Spyware, Viruses, & Security forum

Alert

NEWS - April 06, 2012

by Carol~ Moderator / April 6, 2012 2:11 AM PDT
Microsoft and Adobe to address critical vulnerabilities on Patch Tuesday

The Tuesday after the Easter weekend, 10 April, is set to be a busy one for system administrators as Microsoft and Adobe have sent out notifications that they will both be issuing fixes for critical vulnerabilities in their products.

Microsoft's April notification says there will be four critical advisories concerning Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Microsoft Server and Developer tools, which all lead to remote code execution. A fifth remote code execution vulnerability in Office is marked as important, as is a sixth information disclosure issue in Microsoft's Forefront United Access Gateway. The critical bulletins will affect all versions of Windows, from Windows XP SP3 to Windows Server 2008R2. One critical bulletin for Internet Explorer covers IE 6, 7, 8 and 9

Adobe's prenotification advisory says that high priority fixes for Adobe Reader and Adobe Acrobat 9.5 and earlier 9.x versions for Windows will be released on 10 April. Adobe places a lower priority on fixes that it will be issuing for the same versions of Reader and Acrobat on Macintosh and for Reader on Linux. It also gives that same lower priority to patches for Adobe Reader X and Acrobat X on Windows and Macintosh.

http://www.h-online.com/security/news/item/Microsoft-and-Adobe-to-address-critical-vulnerabilities-on-Patch-Tuesday-1517301.html

See:
Microsoft Security Bulletin Advance Notification for April 2012
Prenotification Security Advisory for Adobe Reader & Acrobat
Discussion is locked
You are posting a reply to: NEWS - April 06, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 06, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Google Chrome fixes seven high-risk vulnerabilities
by Carol~ Moderator / April 6, 2012 3:19 AM PDT
In reply to: NEWS - April 06, 2012

Google has announced updates to the Stable and Beta channels of their Chrome browser, fixing several bugs and twelve security vulnerabilities. Seven of the twelve security fixes were classed as high-risk problems and Google paid a total of $6000 to the researchers who discovered the bugs.

The update also includes a new version of the bundled Flash Player. Adobe have revised the Flash Player advisory from the end of March to include fixes for a Chrome/Flash only pair of memory corruption issues listed as CVE-2012-0724 and CVE-2012-0725. Given that these issues only affect Chrome and Chrome manages its own update, it is unlikely that Adobe will be reissuing or updating the advisory or patches for other browsers and platforms.

The seven high risk vulnerabilities are bugs that left several Chrome components open to being exploited by using memory after it had been freed. Many of these issues are detected using AddressSanitizer. The Chrome developers have also fixed several cross-origin problems and two issues where the browser could be exploited to read from memory where it shouldn't. Details of these vulnerabilities are not available yet as Google usually gives the updates some time to roll out before it publishes further information. This is done to prevent attackers from reverse engineering the vulnerabilities before the updates have a chance to reach all affected systems.

Continued : http://www.h-online.com/security/news/item/Google-Chrome-fixes-seven-high-risk-vulnerabilities-1517293.html

Also: Google Patches 12 Flaws in Chrome

For further details see Vulnerabilities / Fixes: Google Chrome Multiple Vulnerabilities

Collapse -
Sophos Pulls Partner Portal After Signs of Hacking
by Carol~ Moderator / April 6, 2012 3:22 AM PDT
In reply to: NEWS - April 06, 2012

Security firm Sophos has taken its partner portal offline and will reset every user's password after it found signs of a potential security breach on the server hosting it.

"Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information," Sophos said in a security alert posted on its website.

The company's staff found the unauthorized applications during a routine security check on April 3, and the potentially compromised server was immediately taken offline for further investigation, the company said.

Sophos could not establish if the data stored in the website's database, which includes partners' names and business addresses, email addresses, contact details, and hashed passwords, had been stolen. However, it decided to proceed under the assumption that it had.

The website will be restored after the security audit is completed and the problem is remediated. However, all user passwords will be forcibly reset as an additional precaution.

Continued : http://www.pcworld.com/businesscenter/article/253353/sophos_pulls_partner_portal_after_signs_of_hacking.html

Also: Sophos shutters partner portal after hack attack

Collapse -
LulzSec hacker pleads guilty to anti-Sony ops??
by Carol~ Moderator / April 6, 2012 3:22 AM PDT
In reply to: NEWS - April 06, 2012

Accused LulzSec hacker Cody Kretsinger - aka "Recursion" - has entered a guilty plea in a California federal court.

