Spyware, Viruses, & Security forum


NEWS - April 18, 2014

by Carol~ Moderator / April 18, 2014 3:01 AM PDT
Tor network's ranks of relay servers cut because of Heartbleed bug

"To preserve security of network, Tor Project rejects hundreds of unpatched relays."

More than a week after the revelation of a fatal flaw in the most recent versions of the OpenSSL cryptographic library—the encryption at the heart of much of the Internet's security—a large number of systems associated with the Tor anonymizing network remain unpatched and vulnerable to attack. To protect the security of the network, the Tor Project flagged relay servers still susceptible to the Heartbleed bug for rejection, meaning they would not be allowed to pass traffic to the core of the network.

The Heartbleed bug, which allows attackers to retrieve bits of memory from the encryption engine, still affects about 10 percent of the relays and gateways that allow users to connect to the network, which could expose the encryption keys and even the IP addresses of users.

In a blog post on April 7, the Tor Project alerted users of the bug, which affected the Tor client, relay, and bridge software; Tor's "Hidden Service" darknet Web services; and even its internal directory servers. The Orbot client for Android was also vulnerable. The Tor Project team has been moving to provide patches for all of the components, and most of the core network was quickly secured.

Continued : http://arstechnica.com/security/2014/04/tor-networks-ranks-of-relay-servers-cut-because-of-heartbleed-bug/

Tor Begins Blacklisting Exit Nodes Vulnerable to Heartbleed
Tor may be forced to cut back capacity after Heartbleed bug
Heartbleed mega-bug clean up shrinks Tor network by an eighth
Tor relays vulnerable to Heartbleed dropped from anonymity network
Discussion is locked
You are posting a reply to: NEWS - April 18, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 18, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
3M Customer Credit, Debit Cards Stolen in Michaels, Aaron ..
by Carol~ Moderator / April 18, 2014 3:08 AM PDT
In reply to: NEWS - April 18, 2014
.. Brothers Breaches

Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.

The disclosure, made jointly in a press release posted online and in a statement on the company's Web site, offers the first real details about the breach since the incident was first disclosed by KrebsOnSecurity on January 25, 2014.

The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing.

Continued: http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/

3M payment cards compromised in Michaels Stores/Aaron Brothers breach
Michaels says breach at its stores affected nearly 3M payment cards
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Collapse -
Heartbleed Bug Sends Bandwidth Costs Skyrocketing
by Carol~ Moderator / April 18, 2014 3:08 AM PDT
In reply to: NEWS - April 18, 2014

[Screenshot: Certificates Revoked per Day]

The exposure of the Heartbleed vulnerability last week had a number of repercussions, one of which was to set off a mad scramble by companies to revoke the SSL certificates for their domains and services and obtain new ones.

The total costs of Heartbleed are yet to be calculated, but CloudFlare has come up with some stunning numbers that give us an idea of the price of a serious bug like this one.

Yesterday CloudFlare, which provides security for web sites, completed the process of revoking and replacing all of the SSL certificates for its customers, activity that forced issuer GlobalSign to update its Certificate Revocation List.

Continued: http://www.wired.com/2014/04/cost-of-heartbleed/

Collapse -
Android trojan app targets Facebook users
by Carol~ Moderator / April 18, 2014 3:08 AM PDT
In reply to: NEWS - April 18, 2014

"A computer Trojan injects messages into Facebook to trick users into installing Android malware, researchers from ESET said"

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

Security researchers from antivirus vendor ESET have identified a new variant of a computer banking Trojan called Qadars that injects rogue JavaScript code into Facebook pages when opened in a browser from an infected system. The injected code generates a message instructing users to download and install Android malware that can steal authentication codes sent to their phones via SMS.

These man-in-the-browser attacks are known as webinjects and have long been used by computer Trojans to display rogue Web forms on online banking websites with the goal of collecting log-in credentials and other sensitive financial information from users.

