are examples where cookies can be accessible to hijack authenticated sessions," Narang explained.
Continued : http://news.softpedia.com/news/Yahoo-LinkedIn-Twitter-Accounts-Vulnerable-to-Session-Fixation-Attacks-Video-339448.shtml
Researchers blog: Old Cookies Die Hard.
Command and Control Used in Sanny APT Attacks Shut Down
Two message boards used by the Sanny malware as a command-and-control channel have been shut down by the Korea Information Security Agency in conjunction with security company FireEye.
Sanny is a targeted attack, attributed to attackers in Korea, against individuals working in Russia's aerospace, IT, education and telecommunications industries. The malware spread via a rigged Microsoft Word document attached to spear phishing email. The text in the email is written in Cyrillic; the document is a decoy that drops a malicious executable and two .dll files.
The message board hosting the malicious C&C channel is a legitimate board, nboard[.]net. Previous Sanny-based attacks were communicating through pages called ecowas_1 and kbaksan_1.
"Based on the time stamps and other indicators, we believe that both samples were created and deployed at the same time," FireEye said in a blogpost. "The attacker probably used different boards/DBs to divide victims to make sure that if one goes down he/she still can keep getting the stolen data from the remaining ones."
Continued : https://threatpost.com/en_us/blogs/command-and-control-used-sanny-apt-attacks-shut-down-032213
vSkimmer malware targeting point-of-sale systems
Researchers uncover vSkimmer malware targeting point-of-sale systems
"The malware is sold on cybercriminal forums, McAfee researchers say"
A new piece of custom malware sold on the underground Internet market is being used to siphon payment card data from point-of-sale (POS) systems, according to security researchers from antivirus vendor McAfee.
Dubbed vSkimmer, the Trojan-like malware is designed to infect Windows-based computers that have payment card readers attached to them, McAfee security researcher Chintan Shah said Thursday in a blog post.
The malware was first detected by McAfee's sensor network on Feb. 13 and is currently being advertised on cybercriminal forums as being better than Dexter, a different POS malware program that was discovered back in December.
Continued : http://www.networkworld.com/news/2013/032213-researchers-uncover-vskimmer-malware-targeting-268003.html
Apple blocks ad-injecting Mac trojan, Yontoo
"Don't lift a finger: Yontoo has been added to OS X's built-in protections."
A day after Russian anti-virus firm Doctor Web highlighted an adware Mac trojan called "Yontoo," Apple has moved to block it. Confirmed by Intego, Apple has updated the definitions included in OS X's Xprotect.plist in order to detect the adware, meaning users don't need to run anything special in order to be protected.
"In testing, it appears this detection is very specific and potentially location-dependent," wrote Intego. "This extra specificity is likely there so as to catch only the surreptitious installations of this file."
As we wrote on Thursday, the Yontoo adware socially engineers users into installing it as a browser plugin. Once it's installed into Safari, Firefox, and Chrome, the plugin injects advertising into the websites you're visiting—including those that don't even normally show ads.
Continued : http://arstechnica.com/apple/2013/03/apple-blocks-ad-injecting-mac-trojan-yontoo/
Related: Trojan.Yontoo.1 leads among new adware Trojans for Mac