10 total posts
Facebook phishers target Fan Pages owners
Phishing emails claiming to come from "Facebook Security" are once again hitting users' inboxes, and this time they are aiming for the big fish: pages that are likely to have more followers than a random private user.
According to Hoax-Slayer, the scammy email purports to notify creators of Fan Pages of an "original solution" for keeping their pages safe, but is unfortunately meant to do quite the opposite.
Users who are tricked into initiating this "Fan Page Verification Program" are taken to a bogus Facebook page that asks users to share the URL of their Fan Page, the login credentials and makes them choose a 10-digit number that will purportedly become their "Transferring Code". [Screenshot]
Continued : http://www.net-security.org/secworld.php?id=14955
New Android malware intercepts incoming text messages..
... silently forwards them on to criminals
A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions.
The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user.
Upon launching Android.Pincer.2.origin, the user will see a fake notification about the certificate's successful installation but after that, the trojan will not perform any noticeable activities for a while. Here are a few screenshots: [Screenshot]
Continued : http://thenextweb.com/insider/2013/05/23/new-android-malware-intercepts-incoming-text-messages-silently-forwards-them-on-to-criminals/
Mac Spyware: OSX/KitM (Kumar in the Mac)
From the F-Secure Antivirus Research Weblog:
There's another case of Backdoor:OSX/KitM.A in the wild.
A German-based investigator reached out to us yesterday regarding OSX/KitM. (We wrote about it last week.) KitM stands for "Kumar in the Mac", which is our designation for spyware — related to OSX/Filesteal a.k.a. OSX/HackBack — that is signed using an Apple Developer ID in the name of Rajinder Kumar. The Developer ID has since been revoked by Apple.
This latest version of OSX/KitM used a Romanian C&C server called liveapple.eu during the period of attack, December 2012 to early February 2013. The spear phishing used an attachment called Christmas_Card.app.zip. (Remember, the attack started in December.)
So, that brings us to this bit of advice for those of you who might be targets.
This is the default "Gatekeeper" security setting: [Screenshot]
This is the setting that you want, unless you're actively installing software: [Screenshot]
Continued : http://www.f-secure.com/weblog/archives/00002558.html
Related from F-Secure: Big Hangover
Related: Researchers find more versions of digitally signed Mac OS X spyware
Mac Spyware Bait: Lebenslauf fur Praktitkum
Related from F-Secure:
As a follow up to yesterday's Kumar in the Mac post... have you received e-mail attachments such as this? [Sccreenshot]
• Content_of_article_for_[NAME REMOVED].app.zip
If so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.
Here's a list of binaries signed by Apple Developer "Rajinder Kumar".
Continued : http://www.f-secure.com/weblog/archives/00002559.html
Thousands of DHS Personnel Notified of Data Breach
The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk.
The notifications began on Monday, according to an online statement, after officials learned of a vulnerability in software used by a vendor to process personnel background investigations. The security vulnerability apparently has existed since July 2009 and the exposed data includes names, Social Security numbers and dates of birth. The security hole was sealed immediately.
"While there is no evidence that any unauthorized user accessed any personally identifiable information, [but] out of abundance of caution, DHS is alerting employees and individuals who received a DHS clearance of the potential vulnerability and outlining ways that they can protect themselves, including requesting fraud alerts and a credit report," the agency said.
Continued : http://threatpost.com/thousands-of-dhs-personnel-notified-of-data-breach/
Also: DHS Says Software Vulnerability Put Sensitive Employee Information At Risk
Zeus Malware Back With A Vengeance To Cause Carnage In May
The Zeus malware family continues to plague the Internet, reemerging with a vengeance over the past few months, security researchers have warned.
Zeus is one of the best known malware in the security community and is designed to steal victims' bank details. It can do all kinds of nasty things, including web injects to trick users into entering details into portions of websites they think are genuine.
Also known as ZBOT, Zeus surged into activity in February, having been relatively quiet in the month before, as seen in the chart from Trend Micro below: [Screenshot]
How Zeus works
The malware connects to a remote site to download its encrypted configuration file, which tells Zeus what websites to monitor and the site where it will send the pilfered data.
Continued : http://www.techweekeurope.co.uk/news/zeus-malware-spike-trend-117264
Related: Zeus variants are back with a vengeance
New Report on Teens, Social Media, and Privacy
From Bruce Schneier @ his Schneier on Security Blog:
Interesting report from the From the Pew Internet and American Life Project:
Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006:
• 91% post a photo of themselves, up from 79% in 2006.
• 71% post their school name, up from 49%.
• 71% post the city or town where they live, up from 61%.
• 53% post their email address, up from 29%.
• 20% post their cell phone number, up from 2%.
60% of teen Facebook users set their Facebook profiles to private (friends only), and most report high levels of confidence in their ability to manage their settings.
danah boyd points out something interesting in the data:
Continued : http://www.schneier.com/blog/archives/2013/05/new_report_on_t_1.html
Malware, Adware in This Week's Dangerous Android Apps
Bad Android apps can take many forms. Whether they are out to steal data, sign you up for premium rate SMS services, or pushing dodgy and malicious links via advertiser networks, users need to beware. SecurityWatch is partnering with a handful of security companies who monitor apps on Google Play and third-party marketplaces to identify malicious apps you should avoid.
If you happen to already have it, immediately remove the apps from your Android device and check your bill for unexplained charges.
Theoretically, malware can target any mobile platform. There are Zeus-in-the-mobile variants targeting BlackBerry devices, Java exploits targeting Symbian phones, and the occasional proof-of-concept going after iOS devices. But for the most part, when anyone talks about dangerous mobile apps, they mean Android apps.
For this week's list (Memorial Day edition) we have three apps Appthority found on third-party Websites and a bonus app BitDefender flagged on Google Play for using aggressive ad networks.
 Fake Google Play Installer
Continued : http://securitywatch.pcmag.com/mobile-apps/311878-malware-adware-in-this-week-s-dangerous-android-apps