Spyware, Viruses, & Security forum


NEWS - April 25, 2013

Critical app flaw bypasses screen lock on up to 100 million Android phones

"Skype-rival Viber confirms the bug allows hackers to take control of locked devices." - [Screenshot]

A critical flaw in an Android app downloaded as many as 100 million times allows attackers to take full control of handsets even when they're protected by screen locks.

The vulnerability in the Skype rival known as Viber affects Android smartphone brands such as Samsung, Sony, and HTC, according to a blog post published Tuesday by Bkav Internet Security. Although attack techniques differ from model to model, they all exploit programming logic in the way Viber handles popup messages, researchers with the company wrote.

A spokesman Viber Media, maker of the affected app, said company officials learned of the vulnerability on Wednesday and plan to release a fix next week.

Continued : http://arstechnica.com/security/2013/04/crital-app-flaw-bypasses-screen-lock-on-up-to-100-million-android-phones/

Viber Exploit Lets Hackers Unlock Your Android Phone
Viber app enables lock screen bypass
Discussion is locked
You are posting a reply to: NEWS - April 25, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 25, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Twitter Now Has a Two-Step Solution

In reply to: NEWS - April 25, 2013

Twitter has a working two-step security solution undergoing internal testing before incrementally rolling it out to users, something it hopes to begin doing shortly, Wired has learned.

Such a system will drastically reduce the risk of Twitter users having their accounts hacked, something that has been experienced by everyday users and major companies like the Associated Press, the BBC and 60 Minutes.

Two-step (also known as two-factor or multifactor) authentication can prevent a hacker from gaining access to an account far more effectively than a password alone. When logging in from a new location, it requires users to enter a password and a randomly generated code sent to a device, typically via a text message or smartphone application. In other words, accessing an account requires having two things: something you know (the password) and something you have (a previously registered device).

Twitter posted a job listing for software engineers in February to build such a solution.

Continued : http://www.wired.com/threatlevel/2013/04/twitter-authentication/

Hijacking of AP Twitter Account Renews Calls for Two-Factor Authentication
Two-step authentication for Twitter accounts coming soon
Twitter Security in Crosshairs After AP Account Hijack

Collapse -
How Not to Install an ATM Skimmer

In reply to: NEWS - April 25, 2013

Experts in the United States and Europe are tracking a marked increase in ATM skimmer scams. But let's hope that at least some of that is the result of newbie crooks who fail as hard as the thief who tried to tamper with a Bank of America ATM earlier this week in Nashville.

Nashville police released a series of still photos (which I made into a slideshow, below) that show a man attaching a card skimming device to a local ATM, and then affixing a false panel above the PIN pad that includes a tiny video camera to record victims entering their PINs. According to Nashville NBC affiliate WSMV.com, this scammer's scheme didn't work as planned: The card skimmer overlay came off of the ATM in the hands of the first customer who tried to use it.

As you can see in the image montage, the first would-be victim arrives less than seven minutes after the thief installs the skimmer. The story doesn't state this, but the customer who accidentally pulled the card skimmer off of the ATM actually drove off with the device. Interestingly, the fraudster returns a few minutes later to salvage what's left of his kit (and perhaps his pride).

Continued : http://krebsonsecurity.com/2013/04/how-not-to-install-an-atm-skimmer/

Collapse -
Redkit malware exploit gang has message for Brian Krebs

In reply to: NEWS - April 25, 2013

The Redkit malware exploit gang has a message for security blogger Brian Krebs

Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.

The fact that Krebs has shut down spam operations, helped dismantle botnets, given the notorious Russian Business Network more than the odd headache, has made him plenty of enemies in the internet underground.

Just last month, online crooks launched a DDoS (distributed denial-of-service) attack against Krebs's blog, and sent an armed SWAT team around to his house.

So, I was interested to hear from SophosLabs researcher Fraser Howard what he had uncovered inside the latest version of the Redkit exploit kit what appeared to be a message for Brian Krebs. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2013/04/25/redkit-exploit-brian-krebs/
Collapse -
Security policies: remote access programs

In reply to: NEWS - April 25, 2013

From the Kaspersky Labs Weblog:

The experience of many information security officers shows that only a small portion of security incidents take place as a result of meticulously planned and sophisticated targeted attacks, while most incidents are due to a lack of effective security and control measures. This post begins a series of publications about IT security threats associated with the use of legitimate software.


Hugely popular, easy-to-use and practical, remote access tools have been appreciated by system administrators and developers alike, as well as by anyone who has ever needed to log on to a work computer from a remote location, whether traveling on business, working from home, or caught out by an emergency while on vacation. However, unregulated use of this software poses a threat to corporate security and may lead to security incidents.

Continued: http://www.securelist.com/en/blog/876/Security_policies_remote_access_programs

Collapse -
Facebook Shuts Down Group Offering Fraud 'Services'

In reply to: NEWS - April 25, 2013

A Facebook group that offered fraud 'services' was recently shut down after the social network found its members published credit card details, networks of hacked computers and other illegal information, according to The Guardian.

The group identified by RSA security researchers included a list of stolen identities apparently obtained by a member. The fake profile, launched on 28 February, gathered 163 "likes" and engaged 20 regular contributors.

"Security issues, from malware to cybercrime, exist across the whole of the web," Facebook representatives told The Guardian. "Although security consultants would have you believe otherwise, cybercrime isn't a big issue on Facebook. While the site has 30 million people using it in the UK, very few people ever encounter malware or cybercrime [on the site]."

In one post, a member asked the group's creator to send him a private message, then published six stolen identities, probably credit card details he wasn't able to use.

Continued : http://www.hotforsecurity.com/blog/facebook-shuts-down-group-offering-fraud-services-6031.html

Collapse -
New incoming fax message is actually malware - be on guard

In reply to: NEWS - April 25, 2013

Computer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax.

I can't remember the last time I used a fax machine.

The one which until recently sat in the corner of the Naked Security office was certainly unloved by all, only seeming to find a purpose to its sorry existence when junk faxers would trouble it with their unwanted marketing messages and spams.

(What always irritated me about junk fax was that it was *our* paper and *our* ink that was being used by the lowlife arsehats who sent them against *our* wishes). [Screenshot]

Continued : http://nakedsecurity.sophos.com/2013/04/25/new-incoming-fax-message-malware/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.