Spyware, Viruses, & Security forum


NEWS - December 09, 2014

by Carol~ Moderator / December 9, 2014 12:47 AM PST
Meaner POODLE bug that bypasses TLS crypto bites 10 percent of websites

Some of the world's leading websites—including those owned or operated by Bank of America, VMware, the US Department of Veteran's Affairs, and business consultancy Accenture—are vulnerable to simple attacks that bypass the transport layer security encryption designed to thwart eavesdroppers and spoofers.

The attacks are a variation on the so-called POODLE exploits disclosed two months ago against secure sockets layer (SSL), an encryption protocol similar to transport layer security (TLS). Short for "Padding Oracle On Downgraded Legacy Encryption," POODLE allowed attackers monitoring Wi-Fi hotspots and other unsecured Internet connections to decrypt HTTPS traffic encrypted by the ancient SSL version 3. Browser makers quickly responded by limiting or eliminating use of SSLv3, a move that appears to have averted widespread exploitation of the bug.

On Monday, word emerged that there's a variation on the POODLE attack that works against widely used implementations of TLS. At the time this post was being prepared, SSL Server Test, a free service provided by security firm Qualys, showed that some of the Internet's top websites—again, a list including Bank of America, VMware, the US Department of Veteran's Affairs, and Accenture—are susceptible. The vulnerability was serious enough to earn all sites found to be affected a failing grade by the Qualys service. [Screenshot]

Continued : http://arstechnica.com/security/2014/12/meaner-poodle-bug-that-bypasses-tls-crypto-bites-10-percent-of-websites/

POODLE attack now targeting TLS
POODLE not fixed? Some TLS systems vulnerable
Researchers Say POODLE Attack Affects Some TLS Implementations
Discussion is locked
You are posting a reply to: NEWS - December 09, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 09, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sony hack: Employees get threatening emails
by Carol~ Moderator / December 9, 2014 12:56 AM PST

Employees of Sony Pictures Entertainment have received a bizarre email purportedly sent by the hackers who took down the company's network and systems.

In broken English, the sender claims to be the head of the hacker group, that the Sony Pictures attack was just a small part of the group's plans, and that the company clinging "to what is good to nobody" is the reason why the attack continues.

"Please sign your name to object the false of the company at the email address below if you don't want to suffer damage. If you don't, not only you but your family will be in danger," the sender threatened. "Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely."

Continued : http://www.net-security.org/secworld.php?id=17732

Related: Hackers send e-mail to Sony employees threatening their families

Collapse -
The 'Penquin' Turla
by Carol~ Moderator / December 9, 2014 12:57 AM PST

Kaspersky Labs Blog:

"A Turla/Snake/Uroburos Malware for Linux"

Recently, an interesting malicious sample was uploaded to a multi-scanner service. This immediately triggered our interest because it appears to represent a previously unknown piece of a larger puzzle. That puzzle is "Turla", one of the most complex APTs in the world.

We have written previously about the Turla APT with posts about their Epic Turla operations and Agent.btz inspiration . So far, every single Turla sample we've encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that it's the first Turla sample targeting the Linux operating system that we have discovered.

Continued : https://securelist.com/blog/research/67962/the-penquin-turla-2/

Powerful, highly stealthy Linux trojan may have infected victims for years
Linux Modules Connected to Turla APT Discovered
Two stealthy Linux malware samples uncovered, following in Windows variants' tracks

Collapse -
Toward a Breach Canary for Data Brokers
by Carol~ Moderator / December 9, 2014 12:57 AM PST

When a retailer's credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we'll examine one idea to hold consumer data brokers more accountable.

Some of the biggest retail credit card breaches of the past year — including the break-ins at Target and Home Depot — were detected by banks well before news of the incidents went public. When cards stolen from those merchants go up for sale on underground cybercrime shops, the banks often can figure out which merchant got hacked by acquiring a handful of their cards and analyzing the customer purchase history of those accounts. The merchant that is common to all stolen cards across a given transaction period is usually the breached retailer.