??According to court documents obtained by Reuters, Kretsinger admitted to taking part in an extensive campaign against Sony Pictures Entertainment, pleading guilty to conspiracy and unauthorized impairment of a protected computer.?

"I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website," Kretsinger told the judge.

Kretsinger also confirmed that the extracted data was transferred to other members of the Anonymous offshoot who subsequently posted it on the group's website and Twitter. ??

Kretsinger, along with Sabu (aka Hector Xavier Monsegur) and Topiary (aka Jake Davis) stand accused of stealing the personal information of thousands after launching an SQL injection against Sony's website and racking up more than $600,000 in damages.??

Continued : http://www.tgdaily.com/security-features/62589-lulzsec-hacker-pleads-guilty-to-anti-sony-ops

Also: Accused LulzSec member pleads guilty to hacking Sony

Collapse -
Scammers Suck the Data Out of Twilight Fans on Facebook With
by Carol~ Moderator / April 6, 2012 3:22 AM PDT
In reply to: NEWS - April 06, 2012
.. Fake Movie Ticket Giveaway

From Bitdefender's Malware City Blog:

"Scam announces free ticket giveaway, collects Twilight Saga fans' personal data"

Cybercriminals are capitalizing on the success of the Twilight Saga and the sizzling debate over the date of the next movie release to suck the data out of Facebook users with a "free tickets" scam. [Screenshot]

The Twilight Saga is a long standing box-office success and a focus of public attention for years. From its debut in 2008, which raised the cash-ins bar at almost $400 million worldwide, to its latest Breaking Dawn (Part 1) release, with $139 million on opening week-end - making it the fifth-largest opening ever domestically, and the 10th best worldwide - the vampire saga and all of its marketing stints are worth keeping an eye on.

Breaking Dawn Part 1 hit theatres in November 2011. There is a lot of speculation about the release of Part 2 as the producers kept the suspense going with statements about several dates being considered. Based on the history of Twilight releases so far, the much expected answer could be June or November, although other movie scheduled to come out in summer seem to rule out the first option.

A Facebook message promoting an alleged Breaking Dawn Part 2 ticket giveaway turns out to be a straightforward personal data collection scheme. [Screenshot]

Continued : http://www.malwarecity.com/blog/scammers-suck-the-data-out-of-twilight-fans-on-facebook-with-fake-movie-ticket-giveaway-1279.html
Collapse -
"Easter Egg" Searches Point to Fake AV
by Carol~ Moderator / April 6, 2012 3:22 AM PDT
In reply to: NEWS - April 06, 2012

With Easter approaching fast and everyone rushing to prepare all sorts of goodies and decorations for the holiday, it's likely that Google and other popular services will get a lot of requests to search for "Easter eggs" and other related topics. Cybercrooks rely on this to launch their malware-serving campaigns.

Sophos experts found that when searching for "easter eggs + decorating tips easter secrets," the first result users are presented with actually points to a website that pushes a piece of scareware called "Windows Care Taker."

Windows Care Taker is a fake AV part of the family of rogue applications we've described a few days ago.

According to Sophos, a lot of .info sites are registered and cleverly set up to serve visitors with all sort of nasty elements.

"The reason why SEO attacks are successful, is that all of us tend to trust search engine results. After searching for something we happily click any of the links high up in the first page of results," said Fraser Howard, principal virus researcher at SophosLabs.

First of all, you can take a look at the name of the website you are about to be directed to, before clicking on the search engine result. If the name of the site has nothing to do with "Easter eggs", it may mean that something malicious may be hiding on it.

Continued : http://news.softpedia.com/news/Easter-Egg-Searches-Point-to-Fake-AV-263192.shtml

Also: Searching for Easter eggs leads to malware

Collapse -
Free malware scanning and blacklist monitoring for websites
by Carol~ Moderator / April 6, 2012 3:22 AM PDT
In reply to: NEWS - April 06, 2012

Comodo released SiteInspector, a free malware scanning and blacklist monitoring for websites. The free service allows website owners to set up recurring, daily checks on any 3 pages of a domain.

If malware is discovered or if the website is found on any one of a range of website blacklisting services, then the account owner is immediately notified via email.