Continued : http://www.computerworld.com/s/article/9247732/Android_trojan_app_targets_Facebook_users

@ ESET : Facebook Webinject Leads to iBanking Mobile Bot

Collapse -
Google to Gmail users: We scan all of your emails
by Carol~ Moderator / April 18, 2014 3:09 AM PDT
In reply to: NEWS - April 18, 2014

Google Inc updated its terms of service on Monday, informing users that their incoming and outgoing emails are automatically analyzed by software to create targeted ads.

The revisions more explicitly spell out the manner in which Google software scans users' emails, both when messages are stored on Google's servers and when they are in transit, a controversial practice that has been at the heart of litigation.

Last month, a U.S. judge decided not to combine several lawsuits that accused Google of violating the privacy rights of hundreds of millions of email users into a single class action.

Users of Google's Gmail email service have accused the company of violating federal and state privacy and wiretapping laws by scanning their messages so it could compile secret profiles and target advertising. Google has argued that users implicitly consented to its activity, recognizing it as part of the email delivery process.

Continued : http://business.financialpost.com/2014/04/17/google-inc-gmail-scans/

Related: Google updates terms of service, includes word of user email scans

Collapse -
Zeus/rootkit combo delivered via Starbucks-themed emails
by Carol~ Moderator / April 18, 2014 3:09 AM PDT
In reply to: NEWS - April 18, 2014

Malware peddlers have been spotted impersonating popular coffeehouse chain Starbucks in order to trick users into downloading a rootkit-equipped variant of the Zeus banking Trojan.

The attack starts with an email made to look like it was sent by the company: [Screenshot]

The criminals have used several tricks to make the potential victims believe the email is genuine and important enough to be perused immediately and the attachment downloaded and run: they included the company logo, the message was sent with the "High importance" option checked, they have offered something for free (a gift from an anonymous friend).

Still, they also made several mistakes, and discerning users will spot that the emails have not been sent from a legitimate-looking email address (Gmail and Yahoo mail accounts have been used in this particular case) and the attached "menu" is actually an executable instead of a PDF or text file.

Continued : http://www.net-security.org/malware_news.php?id=2753

Collapse -
Phishers Bypass Steam Guard Protection
by Carol~ Moderator / April 18, 2014 3:09 AM PDT
In reply to: NEWS - April 18, 2014

"Malwarebytes Unpacked" Blog:

I was digging through some recent Steam related phish pages, and came across something I haven't seen before: a new way to steal Steam accounts while bypassing an additional security measure.

Typically a Steam phish page asks for username and password, like all phish attacks - often these can be foiled by enabling Steam Guard on your account.

What is Steam Guard?

When logging in on a PC you haven't used before, Steam Guard will pop a window asking for a verification code which will have been sent to your email address. Without the code, you can't log in. Scammers have come up with a somewhat novel way to try and get around this security measure.

How do they do it?

A potential victim will navigate to the phish page and enter their Username and Password.

At this point, they'll be greeted with the following pop-up box: [Screenshot]

Continued : http://blog.malwarebytes.org/fraud-scam/2014/04/phishers-bypass-steam-guard-protection/

Cybercriminals Can Hijack Steam Accounts with Steam Guard Enabled
Beware of clever phishing scam that bypasses Steam Guard

Collapse -
Trend Micro releases free Heartbleed scanners for Android,
by Carol~ Moderator / April 18, 2014 3:11 AM PDT
In reply to: NEWS - April 18, 2014
.. Chrome

Trend Micro has announced the availability of two free scanners for the Heartbleed bug, meant for Google Chrome and Android. The first, a browser add-on, allows users to enter and check any specific URL.

The second, an Android app, is a little more advanced. It checks whether your device or apps are directly affected by the bug, or whether any installed apps access a cloud service which is still vulnerable.

If there are any problems, you'll be informed. Highlighting any affected app displays more details, including the name of the vulnerable server.

If you don't plan on using the app for a while then you can wait, and scan again later. But there's also an Uninstall button to remove it right away.

