Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - February 12, 2015

Feb 12, 2015 5:25AM PST
Pwned in 7 seconds: Hackers use Flash and IE to target Forbes visitors

"Hacked Forbes site fed 0days to defense contractor and financial services workers."

Talk about determination. Hackers strung together zero-day vulnerabilities in Flash and Internet Explorer and then compromised Forbes.com so that the attacks would compromise financial services and defense contractor employees visiting the site, researchers said.

The November breach of Forbes compromised the Thought of the Day page that is displayed briefly upon visiting the site. The page downloaded attack code exploiting a vulnerability in what then was a fully updated version of Adobe Flash. To bypass Address Space Layout Randomization—a mechanism built into Flash and many other applications to make drive-by attacks harder—the Forbes page downloaded a second attack. The latter attack exploited a then-zero-day vulnerability in IE that allowed the Flash exploit to successfully pierce the exploit mitigation defense. From start to finish, the attack took about seven seconds.

Continued : http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/

Related:
Chinese Attackers Hacked Forbes Website in Watering Hole Attack: Security Firms
Forbes.com compromised by Chinese cyber spies targeting US firms
Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days

Discussion is locked

- Collapse -
Hacker kicks one bit XP to 10 Windows scroll goal
Feb 12, 2015 6:03AM PST

"Screwy GUI carried dead code for 15 YEARS"

The hacker, formerly chief of the electronic warfare unit for Israeli defence contractor Rafael, detailed how the local privilege escalation vulnerability (CVE-2015-0057) fixed in this week's Patch Tuesday update could grant attackers total control of machines.

"A threat actor that gains access to a Windows machine can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomisation," Yavo said.

"Interestingly, the exploit requires modifying only a single bit of the Windows operating system."

Continued : http://www.theregister.co.uk/2015/02/12/hacker_kicks_one_bit_xp_to_10_windows_scroll_goal/

Related:
Attackers can bypass Windows' protections by changing a single bit
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

- Collapse -
Microsoft Group Policy Vulnerability Affects All Windows
Feb 12, 2015 6:03AM PST
.. Computers

Enterprises that support remote workers need to prioritize a Microsoft security bulletin released yesterday that addresses a critical vulnerability in Group Policy.

The vulnerability exposes Windows machines, all the way back to Windows Server 2003, to man-in-the-middle attacks and remote code execution. Setting off more alarm bells was news that Microsoft was required to do some re-engineering of Windows components in order to rectify the situation, which was reported to Redmond 13 months ago.

JAS Global Advisors, a Chicago-based consultancy, found the bug while working on a project for ICANN looking into security issues surrounding the release of new generic Top Level Domains and Top Level Domains. The Group Policy issue was discovered during the research phase of this project, but is unrelated to new gTLDs or TLDs, the company said.

Continued : http://threatpost.com/microsoft-group-policy-vulnerability-affects-all-windows-computers/110990

Related : Critical vulnerability in Group Policy puts Windows computers at risk
- Collapse -
Jeb Bush dumps emails full of private data online
Feb 12, 2015 6:04AM PST

Jeb Bush, who might end up being a candidate in the next 2016 US presidential election, has made a clumsy misstep in his attempt to provide "transparency" into his two turns as governor of Florida: he published a huge batch of emails he received both from his constituents and other people without redacting sensitive information contained in them.

When the emails were initially made public on JebBushEmails.com, they were entirely unredacted, and personal information such as the senders' names, email addresses, home addresses, phone numbers, even social security numbers, healthcare and other sensitive information was there for anyone to find, collect, and potentially misuse.

Since this fact was discovered, researchers have been going through the email dump in search for sensitive information, and found plenty:

Continued :http://www.net-security.org/secworld.php?id=17941

Related: Addresses, SSNs, phone numbers released by former Gov. Jeb Bush in e-mail dump

- Collapse -
VirusTotal sets up huge AV whitelist to minimize false ..
Feb 12, 2015 6:04AM PST
.. positives

One of the worst things that can happen to a software developer, and especially if they are a small firm or a single individual, is for their program to be falsely detected as malicious by popular AV solutions.

But these false positives can also be an unwelcome hindrance to many others, as end-users begin to wonder whether they should continue using the program (or their security solution prevents them from doing so), IT support teams get flooded with users' requests saying there's a problem with the software, and AV makers' reputation takes a hit.

"Nowadays antivirus vendors are increasingly required to become more proactive, this includes developing generic signatures and heuristic flags, which very often leads to mistaken detections in an effort to have a more secure user-base," VirusTotal software engineer Emiliano Martinez explained the origin of the problem in a recent blog post, in which he also announced a new project that aims to minimize - if not remove altogether - this problem.

Continued : http://www.net-security.org/malware_news.php?id=2962

Related: VirusTotal wants YOU (but not you) to join its epic AV whitelist
- Collapse -
How a bug almost ate all of your Facebook photos
Feb 12, 2015 6:11AM PST

"Researcher reports he can delete photos from anybody's account, Facebook patches flaw, he collects $12,500 bounty"

A researcher found out how to delete anyone's Facebook pictures but rather than do it, reported the flaw to the company, which patched it and gave him a reward.

