10 total posts
"Stop spy on us!" 14 NASA sites hacked
As of Friday afternoon, a notice on NASA's kepler.arc.nasa.gov website was reading "Down for Maintenance: The requested webpage is down for maintenance. Please try again later."
The site is only one of what appear to be 14 hacked subdomains, hosted in the heart of Silicon Valley, that were defaced on Tuesday and stayed offline for some time. Pastebin has listed the URLs here.
According to CWZ: Cybercrime Revealed, a hacker/hackers using the handle BMPoC posted a deface page along with a message on all the hacked websites that linked the attack to possible US military intervention in Syria, as well as to US spying on Brazil.
NASA HACKED! BY #BMPoCWe! Stop spy on us! The Brazilian population do not support your attitude! The Illuminati are now visibly acting!
Obama heartless! Inhumane! you have no family? the point in the entire global population is supporting you. NOBODY! We do not want war, we want peace!!! Do not attack the Syrians
The hacker is apparently the same one who took down four NASA domains in April 2013, according to Hack Read.
Spam Leads to Multi-Platform Mobile Threat
TrendLabs Security Intelligence Blog:
Mobile threats can arrive via different methods. We have discussed at length the presence of malware in third-party app stores and even official app stores. We have also mentioned malware via text messages. We recently found one that took advantage of yet another method: spam.
We encountered samples of spammed messages that were supposedly WhatsApp notifications. The message says that the user has received new voicemail. The message tries to make it more believable by including details such as the time and length of the call. [Screenshot]
On a PC, once you click on the "play" button, you will be sent to a malicious site. This new site warns you that your browser is outdated and needs to be updated. Should you click the download button, malware will be downloaded onto your computer. [Screenshot]
However, it would seem like PCs were something of an afterthought. On a Windows PC, the site will download browser_update_installer.jar, detected as J2ME_SMSSEND.AF - which is a Java file for the mobile version. It is not a particularly well-suited file for a desktop.
Related : Fake "new voicemail" notification targets Android WhatsApp users
DuckDuckGo going straight up
"Search engine aggregator-turned-privacy-paragon DuckDuckGo logs meteoric growth in the wake of NSA revelations"
DuckDuckGo, widely lauded as the largest search engine that protects your privacy by design, has just hit an average 4 million daily searches, so far in September. That's up from a 1.6 million average in March, and 1.4 million in September 2012 -- much more than doubling its average in six months and almost tripling it year-over-year.
The NSA revelations haven't been bad for everyone in the industry.
Of course that's a very tiny drop in the big bit bucket: ComScore reports that Google sites had 12.8 billion "explicit core searches" in August, or more than 400 million per day. Microsoft sites had 3.4 billion (about 100 million per day), and Yahoo had 2.2 billion (70 million per day).
Even though the DuckDuckGo numbers are small by comparison, it's comforting to know that almost 1 percent of searchers would rather keep their search terms private
DuckDuckGo started as a search engine aggregator -- you type your search terms into DuckDuckGo, and it goes out and retrieves results from "about 50" search engines, mashing the results together and presenting them to you. By design, DuckDuckGo doesn't collect or store any personal information about you, and it doesn't send your information to the sites it scrapes. That lack of privacy gouging has become DuckDuckGo's biggest selling point. Simple, elegant, and by all appearances jimmy- (or at least NSA-) proof.
Continued : http://www.infoworld.com/t/web-services/duckduckgo-going-straight-226778
Security of Java takes a dangerous turn for the worse,
... experts say
"Beware of increasingly advanced exploits targeting flaws that will never be fixed"
The security of Oracle's Java software framework, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits, security researchers said.
The most visible sign of deterioration is in-the-wild attacks exploiting unpatched vulnerabilities in Java version 6, Christopher Budd, threat communications manager at antivirus provider Trend Micro, wrote in a blog post published Tuesday. The version, which Oracle stopped supporting in February, is still used by about half of the Java user base, he said. Malware developers have responded by reverse engineering security patches issued for Java 7 and using the insights to craft exploits for the older version. Because Java 6 is no longer supported, those same flaws will never be fixed.
"This is a large pool of vulnerable users who will never be protected with security fixes and so [they're] viable targets for attack," Budd said.
