17 total posts
Simple Hack Threatens Outdated Joomla Sites
If you run a site powered by the Joomla content management system and haven't yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors.
The patch released on July 31, 2013 applies to Joomla 2.5.13 and earlier 2.5.x versions, as well as Joomla 3.1.4 and earlier 3.x versions. Joomla credits discovery of the bug to Web security firm Versafe, which says a simple exploit targeting the vulnerability is already in use. Joomla versions 2.5.14 and 3.1.5. fix a serious bug that allows unprivileged users to upload arbitrary .PHP files just by adding a "." (period) to the end of PHP filenames.
For 2.5.x and 3.x versions of Joomla, it is possible for anyone with access to the media manager to upload and execute arbitrary code simply by appending a period to the end of the file name they would like to run. For sites powered by unsupported versions of Joomla (1.5.x, and a cursory Google search indicates that there are tens of thousands of these 1.5.x sites currently online), attackers do not even need to have an account on the Joomla server for this hack to work.
Continued : http://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-sites/
Do You Own A Website? Now Would Be A Good Time to Patch It
"Malwarebytes Unpacked" Blog:
If you run your own website - but not Blogger and other free ones - chances are it is powered by one of the two most common Content Management Systems (CMS) on the planet: WordPress and Joomla!.
There are very active campaigns making the rounds right now targeting these two platforms. A botnet comprised of nearly 25,000 infected computers is attacking login pages by performing 'brute-force attacks'.
The Fort Disco botnet tries tens of thousands username/password combinations until a match is found. Once logged in, the bad guys use your website to host phishing, spam or even malware.
At the same time, a critical security flaw has been discovered in Joomla! where an attacker could easily upload a backdoor by simply adding a '.' at the end of the file name.
Continued : http://blog.malwarebytes.org/intelligence/2013/08/do-you-own-a-website-now-would-be-a-good-time-to-patch-it/#
Adoption of antivirus software on mobile devices remains low
Consumer adoption and willingness to pay for antivirus software on mobile devices is low, according to Gartner. Gartner believes that high consumer use of personal mobile devices for work purposes means security providers have an opportunity to assist enterprise BYOD initiatives.
"The use of personal devices at work matches high-enterprise demand for solutions to the BYOD security problem," said Ruggero Contu, research director at Gartner. "This presents providers of both consumer and enterprise endpoint security products with an opportunity to enforce security to private devices and potentially expand their footprint into the consumer space. Consequently, product managers at consumer security providers need to adopt strategies that allow consumer security use on personal devices in the enterprise workplace."
Also: Consumers still reluctant to spend on mobile security, says Gartner
Cybercriminals "saving up" wave of Windows XP attacks for..
... when Microsoft stops support
ESET's "We Live Security" Blog:
Cybercriminals will unleash a wave of "zero-day" vulnerabilities to attack Windows XP machines after April 8, 2014, a security expert has claimed. Microsoft will stop releasing security updates for the OS on that date.
Criminals will "sit on" such vulnerabilities until that date to make more money from their exploits, according to Jason Fossen of security training company SANS.
At present, vulnerabilities are patched by Microsoft. After April, only companies paying for custom support will be protected - and up to a third of organizations are expected to still use Windows XP machines.
"The average price on the black market for a Windows XP exploit is $50,000 to $150,000 - a relatively low price that reflects Microsoft's response," said Fossen, speaking to ComputerWorld.
Continued : http://www.welivesecurity.com/2013/08/13/cybercriminals-saving-up-wave-of-windows-xp-attacks-for-when-microsoft-stops-support/
Dalai Lama's Website Hacked And It's Infecting Computers
Expert: Dalai Lama's Website Has Been Hacked And It's Infecting People's Computers
A prominent computer security firm has warned that the Dalai Lama's Chinese-language website has been compromised with malicious software that is infecting computers of visitors with software that could be used for spying on its visitors.
