Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - December 05, 2014

Dec 5, 2014 2:21AM PST
DeathRing: Pre-loaded malware hits smartphones for the second time in 2014

When you walk out of a retailer with a shiny new phone, you trust that it's clean and safe to use. But this might not always be the case, as evidenced by the latest pre-loaded malware Lookout identified called DeathRing.

DeathRing is a Chinese Trojan that is pre-installed on a number of smartphones most popular in Asian and African countries. Detection volumes are moderate, though we consider this a concerning threat given its pre-loaded nature and the fact that we are actively seeing detections of it around the world.

What does it do?

The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim's phone. It can then use this content for malicious means.

Continued : https://blog.lookout.com/blog/2014/12/04/deathring/

Discussion is locked

- Collapse -
Bebe Stores Confirms Credit Card Breach
Dec 5, 2014 3:08AM PST

In a statement released this morning, women's clothier chain bebe stores inc. confirmed news first reported on this blog Thursday: That hackers had stolen customer card data from stores across the country in a breach that persisted for several weeks last month.

Bebe stores said its investigation indicates that the breach impacted payment cards swiped in its U.S., Puerto Rico and U.S. Virgin Islands stores between Nov. 8, 2014 and Nov. 26, 2014. The data may have included cardholder name, account number, expiration date, and verification code.

The company emphasized that purchases made though its web site, mobile site/application, or in Canada or other international stores were not affected, and that customers should feel confident in continuing to use their payment cards in bebe stores.

Continued : http://krebsonsecurity.com/2014/12/bebe-stores-confirms-credit-card-breach/

Related:
Banks: Credit Card Breach at Bebe Stores
Bebe Stores latest victim of a payment card breach

- Collapse -
Version of malware that took out Sony Pictures seen ..
Dec 5, 2014 3:35AM PST
.. "in wild" in July

"And Sony e-mail server names, IP addresses were hard-coded into November malware."

While the malware that took down computers at Sony Pictures last week was compiled just days before it was triggered, an earlier version of the code used to unleash the destructive attack may have been in use much earlier within Sony's network. Malware with the same cryptographic signature and filename as the "Destover" malware was spotted by the security firm Packet Ninjas in July.

That malware communicated with one of the same IP addresses and domain names as the final "Destover" malware: a server at Thammasat University in Bangkok, Thailand. The malware, which was found in a Cisco Partner ThreatGrid repository, also communicated with a network address assigned to a New York business customer of TimeWarner Cable.

Continued : http://arstechnica.com/security/2014/12/version-of-malware-that-took-out-sony-pictures-seen-in-wild-in-july/

Sony-related:
Sony Pictures malware tied to Seoul, "Shamoon" cyber-attacks
Researchers analyze destructive malware used in Sony hack
Sony hack: Lousy security, customized malware linked to previous attacks
- Collapse -
VMware warns of vCenter cross-site-scripting bug
Dec 5, 2014 3:36AM PST

It's Friday! By later this afternoon you'll be working at half-pace and contemplating weekend fun.

Unless you run VMware's vCenter control freak, because Virtzilla has just revealed a nasty cross-site scripting flaw in the product.

"VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page while they are logged in into vCenter," says VMware's advisory, issued late on Thursday US time.

Another newly-identified issue, one of six revealed here, means "vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host." That makes Man-in-the-middle attacks against the CIM service possible.

Continued : http://www.theregister.co.uk/2014/12/05/vmware_warns_of_vcenter_crosssitescripting_bug/

Related: VMware Fixes Several Vulnerabilities in vSphere Platform

- Collapse -
Adobe Reader, Acrobat Update to Patch Sandbox Escape
Dec 5, 2014 3:36AM PST

Adobe is expected to update its Reader and Acrobat software next Tuesday as part of its scheduled security updates, and the updates will, according to an Adobe spokesperson, include patches for a Reader vulnerability disclosed this week by Google's Project Zero.

Researcher James Forshaw, a well-known bug-hunter and Project Zero member, went public with details of a sandbox escape vulnerability in Reader as well as exploit code.

Per its policy, Google's security research team discloses vulnerability details 90 days after it shares those details with the vendor in question. In this case, the vulnerability was partially addressed earlier by Adobe after it was reported in August. Adobe tweaked Reader in order to make exploiting the vulnerability much more difficult. The flaw, however, had not been patched.

Continued: http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox-escape/

See : Prenotification Security Advisory for Adobe Reader | Acrobat

- Collapse -
All PayPal accounts were 1 click away from hijacking
Dec 5, 2014 3:40AM PST

Until Egyptian cyber-security researcher Yasser Ali found it and reported it to PayPal, there was a security hole that meant 150 million-plus customers were one measly click away from account hijacking.