Laxman Muthiyah, a Web developer at the Indian movie site Behindwoods, says he used Facebook's mobile-access client and a developer's API to eliminate sample albums.

When he told Facebook about it Tuesday, they fixed the problem in about two hours, he says, and told him he was eligible to collect a $12,500 bug bounty.

Continued : http://www.itworld.com/article/2883131/how-a-bug-almost-ate-all-of-your-facebook-photos.html

Related: Facebook fixes security flaw that allowed "any" photo to be deleted

- Collapse -
New Malware Too Often Escapes Antivirus Detection
Feb 12, 2015 6:11AM PST

Damballa's Q4 2014 State of Infections Report, released on Feb. 12, reveals that antivirus (AV) technology doesn't always detect new malware.

As part of the report, Damballa conducted a study that included four of the most popular AV technologies to determine product efficacy. In the first hour of submission, 70 percent of malware was not detected by the AV technologies, and after 24 hours, 66 percent of malware was still not being detected by AV. The study found that it took more than six months for all of the AV products to include signatures for 100 percent of newly detected malware files.

Damballa's CTO Brian Foster said that his company will not publicly name the AV vendors whose technologies it tested, though he added that the vendors are widely known and have commonly deployed AV products.

Continued : http://www.eweek.com/security/new-malware-too-often-escapes-antivirus-detection.html

- Collapse -
Amazon "Notice: Ticket Number" Phish Seeks Card Details
Feb 12, 2015 6:11AM PST

"Malwarebytes Unpacked" Blog:

Phishy goings on as a fake Amazon support mail asks potential victims for address info and payment details. There are enough clues that something might not be right, and we take closer look at what the scammers are up to.

We see fake Amazon emails every now and again, and below you can see the most recent addition to our spamtraps.

The email subject line suggests support tickets and urgent action required:

Notice: Ticket Number PIA-9U3C-A1P4-3R2-5R18225A

Things go slightly off the rails after that, because the phish has been sent from an email address claiming to be customer support but not quite getting it right:

Costumer Support.Amazon

Well, that didn't get off to a great start. On the other hand, anybody recently purchasing novelty clown costumes might be a little more likely to fall for this. [Screenshot]

Continued : https://blog.malwarebytes.org/fraud-scam/2015/02/amazon-notice-ticket-number-phish-seeks-card-details/

- Collapse -
OpinionSpy Rears its Ugly Head on Macs Once Again
Feb 12, 2015 6:13AM PST

The Mac Security Blog:

Almost five years ago, Intego security researchers warned about the OSX/OpinionSpy spyware infecting Mac computers, downloaded during the installation of innocent-sounding applications and screensavers distributed via well-known sites such as MacUpdate and VersionTracker.

Once compromised, infected Macs could leak data and open a backdoor for further abuse.

Now, sadly, a variant of OpinionSpy seems to be making something of a comeback.

Continued : http://www.intego.com/mac-security-blog/opinionspy-rears-its-ugly-head-on-macs-once-again/

- Collapse -
Facebook Unveils ThreatExchange Platform
Feb 12, 2015 6:30AM PST

Facebook has unveiled a data exchange platform to help researchers and professionals share the latest cyber threat information with each other.

The idea of the ThreatExchange platform is to help security professionals exchange information so they can deal with the growing number of worldwide cyberthreats.

ThreatExchange Platform

The new platform (currently in beta) was revealed by Mark Hammell, Facebook's manager of threat infrastructure, in a blog posting.

Continued : http://www.techweekeurope.co.uk/security/cyberwar/facebook-threatexchange-161848

Related:
Facebook unveils platform for exchanging security threat information
Facebook: Hey guys, come share all your securo-blunders with us!
Facebook ThreatExchange beefs up cybersecurity fight

- Collapse -
Popular Android Dating Apps Put Corporate Data at Risk : IBM
Feb 12, 2015 7:26AM PST

IBM's Application Security Research team has conducted a study of 41 popular dating applications for Android and determined that more than 60 percent of them are potentially vulnerable to cyberattacks.

A study conducted by Pew Research in 2013 showed that roughly one in 10 Americans used online dating websites or mobile dating applications. This indicates that many people might put their personal details at risk by using such apps. Also concerning is the fact that 50% of the enterprises analyzed by IBM have employees that installed dating apps on mobile devices used to access business data.

IBM researchers determined that 26 of the 41 Android dating apps downloaded from Google Play in October 2014 had been plagued by medium or high severity potential vulnerabilities. It's worth pointing out that the security issues have been identified using IBM's AppScan Mobile Analyzer tool.

Continued : http://www.securityweek.com/popular-android-dating-apps-put-corporate-data-risk-ibm

Related:
Valentines Day: Dates and data stealing on BYOD phones
IBM: Some Dating Apps Are Perfect Match for Hackers