Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - February 13, 2013

by Carol~ Feb 13, 2013 12:47AM PST
Zero-day attack exploits latest version of Adobe Reader

"Adobe says it's investigating reports attacks are able to pierce a key defense."

A previously undocumented flaw in the latest version of Adobe Systems' ubiquitous Reader application is being exploited in online hacks that allow attackers to surreptitiously install malware on end-user computers, a security firm said.

The attacks, according to researchers from security firm FireEye, work against Reader 11.0.1 and earlier versions and are actively being exploited in the wild. If true, the attacks are notable because they pierce security defenses Adobe engineers designed to make malware attacks harder to carry out. Adobe officials said they're investigating the report.

"Upon successful exploitation, it will drop two DLLs," FireEye researchers Yichong Lin, Thoufique Haq, and James Bennett wrote of the online attacks they witnessed. "The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain." DLL is shorthand for a file that works with the Microsoft Windows dynamic link library.

Continued : http://arstechnica.com/security/2013/02/zero-day-attack-exploits-latest-version-of-adobe-reader/

Also:
Adobe Reader zero-day exploit spotted in the wild
FireEye Researchers Discover PDF Zero-day Used In Active Attacks
Zero-day vulnerability in Adobe Reader

Discussion is locked

8 Posts
- Collapse + Expand Details
- Collapse -
Jawbone accounts compromised by hackers - personal info..
by Carol~ Feb 13, 2013 2:23AM PST
Jawbone accounts compromised by hackers - personal info accessed, passwords disabled

Jawbone, makers of Bluetooth headsets, fitness bracelets, and neat Jambox portable speakers, has warned that hackers managed to break into its systems, and accessed the names, email addresses and encrypted passwords of users.

In an email sent to affected users, Jawbone explained that the hack affected an unspecified number of customers who had registered a MyTALK account (used to customise devices and receive firmware updates). [Screenshot]

Jawbone said it had disabled the MyTALK passwords of affected customers, and was keen to emphasise that it did not have any evidence that the hackers had abused the stolen information:

"..we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account."

What remains a mystery, however, is how many Jawbone customers were impacted and just how Jawbone stored the encrypted passwords. For instance, there's no indication that the hashed passwords were salted to introduce a random factor that would make them significantly harder to crack.

Continued : http://nakedsecurity.sophos.com/2013/02/13/jawbone-hack/

Also:
Jawbone's MyTALK personalisation service hacked; names, emails, hashed passwords compromised
Jawbone: Some MyTalk Accounts Compromised by Hack
- Collapse -
Obama cybersecurity order calls for sharing of threat data
by Carol~ Feb 13, 2013 2:23AM PST

US President Barack Obama has signed an executive order requiring federal agencies to share cyberthreat information with private companies and to create a cybersecurity framework focused on reducing risks to companies providing critical infrastructure

The cybersecurity framework would be voluntary for some operators of critical infrastructure, but the order also requires federal agencies overseeing critical infrastructure to identify the operators and industries most at risk and to explore whether the government can require those companies to adopt the framework.

The agencies will focus on critical infrastructure "where a cybersecurity incident could reasonably result in a catastrophic regional or national effect on public health or safety, economic security, or national security," said the order, signed by Obama just before his State of the Union speech Tuesday evening.

Continued : http://news.techworld.com/security/3425967/obama-cybersecurity-order-calls-for-sharing-of-threat-data/

Related:
Executive order to raise "volume, quality of cyber threat information"
Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives
Obama's Cybersecurity Order Aims for a Restart With Congress
Hackers call US government's latest cybersecurity efforts 'a train wreck'

- Collapse -
Raytheon makes software to track social media users
by Carol~ Feb 13, 2013 2:23AM PST

Defense contractor Raytheon has developed software that tracks people online through social media sites like Twitter and Facebook.

The Rapid Information Overlay Technology (RIOT) software uses location data embedded in photographs and other Internet postings to track users' movements and personal activities, according to Brian Urch, Raytheon's principal investigator.

In a company video obtained and posted online by The London Guardian on Sunday, Mr. Urch shows how repeated "check-ins" or postings on social media sites leave a trail of location data that enables RIOT to build up a detailed daily itinerary for the people it is tracking.

He demonstrates by tracking a Raytheon employee called Nick. When he inputs Nick's email address, the program responds with a list of social media sites Nick uses. With a few clicks, Mr. Urch is able to compile location data from photographs and other postings Nick has shared on a social media, including FourSquare — a location-based service for FaceBook users that helps online friends know when they are near each other.

Continued : http://www.washingtontimes.com/news/2013/feb/11/raytheon-makes-software-track-social-media-users/

Also:
Raytheon Taps Social Media to Build Tracking Software
Software that tracks people on social media created by defence firm

- Collapse -
Exploit Sat on LA Times Website for 6 Weeks
by Carol~ Feb 13, 2013 2:31AM PST
The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.

On Feb. 7, KrebsOnSecurity heard from two different readers that a subdomain of the LA Times' news site (offersanddeals.latimes.com) was silently redirecting visitors to a third-party Web site retrofitted with the Blackhole exploit kit. I promptly asked my followers on Twitter if they had seen any indications that the site was compromised, and in short order heard from Jindrich Kubec, director of threat intelligence at Czech security firm Avast.