Ali said in a blog post that the "critical vulnerability" meant an attacker could hijack any PayPal user account and have their way with it, including but not limited to the ability to: [...]

In other words, an attacker could have picked an account, exploited the hole, and gone on to install their own contact details and to switch the billing, shipping address and payment methods as they liked.

Ali also showed how it's done in this proof of concept video.

Continued : https://nakedsecurity.sophos.com/2014/12/05/all-paypal-accounts-were-1-click-away-from-hijacking/

- Collapse -
Monitor App on Google Play Sends GPS Location
Dec 5, 2014 4:10AM PST

"Malwarebytes Unpacked" Blog:

There's a monitor app available on the Google Play store which sends location coordinates through text message.

Although monitor apps like these can be convenient if all parties involved are fully aware and willing, they can also present a risk of being used maliciously to track unsuspecting victims.

The app is Location Tracker, and the description on its Google Play site tells all. [Screenshot]

Continued : https://blog.malwarebytes.org/mobile-2/2014/12/monitor-app-on-google-play-sends-gps-location/

- Collapse -
'SpoofedMe' attacks exploited LinkedIn, Amazon social login
Dec 5, 2014 4:10AM PST

"IBM found several problems in how login credentials can be used for other websites"

IBM's X Force security researchers found an easy way to gain access to Web accounts by taking an advantage of an oversight in how some social login services are configured.

Those services allow someone to login to a Web service using, for example, their LinkedIn credentials. It's a convenient way for users to create new accounts on websites by using existing information.

But in one instance, the researchers found they could gain control of accounts at Slashdot.org, Nasdaq.com, Crowdfunder.com and others by abusing LinkedIn's social login mechanism.

Continued : http://news.techworld.com/social-media/3589880/spoofedme-attacks-exploited-linkedin-amazon-social-login-flaws/

- Collapse -
Twitter Makes Reporting Abusive Tweets Easier
Dec 5, 2014 4:48AM PST

Twitter will improve its reporting process to help users block inappropriate content, the company announced in a blog post.

Changes include under-the-hood improvements to the tools used to review reported Tweets and accounts.

"Everything that happens in the world, happens on Twitter - to the tune of more than 500 million Tweets every day. That can sometimes include content that violates our rules around harassment and abuse and we want to make it easier to report such content," said Shreyas Doshi, Director of Product Management and User Safety.

Continued : http://www.hotforsecurity.com/blog/twitter-makes-reporting-abusive-tweets-easier-10919.html

Related: Twitter rolls out new anti-trolling tools, promises quicker abuse investigation

- Collapse -
Banks Get Green Light in Target Breach Suits
Dec 5, 2014 4:48AM PST

A Minnesota District Court ruling this week related to the 2013 Target data breach has opened the door for banks to pursue damages from retailers victimized by a data breach.

Judge Paul A. Magnuson ruled that Target was negligent in ignoring and, in some cases, turning off security features that the court said would have stopped the 2013 holiday shopping season breach. In a 16-page explanation (pdf), Magnuson concluded that financial institutions pursuing compensation from Target in court can continue with class-action lawsuits.

"This opens the door to a legal precedent that if you get breached, you're now automatically responsible for all the bank costs they can think of," said Gartner vice president and distinguished analyst Avivah Litan. "Now what governs rules of liability are Visa and Master Card rules, and those are not law, they're rules of the card brands. Now, those rules are becoming law."

Continued : http://threatpost.com/banks-get-green-light-in-target-breach-suits/109747

- Collapse -
Treasury Dept: Tor a Big Source of Bank Fraud
Dec 5, 2014 4:54AM PST

A new report from the U.S. Treasury Department found that a majority of bank account takeovers by cyberthieves over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through Tor, a global communications network that helps users maintain anonymity by obfuscating their true location online.

The findings come in a non-public report obtained by KrebsOnSecurity that was produced by the Financial Crimes Enforcement Network (FinCEN), a Treasury Department bureau responsible for collecting and analyzing data about financial transactions to combat domestic and international money laundering, terrorist financing and other financial crimes.

In the report, released on Dec. 2, 2014, FinCEN said it examined some 6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014, searching the reports for those involving one of more than 6,000 known Tor network nodes. Investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity.

Continued : http://krebsonsecurity.com/2014/12/treasury-dept-tor-a-big-source-of-bank-fraud/