NEWS - August 30, 2012

"Admin and user accounts from websites breached and posted online"

A hacker gang claims to have leaked more than a million user accounts from some 100 websites worldwide, and its weapon of choice appears to mainly be good ol' SQL injection.

The GhostShell gang on Saturday posted online what it claims are accounts and records from various financial services, consulting firms, academia, law enforcement, and the CIA. "Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the post said in part. "One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It's only the beginning."

Researchers at Imperva say the attackers appear to have employed mostly SQL injection, but also exploited weak passwords and vulnerable content management systems. The attackers used the popular SQLmap tool, and some of the hacked databases included more than 30,000 records.

Continued : http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240006425/ghostshell-haunts-websites-with-sql-injection.html

Also:
'Team GhostShell' hackers use SQL weakness to raid 100 websites
Hacktivists Continue To Own Systems Through SQL Injection

From McAfee Labs Blog:

Malware authors are fond of using social networking sites to spread their well crafted malwares. We have recently discovered a botnet malware that receives commands from a remote attacker and spreads through different messengers to reach a victim's machine.

These bots mostly come with the filename Picturexx.JPG_www.facebook.com.
This malware is designed to post a download URL in chat windows of different messengers including ICQ, Skype, GTalk, Pidgin, MSN, YIM, and Facebook's web chat.

Infection Vector

The victim sees a chat window from an unknown contact with a link promising some interesting video. This is a typical trick used by malware authors. When the user clicks the link, malware gets downloaded to the machine, and infects it. [Screenshot]

The chat window that appears to victims looks very real. [Screenshot]

Continued : http://blogs.mcafee.com/mcafee-labs/facebook-bot-spreads-through-chat-messengers

Boasting a new silent updater and an optimized memory management system, Mozilla pushed out Firefox 15 this week, the latest build of its flagship browser. Following similar steps taken by Adobe and Google with its Flash, Reader and Chrome products, Firefox's new updater will now perform updates in the background, saving users from those pesky, sometimes intrusive notifications.

Mozilla debuted a silent update mechanism for the browser in April when it released version 12 of Firefox. While that method allowed Firefox to update while the browser was running, installing that version, during its next restart, would take slightly longer. Firefox 15's background updates are different than silent updates in the sense that when an update is installed in the background, the browser will take the same amount of time to start up as it usually would.

Firefox's new memory management system should help prevent add-ons from hogging memory after a user has already closed a browser tab. The new mechanism apparently notices when extra versions of websites no longer need to be held onto and recaptures the leaked memory, according to Asa Dotzler, Mozilla's Product Manager for Firefox, in a blog post detailing the new system.

"Many users should experience greatly reduced memory consumption, particularly on long browsing sessions," wrote Nicholas Nethercote, a Firefox developer who previewed the functionality in a blog post last month.

Continued : https://threatpost.com/en_us/blogs/mozilla-releases-firefox-15-new-invisible-updater-083012

Firefox 15 related:
Firefox 15 arrives, supports compressed textures for impressive 3D gaming
Firefox and Thunderbird 15 fix several security vulnerabilities

The number of data breaches reported to the Information Commissioner's Office (ICO) has jumped by over 1000 percent in five years, according to data released after a Freedom of Information request.

Local government data breaches increased by 1,609 percent since 2007, whilst public sector organisations rose by 1,380 percent. The private sector saw a rise of 1,159 percent.

Central government breaches were up by 132 percent, said security company Imation, which requested the information. The number of overall breaches, including those that weren't reported, was likely to be considerably higher, said Nick Banks at Imation Mobile Security.

More than meets the eye?

"These figures from the ICO only cover self-reported data breaches, so we have to assume that the numbers of breaches in the real world are higher. Clearly it's impossible to speculate how many breaches are missing from these numbers, but one wonders how many breaches go unreported and are therefore missing from any official figures," Banks told TechWeekEurope.

