8 total posts
Fake Facebook app attack can lead to your Android being ..
.. spied upon, and your bank account being hacked
The ESET "We Live Security" Blog:
Are you a Facebook user?
If so, be on your guard if you see a screen like the following popping up on your screen: [Screenshot]
Hopefully the poor grammar is enough to trigger your alarm bells, and prevent you from entering your mobile phone number.
But if it's not, there is a risk that malicious hackers could soon be listening in to the calls made on your Android smartphone, intercepting your SMS text messages, and even listening in to any private conversations you are having in the vicinity of your phone.
And, if the hackers can read your SMS messages, they can potentially break into your online bank accounts too.
Continued : http://www.welivesecurity.com/2014/04/22/facebook-android-bank/
Related : Android trojan app targets Facebook users
Secunia: Fixing OpenSSL's Heartbleed flaw will take MONTHS
Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnerable to the infamous OpenSSL security flaw.
Heartbleed most obviously affected secure web servers but also hit routers and other networking equipment, as well as a wide array of other enterprise technology.
And the bundling of the faulty OpenSSL library means applications vulnerable to Heartbleed include everything from VPN software, messaging and VoIP apps, among others. A large number of smartphones (specifically those running Android 4.1) are also on the danger list.
Kasper Lindgaard, Secunia head of research, told El Reg that other items vulnerable to Heartbleed include switches and servers.
Continued : http://www.theregister.co.uk/2014/04/22/heartbleed_repairs_may_take_months/
An Allegation of Harm
In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the harm allegedly caused to consumers by just one of the 1,300 customers of that ID theft service — an Ohio man the government claims used the data to file fraudulent tax returns on dozens of Americans last year.
In February, I was contacted via Facebook by 28-year-old Lance Ealy from Dayton, Ohio. Mr. Ealy said he needed to speak with me about the article I wrote in October 2013 — Experian Sold Consumer Data to ID Theft Service. Ealy told me he'd been arrested by the U.S. Secret Service on Nov. 25, 2013 for allegedly using his email account to purchase Social Security numbers and other personal information from an online identity theft service run by guy named Hieu Minh Ngo.
Continued : http://krebsonsecurity.com/2014/04/an-allegation-of-harm/
Supposedly patched router backdoor was simply hidden
When security systems' engineer and researcher Eloi Vanderbeken discovered the existence of a backdoor in his own Linksys router last Christmas, he spurred other hackers to check what other routers have the same backdoor. The results of this investigation was that 24 DSL router models from Cisco, Linksys, Netgear, and Diamond were confirmed to be vulnerable.
The backdoor has been tied with Sercomm - the firm that builds these routers for the aforementioned companies - and the specific firmware they install on the devices. A month after the discovery, those companies have pushed out a new version of the firmware that apparently closed the backdoor. Only it didn't - it merely hid it.
Related: Easter egg: DSL router patch merely hides backdoor instead of closing it
Some sites have plugged Heartbleed, but 1000's haven't, says
.. security firm
According to Computerworld, Sucuri Security, a Calif.-based Internet security outfit, says that of the top 1 million sites on the Web as ranked by Alexa (a service which measures what websites are most popular based on Web data that it gathers), as much as two percent of those sites are still susceptible to the Heartbleed OpenSSL bug. However, Sucuri exec Daniel Cid said in an email that the top 1,000 Alexa sites were all safe from the bug, or have been patched and are not at risk anymore. The findings are accurate as of last week.
Sucuri also found that 0.53 percent of the 10,000 most popular sites were vulnerable, with that number rising to 1.5 percent among the 100,000 most popular sites. The percentages break down like this: 53 of the top 10,000 sites were at risk, 1,595 of the top 100,000 sites were vulnerable, and 20,320 of the 1,000,000 most popular sites were still susceptible to Heartbleed.
"We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues. However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better," Cid said in a blog post.
Continued : http://www.digitaltrends.com/computing/sites-plugged-heartbleed-thousands-havent-says-security-firm/