Continued : http://betanews.com/2014/04/18/trend-micro-releases-free-heartbleed-scanners-for-android-chrome/
Collapse -
Fake Facebook Chat Verification Used for Spam
by Carol~ Moderator / April 18, 2014 5:19 AM PDT
In reply to: NEWS - April 18, 2014

TrendLabs Security Intelligence Blog:

Facebook users are once again the target of a malicious scheme—this time in the form of a notification about "Facebook Chat".

The spammed notification pretends to come from the "official Facebook Chat Team." A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement. [Screenshot

The spam tries to sound urgent to convince users to verify their accounts. To do so, they are first asked to to go to a Pastebin URL and are instructed to copy a specific code. The set of instructions differ depending on what browser is being used (Google Chrome, Mozilla Firefox, or Internet Explorer).

Continued: http://blog.trendmicro.com/trendlabs-security-intelligence/fake-facebook-chat-verification-used-for-spam/

Collapse -
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
by Carol~ Moderator / April 18, 2014 8:34 AM PDT
In reply to: NEWS - April 18, 2014

A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection.

Incident response and forensics firm Mandiant shared some details on a recent investigation of an incident that began April 8, one day after Heartbleed was publicly disclosed. Mandiant said the attackers exploited the security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions.

This is just the latest in an escalating series of attacks leveraging Heartbleed, which is a problem in OpenSSL's heartbeat functionality, which if enabled, returns 64KB of memory in plaintext to any client or server requesting a connection. Already, there have been reports of attackers using Heartbleed to steal user names, session IDs, credentials and other data in plaintext. Late last week came the first reports of researchers piecing together enough information to successfully reproduce a private SSL key.

Continued : http://threatpost.com/targeted-attack-uses-heartbleed-to-hijack-vpn-sessions/105567

Related: Heartbleed maliciously exploited to hack network with multifactor authentication

Collapse -
Screen unwanted calls without one-at-a-time blocking
by Carol~ Moderator / April 18, 2014 8:34 AM PDT
In reply to: NEWS - April 18, 2014

"The free Nomorobo service and AT&T's Privacy Manager help reduce the number of nuisance calls that aren't blocked by the Do Not Call registry."

Sometimes it seems I should be answering my phone by asking, "What are you selling?" Even though our home and mobile numbers were added to the Federal Trade Commission's Do Not Call Registry as soon as we received them, the unsolicited nuisance calls persist.

That's because the government's registry blocks only telemarketers -- and not all of them. While most honest telemarketing firms honor people's wishes not to receive such calls, many ignore the requirement not to contact numbers on the list, as David Lazarus of the Los Angeles Times reported last July.

Also, the Do Not Call restrictions don't apply to charities, poll takers, and political groups. In addition, any company with whom you've done business is allowed to call you as long as 18 months after your last purchase, delivery, or payment, as the FTC's Do Not Call FAQ for Business indicates.

Continued : http://www.cnet.com/how-to/screen-unwanted-calls-without-one-at-a-time-blocking/

Collapse -
Scam Easter Basket Packed with Fake Vouchers, Viagra and ...
by Carol~ Moderator / April 18, 2014 9:27 AM PDT
In reply to: NEWS - April 18, 2014
... Religious Fraud

Bitdefender's "HOT for Security" Blog:

Cyber-criminals are hiding dangerous goodies among the Easter eggs and chocolate bunnies that users are hoping for, warns antivirus software provider Bitdefender.

The increasing wave of dangerous spam hitting the US, the UK and other countries these days invades users' inboxes with offers for fake vouchers, personal loans, replica watches and dubious candy surveys. Personalized Easter baskets, bunnies, and gifts are also packed with dangerous fraudulent links. [Screenshot]

Fake Viagra shops and religious scams are also included in this year's Easter scam basket. Users are invited to discover God's plan with their life in one moment and are tempted with holiday Viagra offers the next.

Continued : http://www.hotforsecurity.com/blog/scam-easter-basket-packed-with-fake-vouchers-viagra-and-religious-fraud-2-8427.html

Related: Dangerous spam targets Brits with fake Easter offers

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!