Continued : http://www.techweekeurope.co.uk/news/uk-data-breach-1000-percent-five-years-90828

Also: UK data breaches up 1000% in five years

From Citizen Lab:

Download PDF version

This post describes our work analyzing several samples which appear to be mobile variants of the FinFisher Toolkit, and ongoing scanning we are performing that has identified more apparent FinFisher command and control servers.
Introduction

Earlier this year, Bahraini Human Rights activists were targeted by an email campaign that delivered a sophisticated Trojan. In From Bahrain with Love: FinFisher's Spy Kit Exposed? we characterized the malware, and suggested that it appeared to be FinSpy, part of the FinFisher commercial surveillance toolkit. Vernon Silver concurrently reported our findings in Bloomberg, providing background on the attack and the analysis, and highlighting links to FinFisher's parent company, Gamma International.

After these initial reports, Rapid7, a Boston-based security company, produced a follow-up analysis that identified apparent FinFisher Command and Control (C&C) servers on five continents. After the release of the Rapid7 report, Gamma International representatives spoke with Bloomberg and The New York Times' Bits Blog, and denied that the servers found in 10 countries were instances of their products.

Continued : https://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/

Security specialist Bitdefender is now offering its "Clueful" solution as a web application. Clueful uses a database of approximately 100,000 iOS apps to provide users with details about what private information is accessed by various iOS programs. For example, for each known app Clueful lists whether it accesses the user's Address Book, encrypts locally stored application data, or tries to track the user's location.

Bitdefender says that Apple removed the application, which previously was a paid product, from the iOS App Store in June, but hasn't given it a reason for doing so. A potential cause could have been that Clueful tried to auto-detect a user's installed iOS apps so it could then display information about them. In its announcement, the security firm says that it "continues to work with Apple" to bring its software back to the App Store.

Continued : http://www.h-online.com/security/news/item/iOS-privacy-app-returns-as-a-web-app-1695483.html

Also: Yanked iOS app Clueful is back as free Web software

A mystery virus has infected the network of Qatar's natural gas pumper RasGas, prompting bosses to pull the plug on the biz's internet connection. Office systems have been unusable since the malware struck on 27 August, according to local reports.

In a fax to suppliers, the company reportedly said: "RasGas is presently experiencing technical issues with its office computer systems. We will inform you when our system is back up and running."

The RasGas website, rasgas.com, remains unreachable at the time of writing on Thursday afternoon. A spokesman for the firm told Arabian Oil and Gas that the malware outbreak was not affecting gas extraction and processing.

The virus infection follows a strikingly similar attack against Saudi Aramco on 15 August, which hit 30,000 workstations and forced the world's largest oil company to suspend access to its internal and remote networks for 10 days. Oil production activities were not affected by that outbreak either.

Continued : http://www.theregister.co.uk/2012/08/30/rasgas_malware_outbreak/

Also: Gas Giant RasGas Downed By Virus

" The answers to questions meant to verify one's identity can now be found online using search engines or social networks, which means this measure should be augmented with other authentication tools. "

Questions used by service providers to authenticate users' identities can no longer be the only means of verification given that the answers can be easily found using search engines, social networking sites, or through spear phishing attacks. It should, instead, be part of a multi-level authentication strategy, observers say.

Joseph Steinberg, CEO of Green Armor Solutions, said today's climate of easy Internet access through mobile devices and the growing number of digital natives posting up personal information online, authentication questions for network and Web site access are no longer safe.

This is because information once deemed confidential, such as one's identity or social security number and a person's mother's maiden name, can now be found by simply doing a search on Google, Steinberg explained.

Social media platforms are also good hunting ground for cybercriminals looking to find users' personal details, he pointed out. For instance, LinkedIn is a good resource for those looking for answers to questions on a person's first job, the university they studied in, and even the city the university was based in. Facebook or Pinterest, on the other hand, could provide answers to a person's mother's maiden name, the city he grew up in, or his personal interests, he said.

Continued : http://www.zdnet.com/authentication-questions-alone-no-longer-safe-7000003399/