Continued : http://krebsonsecurity.com/2014/12/toward-a-breach-canary-for-data-brokers/

Collapse -
Several Vulnerabilities Found in Google App Engine
by Carol~ Moderator / December 9, 2014 1:19 AM PST

A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox.

The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine, some of which allow code execution and sandbox escapes. The Google App Engine is a platform that enables customers to run their own apps on Google's massive cloud infrastructure. The platform allows users to run apps built in a variety of languages, including Python and Java, and frees customers from having to deal with server maintenance and other details.

In an advisory posted to Full Disclosure, Adam Gowdiak from Security Explorations listed several of the issues the company found in GAE:

Continued : http://threatpost.com/several-vulnerabilities-found-in-google-app-engine/109749

Related : Google App Engine has THIRTY flaws, says researcher

Collapse -
AliExpress patches account mass harvesting flaw
by Carol~ Moderator / December 9, 2014 1:20 AM PST


Global threads bazaar AliExpress, an offshoot of global tat bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users' personal details including names, shipping addresses and phone numbers.

The insecure direct object reference vulnerability reported by an unnamed researcher affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that's the most visited e-commerce site in Russia.

Security researcher Amitay Dan demonstrated the flaw to news site The Hacker News, noting that attackers could harvest personal data en masse using a script to pull the 'mailingAddress.htm' page for numbers between 1 to 99,999,999,999 under the 'mailingAddressId' value.

Continued : http://www.theregister.co.uk/2014/12/09/aliexpress_patches_mass_account_harvesting_flaw/

Related: Info of millions of AliExpress customers could have been harvested due to site flaw

Collapse -
Unencrypted Data Lets Thieves 'Charge Anywhere'
by Carol~ Moderator / December 9, 2014 3:57 AM PST
Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014.

In a statement released today, the South Plainfield, N.J. electronic payment provider said it launched investigation after receiving complaints about fraudulent charges on cards that had been legitimately used at certain merchants. The information stolen includes the customer name, card number, expiration date and verification code.

"The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic," the company explained. "Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests."

Continued : http://krebsonsecurity.com/2014/12/unencrypted-data-lets-thieves-charge-anywhere/
Collapse -
Adobe Patches Flash Player Vulnerability Under Attack
by Carol~ Moderator / December 9, 2014 4:27 AM PST

As expected, Adobe today patched a vulnerability in Adobe Reader disclosed last week by Google's Project Zero. What was unexpected was a Flash Player update that includes a patch for a vulnerability being exploited in the wild, Adobe said.

Adobe had announced last Thursday in its pre-notification advisory that it would be issuing a security update for Adobe Reader and Acrobat, but no mention of the Flash update was made. Adobe has been busy shoring up Flash Player security with two updates in November, including an out-of-band emergency fix for a remote code execution vulnerability already included in a number of popular exploit kits. Earlier in November, Adobe patched 18 vulnerabilities in Flash Player as part of its regular update cycle.

Continued : http://threatpost.com/adobe-patches-flash-player-vulnerability-under-attack/109773

Adobe fixes Flash zero day, plus bugs in Acrobat, Reader and ColdFusion
Adobe release addresses Flash Player bug being actively targeted, includes other critical fixes

See : Security Updates for Adobe Reader | Acrobat (APSB14-28)

Collapse -
Hackers Grab Yahoo Credentials through Mail Activity Reports
by Carol~ Moderator / December 9, 2014 5:39 AM PST

Bitdefender's "HOT for Security" Blog:

Yahoo users are being targeted by a new phishing campaign that helps hackers grab their credentials and hijack accounts. Bitdefender was already blocking the malicious URLs spreading in inboxes worldwide.

The phishing campaign starts with messages that bypass the e-mail provider's antispam filters, reaching the Inbox folder. The e-mails pose as "mail activity reports" and copy Yahoo's email format to look legitimate. [Screenshot [...]

"Dear Yahoo User, your recent messages are pending, because your storage limit has surpassed," phishing messages read. "You need to upgrade mail storage (For free). To restore normal message delivery. Use this link to upgrade_quota."

Continued : http://www.hotforsecurity.com/blog/hackers-grab-yahoo-credentials-through-mail-activity-reports-campaign-10959.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?