9 total posts
NSA taps cables connecting Google and Yahoo data centers
The US NSA and its UK counterpart GCHQ have collaborated in tapping the overseas fiber-optic cables used by Google and Yahoo to exchange data stored one their many data centers in the US and abroad, and have been slurping all the information passing through them, says a recent report by The Washington Post.
The operation - dubbed MUSCULAR - was revealed in a document dated Jan. 9, 2013 and shared with the news outlet by NSA whistleblower Edward Snowden.
In it is explained that the GCHQ has directed all the information that passed through those cables to a "buffer", and that every three to five days the NSA would sift through it with custom-built NSA tools and collect data they considered important and helpful.
This data included metadata but also the contents of users accounts, including emails, stored images, search queries, and so on.
Continued : http://www.net-security.org/secworld.php?id=15867
NSA Eavesdropping on Google and Yahoo Networks
This secret post-it note shows the NSA tapping into Google's data centers
Report: NSA breaks into Yahoo, Google data center links
iOS apps can be hijacked to show fraudulent content...
.. and intercept data
"Some 10,000 titles in Apple's App Store may be susceptible to redirection hack."
A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday.
Researchers from Israel-based Skycure stumbled on the problem when they observed their own app redirecting to a wrong address. The team soon discovered that they could make many other apps exhibit the same behavior. As a result, apps that display news, stock quotes, social media content, or even some online banking details can be manipulated to display fraudulent information and intercept data sent by the end user. After an app has been tampered with once, it will continue to connect to the hacker-controlled server for an extended period of time, with no outward indication it is doing so. The weakness, dubbed HTTP request hijacking (HRH), is estimated to affect at least 10,000 titles in Apple's App Store.
Continued : http://arstechnica.com/security/2013/10/ios-apps-can-be-hijacked-to-show-fraudulent-content-and-intercept-data/
Related: HTTP 301 Redirections Lead to Trouble for Mobile Apps
Facebook Tests Software to Track Your Cursor on Screen
Facebook is testing technology that would greatly expand the scope of data that it collects about its users, the head of the company's analytics group said Tuesday.
The social network may start collecting data on minute user interactions with its content, such as how long a user's cursor hovers over a certain part of its website, or whether a user's newsfeed is visible at a given moment on the screen of his or her mobile phone, Facebook analytics chief Ken Rudin said Tuesday during an interview.
Mr. Rudin said the captured information could be added to a data analytics warehouse that is available for use throughout the company for an endless range of purposes-from product development to more precise targeting of advertising.
Facebook collects two kinds of data, demographic and behavioral. The demographic data—such as where a user lives or went to school—documents a user's life beyond the network. The behavioral data—such as one's circle of Facebook friends, or "likes"—is captured in real time on the network itself. The ongoing tests would greatly expand the behavioral data that is collected, according to Mr. Rudin.
Continued : http://blogs.wsj.com/cio/2013/10/30/facebook-considers-vast-increase-in-data-collection/
Rogue Ads in Yahoo! Lead to Sirefef Infection
From the ThreatTrack Security Labs Blog:
Our researchers in the AV Labs are continuing to see fake software being served on unfamiliar sponsored links or ads found in search results. Recently, we found an ad for a fake browser on Yahoo! after doing a search for "google chrome browser". [Screenshot]
Clicking the first ad we highlighted above leads users to the website, softpack(dot)info/chrome/: [Screenshot]
Below this page are texts that read as follows: [Screenshot]
Text in the box:
"This site distributes software free of charge via WeDownload Manager which is compatible with PCs running Windows XP, Vista 7 or 8. Besides managing the download of your selected software, the download manager with make recommendations for commercial offers that you might be interested in. The additional software may include toolbars, browser add-ons and other types of software applications. You are not required to install any additional software to receive the software you are trying to download. You can completely remove any of the installed programs at any time in Windows Add/Remove programs. More info about the uninstalling can be found here.
Browse, search the internet, check the weather, Facebook or Twitter, read the latest nest, faster and easier, with Ominent Toolbar."
Tricks Dress up as Treats for Cyber-Halloween
Bitdefender's "HOT for Security" Blog:
From the darkest corners of the Internet, Halloween offers are creeping out in the open to taunt users with jaw-dropping discounts, as reported by Bitdefender labs. Apart from unbelievable dumping prices on costumes, ink, replica watches and designer clothes, this year's offer includes rogue AV and fake surveys. [Screenshot]
Scammers use quite a few buzz word combinations to grab people's attention and make sure their e-mails are open, their malicious attachments accessed and their fake surveys filled in. Spammers offer nothing but top-dollar deals:
Carters: Halloween, Michael Kors Glasses Frames, Glow-in-the-Dark Kids' Slippers
Halloween is almost near
BOO! Halloween is creeping up...shop Rockabye, Merkury Innovations, Oh-So Spooky Collection and more
Unique Halloween Costumes Order Now and Receive by Halloween!
Just in time for Halloween!
Shop Sexy Halloween Costumes
Get ready for Halloween its coming soon
The Halloween Boo-tique is Now Open! Gifts from $14.99
The Ultimate Halloween Costume Store
Continued : http://www.hotforsecurity.com/blog/tricks-dress-up-as-treats-for-cyber-halloween-7262.html
Looking for a last minute Halloween costume? Beware of ..
.. spooks in your browser!
From the "Malwarebytes Unpacked" Blog:
It's that time of year when people dress up and kids over-indulge in candy. Yes, Halloween is upon us!
Speaking of which, are you still looking for that last-minute perfect costume? There are plenty of online shops where you can select an outfit that will scare your friends half to death.
To stay with our theme, today we are going to dissect a drive-by download that happened while browsing a Halloween online store. [Screenshot]
This legitimate website suffered a malicious code injection, something very common if you are not running the latest version of your favorite CMS software or are using weak passwords.
Malicious code inject
Continued : http://blog.malwarebytes.org/intelligence/2013/10/looking-for-a-last-minute-halloween-costume-beware-of-spooks-in-your-browser/
Scary Code: Top 5 malware that kept researchers up at night
ESET's "We Live Security" Blog:
Which malicious code would be most frightening if sinister pieces of malware could rise from the dead on Halloween? Well, malware researchers spend all their time working with the creations of people who intend others harm, so you might expect they would be pretty immune to nervousness about the effects of malicious code. And it is true; a lot of us are very jaded about your average malware. Researchers certainly have a sense of the potential danger of the materials we are working with and are appropriately cautious, but there are some threats that are so scary that we will double or triple-check everything to make sure we cannot possibly let it loose somewhere accidentally.
While there are certainly other malware that has been more costly to fix or which spread much more widely, in terms of inconvenience or outright damage the following are the five malware that really give me the creeps:
Microsoft may end antivirus updates on XP in April
Just days after sending a clear message about the trouble awaiting Windows XP users next April when Microsoft ends security updates for the operating system (and for Office 2003), the company is saying that it may also stop delivering antivirus signature updates for Microsoft Security Essentials, their free antimalware product.
A spokesperson issued the following statement:
Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014. Running antivirus on out of support operating systems is not an adequate solution to help protect against threats. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape. In addition, Microsoft recommends best practices to protect your PC such as: 1) running up to date antivirus, 2) regularly applying security updates for all software installed, and 3) using modern software that has advanced security technologies and is supported with regular security updates.
Continued : http://www.zdnet.com/microsoft-may-end-antivirus-updates-on-xp-in-april-7000022645/
Related: Microsoft security research paint bleak picture for XP users