Traditionally, viruses and malware were activated only after proactive user interaction (for example, double clicking on an infected mail attachment). Unfortunately, hackers today are far more adept at distributing their malicious code and a 'drive-by-download' malware attack can be triggered simply because a user visits a web page. Perhaps more alarming is that the owner of the website can often be unaware that their site is hosting this malware

Continued : http://www.net-security.org/malware_news.php?id=2058

Also: Comodo Launches Free Malware Scanning Service

Collapse -
Security hole in Facebook iOS app doesn't require jailbreak
by Carol~ Moderator / April 6, 2012 6:01 AM PDT
In reply to: NEWS - April 06, 2012

"Security hole in Facebook iOS app doesn't require jailbreak or theft, and Dropbox has it too [Updated]"

Earlier today, security researcher Gareth Wright revealed the discovery of a security hole in the Facebook app for mobile devices running iOS and possibly Android. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device.

Now, The Next Web has discovered that popular file-syncing app Dropbox also exhibits the vulnerability. Updated with statement from Dropbox below.

As we noted earlier, the vulnerability lies with the app itself, as it stores this information in plain text, rather than encrypting or packaging it so that it cannot be accessed.

Facebook has responded, sending out the following statement:

'Facebook's iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.

We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device.


At first glance, the statement appears to indicate that you're only vulnerable to this kind of profile theft if you jailbreak your device. We have confirmed that this is completely untrue. Your Facebook app on iOS is absolutely vulnerable because using a tool like iExplore, which is what Wright used to perform his white label hack, does not require a jailbreak.

Continued : http://thenextweb.com/mobile/2012/04/06/security-hole-in-facebook-ios-app-doesnt-require-jailbreak-or-theft-and-dropbox-has-it-too/

Related:
Facebook logins easily slurped from iOS, Android kit
Facebook logins aren't being properly protected on iPhones, iPads and Android devices

Collapse -
'Polymorphic' Facebook Scam Attacks with Each Click
by Carol~ Moderator / April 6, 2012 6:02 AM PDT
In reply to: NEWS - April 06, 2012

"'Polymorphic' Facebook Scam Attacks from Different Angle with Each Click"

"Complex attack promises leaked sex video, delivers morphed payload through poisoned browser extensions"

A Facebook scam disguised as an invite to view a leaked sex video allows cybercriminals to infect different users with different malware in a highly efficient "polymorphic" attack that could end in bank fraud, invasion of privacy, or a wave of illicit porn advertising.

The scam starts with a Facebook post which features an alluring thumbnail, the first frame of the alleged sex tape. [Screenshot]

Users who click the link included in this post are told they must install a Divx plugin to actually view the video. [Screenshot]

The page recommending users to install the missing plugin features several other elements to encourage users to keep clicking:

a) The video's name hints that the sex tape belongs to a celebrity.

b) The warning that the user's antivirus must be disabled works on reverse psychology: though prospective viewers know this action is risky, they do it precisely because they have been warned about it.

Continued : http://www.malwarecity.com/blog/polymorphic-facebook-scam-attacks-from-different-angle-with-each-click-1278.html

Collapse -
Free Anti-virus: Worth Every Penny?
by Carol~ Moderator / April 6, 2012 6:02 AM PDT
In reply to: NEWS - April 06, 2012

David Harley @ the ESET Threat Blog:

Andrew Lee just drew my attention to a poll carried out by an IT magazine in the UK, asking the question 'Do you think it's necessary to use paid-for anti-virus software to effectively protect your PC?' Clearly this is a question that a lot of people ask, but the answer is more complicated than you might think. [Note: After this post was published, Andrew made a couple of additional comments that I thought were worth including in the main text and you can find them here.] Now on to the survey, and the three answers it offers, in case you feel like responding to it:

• Yes
• No
• Not Sure

But before you rush off to the web site to tick/check one of those boxes, let me tell you why this is the wrong question. (Unless they'll let you select all three.)

• Firstly, it assumes that anti-virus software can effectively protect your PC. It can, but not all by itself. It only defends against a subset (albeit a large subset) of the threats that are ranged against even home users today. It doesn't catch all malware. So it doesn't provide complete, stand-alone protection.
• Secondly, it assumes that free anti-virus is as effective as a scanner you have to pay for. And in some respects, it often is. But just as there is more to protection than anti-virus, so there is more to anti-virus than the number of malicious programs it can detect.

That was the executive summary. Now I've got your attention (I hope), let me get to the (slightly) more technical detail.

How do you define protection?

If the answer is along the lines of "if I install AV (free or for-fee), I don't have to worry about security any more", I'm afraid you're wrong.

Continued : http://blog.eset.com/2012/04/05/free-anti-virus-worth-every-penny

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?