Microsoft updates display 'worrisome' decline in quality
"Never-ending demands to install quartet of Office security updates is the latest in a series of missteps"
Microsoft on Friday acknowledged it had rewritten four of its security updates issued just three days earlier after customers reported never-ending demands that they be installed, even though they had been.
The flawed updates were just the latest in a disturbing trend of quality problems in Microsoft's security and stability updates. The repeated installation requests followed Microsoft's yanking of a non-security update last week, as well as buggy fixes shipped in August and April that blocked access to server-based email mailboxes and crippled Windows 7 PCs.
"Worrisome," is how Andrew Storms, director of DevOps at San Francisco-based cloud-oriented security vendor CloudPassage, put it when asked about the trend in an interview conducted via instant messaging Friday. "Are we starting to see a shift back to when people called Microsoft the necessary PITA [pain in the ass]?"
According to Microsoft, it's already fixed the four updates that were dunning customers with installment demands. "We have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM)," the company said on an Office engineering blog. "We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates."
Continued : http://www.computerworld.com/s/article/9242408/Microsoft_updates_display_worrisome_decline_in_quality
WHOIS Privacy Plan Draws Fire
Internet regulators are pushing a controversial plan to restrict public access to WHOIS Web site registration records. Proponents of the proposal say it would improve the accuracy of WHOIS data and better protect the privacy of people who register domain names. Critics argue that such a shift would be unworkable and make it more difficult to combat phishers, spammers and scammers.
A working group within The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that oversees the Internet's domain name system, has proposed scrapping the current WHOIS system — which is inconsistently managed by hundreds of domain registrars and allows anyone to query Web site registration records. To replace the current system, the group proposes creating a more centralized WHOIS lookup system that is closed by default.
According to an interim report (PDF) by the ICANN working group, the WHOIS data would be accessible only to "authenticated requestors that are held accountable for appropriate use" of the information.
Google Voice is improving its voicemail security
In an attempt to make it harder for people to hack into your voicemail, Google is introducing a couple of new security features to its online telephone service - Google Voice.
The hardened security will mean that you will have to access your voicemail messages from a number you have already registered with the service.
If you try to call your voicemail from a number that Google Voice doesn't already have on record for you, you will need to enter one of your registered forwarding numbers before also entering your PIN code.
And here's some good news. Google is increasing the maximum length of its Google Voice PIN codes from 4 digits to 10. [Screenshot]
It's always a good idea to have strong security on your voicemail - whether it be provided by Google Voice or traditional phone services. Just ask the many people who fell victim to "phone hacking" by the British tabloid newspapers. Of course, whether you trust Google for your phone and voicemail services is a whole separate debate.
Revoyem Ransomware Sinks to New Low
A strain of the Revoyem ransomware, also known as DirtyDecrypt, is aggressively spreading beyond Germany and Great Britain, the first two countries in which it was spotted back in March. A researcher who goes by the handle Kafeine reports on his Malware Don't Need Coffee website that Revoyem is being aggressively distributed internationally.
Victims are generally infected on pornographic websites with the malware, Kafeine reports in a blogpost. It then takes a turn for the worst, redirecting victims via a TrafficHolder malvertising ad to page hosting child pornography which drops the Styx exploit kit on the victim's machine and the DirtyDecrypt ransomware locking the victim's computer and informing the victim they've just viewed illegal content.
"This is amplified [because] it's true, you just viewed illegal content even if you've been driven there against your will," Kafeine said.
Ransomware generally follows a similar pattern, though previous strains of the malware have forgone actually displaying child pornography. The victim's computer is locked by the malware and displays a banner purporting to be from a law enforcement agency. Sometimes these banners are regionalized, i.e., a U.S.-based infection will display an FBI banner informing the victim they must pay a "fine" in order for their machines to be returned to normal working order.
Microsoft Releases Fix It Tool as Attackers Target IE
Microsoft pushed out an emergency Fix It tool to close a security vulnerability being exploited in attacks against Internet Explorer 8 and 9.
So far there have only been a limited number of targeted attacks focused on the issue. According to Microsoft, the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability could corrupt memory in a way that could permit an attacker to execute code in the context of the current user within IE.
"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type," blogged Dustin Childs, Group Manager of Response Communications for Trustworthy Computing. "This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks."
Continued : http://www.securityweek.com/microsoft-releases-fix-it-tool-attackers-target-internet-explorer-vulnerability