Kaspersky Lab researcher Kurt Baumgartner told Reuters that he is advising web surfers to stay away from the Chinese-language site of the Central Tibetan Administration's site until the organization fixes the bug.
He said he believes the group behind the campaign was also behind previous breaches on the site that have gone unreported as well as attacks on websites belonging to groups that focus on human rights in Asia.
Continued : http://www.businessinsider.com/dalai-lamas-website-hacked-2013-8
@ Kaspersky Labs: Watering-Hole Attack Compromises Key Tibetan Site
New York Times attackers use updated Trojans in new campaign
The Chinese group blamed for an infamous attack on the New York Times last January appears to be on the move again using updated versions of its two favourite Trojan families, researchers at FireEye have reported.
In May, the firm noticed that two important backdoors, APT.Aumlib and APT.Ixeshe had been updated, the first of which had not received modification since May 2011, the latter since December 2011.
As their APT (Advanced Persistent Threat) monikers imply, these are pieces of malware used to compromise targets before further payloads are called. They are specially written to attack specific organisations and are the frontline of what might politely be called state-sponsored malware, in this case of Chinese origin.
Continued : http://news.techworld.com/security/3463403/new-york-times-attackers-use-updated-trojans-in-new-campaign/
Related: They're ba-ack: Hacker gang that infiltrated NYT for months returns
Crypto experts blast German e-mail providers' "secure data..
.. "secure data storage" claim
GPG developer calls move a "great marketing stunt at exactly the right time."In the wake of the shutdown of two secure e-mail providers in the United States, three major German e-mail providers have banded together to say that they're stepping forward to fill the gap. There's just one problem: the three companies only provide security for e-mail in transit (in the form of SMTP TLS) and not actual secure data storage.
GMX, T-Online (a division of Deutsche Telekom), and Web.de - which serve two-thirds of German e-mail users - announced on Friday that data would be stored in Germany and the initiative would "automatically encrypt data over all transmission paths and offer peace of mind that data are handled in compliance with German data privacy laws." Starting immediately, users who use these e-mail services in-browser will have SMTP TLS enabled, and starting next year, these three e-mail providers will refuse to send all e-mails that do not have it enabled.
"Germans are deeply unsettled by the latest reports on the potential interception of communication data," said Rene Obermann, CEO of Deutsche Telekom, in a statement. "Our initiative is designed to counteract this concern and make e-mail communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity."
Kevin Bacon has his Twitter hacked - 6 degrees leads to ..
.. something phishy
Online criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star's hundreds of thousands of followers.
Bacon, who is probably almost as well known for the "Six degrees of Kevin Bacon" trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.
Did anyone see this? She is way too young for that - [Screenshot]
If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit. do (not to be confused with bit. ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page. [Screenshot]
Continued : http://grahamcluley.com/2013/08/kevin-bacon-twitter-hack/
Google Announces Big Increase For Bug Bounty Rewards
Google has yet again stepped its vulnerability hunting game up, saying bug bounty rewards will be increased by as much as five times.
The tech titan also revealed it has now handed out more than $2 million (£1.3m) in bug bounties, across its Chromium, Google Web and Pwnium rewards.
Bug bounty boost
"Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a 5x increase in reward level! We'll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity," said Google's "masters of coin" and security rewards leads Chris Evans and Adam Mein.
Continued : http://www.techweekeurope.co.uk/news/google-bug-bounty-boost-124579
After Paying $2M in Rewards, Google Multiplies Some Bug Bounties Five Times
Google Celebrates $2 Million in Bug Rewards, Increases Bounty for Chromium Flaws
Google bumps up security bounties for Chromium
Android antivirus products compared
"[UPDATED] Independent test lab AV-Test compared 30 Android antivirus products. There are some winners and some serious failures. But do you really need any of them?"