Kubec checked Avast's telemetry with its user base, and discovered that the very same LA Times subdomain was indeed redirecting visitors to a Blackhole exploit kit, and that the data showed this had been going on since at least December 23, 2012.

Contacted via email, LA Times spokeswoman Hillary Manning initially said a small number of users trying to access a subdomain of the site were instead served a malicious script warning on Feb. 2 and 3. But Manning said this was the result of a glitch in Google's display ad exchange, not a malware attack on the company's site.

Continued : http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/
- Collapse -
2013 Threat Report: More than Scary Stats and Chilling Chart
by Carol~ Feb 13, 2013 3:29AM PST

From the Websense Security Labs Blog:

The 2013 Threat Report from the Websense Security Labs is now available.

The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.

Creating the report began with the ThreatSeeker Network, composed of big data clusters used by the WSL to collect and manage up to 5 billion inputs each day from 900 million global endpoints. Malware samples, mobile applications, email content, web links and other information were then passed through deep analysis processes including our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

Here is a sampling of key findings from this year's report:

1. Web Security. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of attacks originating through social media, mobile devices, and email. Researchers measured an alarming 600 percent increase in the use of malicious web links through all vectors.

2. The Social Web. Malicious content was hidden within social media behind shortened web links 32 percent of the time. Social media attacks took advantage of the confusion of new features, changing services and unsophisticated users.

3. Mobile Security. A study of last year's malicious apps revealed how they often abuse permissions; especially in the use of SMS communications, something very few legitimate apps do. Risks also increased as mobile devices were used for social media and web surfing more often than actually making a phone call.

Continued: http://community.websense.com/blogs/securitylabs/archive/2013/02/13/2013-threat-report-more-than-scary-stats-and-chilling-charts.aspx

- Collapse -
Malware injected into legitimate JavaScript code on ..
by Carol~ Feb 13, 2013 3:29AM PST
... legitimate websites

As recently mentioned in the Sophos Security Threat Report, 80% of the websites where we detect malicious content are innocent sites that have been hacked.

A trend that we have observed is that hackers will insert their malicious code into legitimate JavaScript (not to be mixed up with Java!) hosted on the website.

The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript.

In other words, if a user's anti-virus software did display an alert about malicious content, it might be shrugged off as a false positive and blamed on an unreliable detection of a legitimate piece of JavaScript code.

Recently SophosLabs has seen a flurry of detections of Troj/Iframe-JG on legitimate websites, including:

Continued : http://nakedsecurity.sophos.com/2013/02/13/malware-javascript/
- Collapse -
Flickr bug made users' private photos public
by Carol~ Feb 13, 2013 3:34AM PST

A glitch in the Flickr matrix has resulted in intimate photos of a number of its users being made available for everyone to see after their permissions turned from "private" to "public" without their knowledge, reports The Verge.

The photos were accessible to the public for 20 days, and it was impossible to change the setting back to "private" during this period. The only silver lining in this incident is that these photos were not included in Flickr's own search engine or any of the outside ones.

Affected users took to the official help forum to express their dissatisfaction and anger, especially after Flickr attempted to do some damage control by setting all public photos to private.

"It has utterly decimated my food blogging site which is a huge source of revenue for me," wrote a FlickrPro user. "Not only do I have to go back and change all the permissions, BUT changing the permissions changes the code, which means I have to go through each post and re-apply all my pictures. This is HUNDREDS of pictures. I am utterly disgusted and shaking I am so angry."

Continued : http://www.net-security.org/secworld.php?id=14407

Also:
Flickr bug makes users' private photos public
Flickr Bug Revealed Private Photos To Public

- Collapse -
Key Figure in Police Ransomware Activity Nabbed
by Carol~ Feb 13, 2013 5:55AM PST

From the TrendLabs Security Intelligence Blog:

Ransomware is a nasty scam that infiltrates your computer and tricks you into thinking that you've done something wrong. Police ransomware in particular informs users that they need to pay their local police a fine. [Screenshot: Ransomeware Warning Screen]

We have written detailed reports about these attacks in the past, including multiple blog posts as part of our investigations into this ongoing threat. [Screenshot]

Trend Micro threat researchers have been studying this scam throughout 2012 and have collaborated very closely with law enforcement authorities in several European countries, especially in Spain. Today, we are very happy to report that the Spanish Police has put the information to good use, and they have just announced in a press conference the arrest of one of the head members of the cybercriminal gang that produces the Ransomware strain known as REVETON.

The apparent arrest of this cybercriminal of Russian origin occured in Dubai, United Arab Emirates. The law enforcement authorities are working to extradite him to Spain for prosecution. Along with his arrest, the operation included the arrests of 10 other individuals tied to the money laundering component of the gang's operations, which managed the monetization of the PaySafeCard/UKash vouchers received as payment in the scam. The gang apparently had a branch in Spain that exchanged these vouchers and converted them into actual money, which would then be transferred to the leaders of the gang in Russia.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/key-figure-in-police-ransomware-activity-nabbed-2/

Also:
Spanish Police & Europol Bust Global "Ransomware" Operation
Spain busts 'ransomware' cybercrime ring; 11 detained including gang's alleged Russian leader

Happy

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info