Independent test lab AV-Test has completed a comparison of 30 antivirus products for Android. The comparison included:
[List of 30 Antivirus Products]
All 30 products were tested in July, 2013 on Android 4.2.2. The products scanned 1972 malware samples. 7 of the products detected 100% of the samples. 16 more detected 98% or better. The real problems came for these products:
• AegisLab Antivirus Premium 63.6%
• Bornaria Mobile Security 84.6%
• SPAMfighter VIRUSfighter Android 68.0%
• Zoner Mobile Security 63.6%
The average detection rate for all products was 95.2% and the median was 99.2%
AV-Test checked for 3 broadly-defined performance metrics:
1 - The app does not impact the battery life
2 - The app does not slow down the device during normal usage
3 - The app does not generate too much traffic
Continued : http://www.zdnet.com/android-antivirus-comparison-review-malware-symantec-mcafee-kaspersky-sophos-norton-7000019189/
New Mobile Malware Taps Ad Networks To Spread
It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices.
Palo Alto described the new, malicious mobile software, dubbed "Dplug," in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according to Wade Williamson, a senior security researcher at Palo Alto.
Continued : https://securityledger.com/2013/08/new-mobile-malware-taps-ad-networks-to-spread/
Russian Site Serves Fake Talking Tom Cat Game
ThreatTrack Security Labs:
One of our threat researchers in the AV Labs found the dubious Russian website, game-talking-tom-cat(dot)ru, serving up fake Talking Tom Cat games for mobile devices that were purported to run on Android, Java and Symbian.
Outfit7, the Cyprus-based mobile application maker of the Talking Friends collection of mobile apps, released Talking Tom Cat in 2010. This app is capable of repeating words users say to the cat. Users can also interact with the character: stroking the touch screen of the mobile device strokes the cat's head and tapping heavily on the screen knocks back the cat.
Talking Tom Cat is a free game app and can also be downloaded from third-party app sites, such as Softonic. However, we advise you, dear Reader, not to visit nor click links related to game-talking-tom-cat(dot)ru, as this is one supposed site we don't want you going to. [Screenshot]
Note that the links to the fake site above all direct to various Google Docs pages where the supposed files were made available for download: [Screenshot]
Continued : http://www.threattracksecurity.com/it-blog/russian-site-serves-fake-talking-tom-cat-game/
Report: Google Play Store Infested With Adware
"In study of 8,000 apps on Google Play, nearly 2,000 are flagged as adware, ZScaler says"
The Google Play market, where most Android users go to safely download applications, is infested with adware, according to a study published last week.
In a blog posted Thursday, Zscaler posted the results of a study of 8,000 applications offered on Google Play. Of those 8,000 apps, more than 1,845 were flagged as adware, the blog states.
"This is a big number," the blog states. "Most of the applications were flagged by AV vendors due to their excessive inclusion of ads and deceptive practices for delivering them, including altering device settings."
The Zscaler blog suggests that there is a growing gap between Google's willingness to accept new applications that permit aggressive advertising techniques, and antivirus applications, which increasingly block applications that use such aggressive techniques.
"Ultimately, end users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged," the blog says.
Continued : http://www.darkreading.com/endpoint/report-google-play-store-infested-with-a/240159815
Related: Is it Adware? Antivirus Vendors Say Yes, Google Says No
"LNK" Attacks are Back Again
Symantec Security Response Blog:
Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well.
The target of the link is disguised to make it look like it is linking to a text file, tricking the user into opening it, unaware that they are not opening a text file. [Screenshot: Details of LNK file made to look like a link to a text file]
Under more careful examination, by scrolling to the left of the text box, you can see the malicious scripts that will actually be executed if you open this link. [Screenshot: True destination of link file]
The lesson here is to check carefully to see where link files actually point to before opening them.
After the link file is opened, a series of events happen involving the download and execution of various script files. This process ends with the display of a bogus error message followed by a back door being opened to a remote command-and-control (C&C) server, which will allow the remote attacker to perform numerous activities on the compromised computer.
Continued : http://www.symantec.com/connect/blogs/lnk-attacks-are-back-again