Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - February 17, 2016

Feb 17, 2016 2:00PM PST
Critical glibc Vulnerability Puts All Linux Machines at Risk

Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs.

The vulnerability, discovered independently by researchers at Google and Red Hat, has been patched.

The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory.

Continued: https://threatpost.com/critical-glibc-vulnerability-puts-all-linux-machines-at-risk/116261/

Also see:
Magnitude of glibc Vulnerability Coming to Light
https://threatpost.com/magnitude-of-glibc-vulnerability-coming-to-light/116296/
Extremely severe bug leaves dizzying number of software and devices vulnerable
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
Critical Glibc flaw opens Linux distros, other software and devices to compromise
https://www.helpnetsecurity.com/2016/02/17/critical-glibc-flaw-opens-linux-distros-other-software-and-devices-to-compromise/

Discussion is locked

- Collapse -
The Great EMV Fake-Out: No Chip For You!
Feb 17, 2016 2:02PM PST

Many banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the “dip” of chip-card transactions (as opposed to the usual swipe of the card’s magnetic stripe). But comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip. This post will examine what’s going on here, why so many merchants are holding out on the dip, and where this all leaves consumers.

Visa CEO Charles W. Scharf said in an earnings call late last month that more than 750,000 locations representing 17 percent of the U.S. face-to-face card-accepting merchant base are now enabled to handle chip-based transactions, also known as the EMV (“Europay, Mastercard and Visa&rdquoWink payment standard.

Continued : http://krebsonsecurity.com/2016/02/the-great-emv-fake-out-no-chip-for-you/

- Collapse -
Fysbis: The Linux Backdoor Used by Russian Hackers
Feb 17, 2016 2:08PM PST

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks.

First signs of Fysbis appeared in November 2014, but only recently have security researchers from Palo Alto Network managed to understand how this threat works and who's behind it.

Based on a lengthy investigation, researchers speculate that this is not your run-of-the-mill malware that infects computers for the criminals' monetary gain (adware, banking operations, Bitcoin mining), but a much more sophisticated threat, which is only used in cyber-espionage campaigns.

Continued: http://news.softpedia.com/news/fysbis-the-linux-backdoor-used-by-russian-hackers-500367.shtml

@ Pao Alto Networks:
A Look Into Fysbis: Sofacy’s Linux Backdoor
http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
Related:
Russian Hackers Spying On Your Linux PC Using Sophisticated Malware “Fysbis”
http://www.techworm.net/2016/02/russian-hackers-spying-linux-pc-sophisticated-malware-fysbis.html

- Collapse -
Tech Support Scammers Use New Browser Trick ..
Feb 17, 2016 2:31PM PST
.. To Defeat Blocking

From the "Malwarebytes Unpacked" blog:

These days, the vast majority of tech support scams are delivered via malvertising attacks pushing fake error notifications and preventing users from normally closing their browsers.

Because those warnings are very convincing and often accompanied by audio cues, many people will get desperate and panic when they realize they cannot close those pages.

Unfortunately, most browsers are defeated by simple snippets of JavaScript code that create infinite loops or other suck trickeries. In other cases, scammers combine code with social engineering to deliver a very frustrating user experience ultimately forcing many victims to call the rogue toll free number for assistance.

Continued: https://blog.malwarebytes.org/fraud-scam/2016/02/tech-support-scammers-use-new-browser-trick-to-defeat-blocking/
- Collapse -
'Locky' ransomware, which infects like Dridex, hits ..
Feb 17, 2016 2:32PM PST
.. 'the unlucky

A new flavor of ransomware, similar in its mode of attack to the notorious banking software Dridex, is causing havoc with some users.

Victims are usually sent via email a Microsoft Word document purporting to be an invoice that requires a macro, or a small application that does some function.

Macros are disabled by default by Microsoft due to the security dangers. Users who encounter a macro see a warning if a document contains one.

Continued: http://www.pcworld.com/article/3033886/locky-ransomware-which-infects-like-dridex-hits-the-unlucky.html

Related:
“Locky” ransomware: What you need to know
https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/
- Collapse -
Android Mazar malware that can 'wipe phones' spread via SMS
Feb 17, 2016 2:53PM PST

A Danish security company has detected an attempt to spread a powerful form of Android malware via text messages.

Mazar can gain administrator rights on phones, allowing it to wipe handsets, make calls or read texts.

However, it will not install on phones where the language is set to Russian.

Additionally, users would have to have unchecked a default setting on Android devices that ensures software may only be installed from trusted sources.

Continued: http://www.bbc.com/news/technology-35586446

Related:
One seemingly innocuous text message can wreck your Android phone’s security
http://bgr.com/2016/02/16/android-sms-malware-attack-mazar-bot/
If You Receive This Text Message, It Can Destroy Your Android Phone
https://www.yahoo.com/tech/if-you-receive-this-text-message-it-can-destroy-085617540.html

[HT to Bob!]

- Collapse -
Apple declines FBI requests to create backdoor
Feb 17, 2016 3:23PM PST

Bitdefender "HOT for Security" blog:

Apple announced it will oppose a court order to help the FBI unlock the iPhone of the San Bernardino shooter to avoid endangering the privacy of millions.

“Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the US government,” Apple CEO Tim Cook says in an open letter.

The FBI is looking for information that may be on Syed Rizwan Farook ‘s employer-issued phone as it investigates the shootings that left 14 people dead in December.

Continued : http://www.hotforsecurity.com/blog/apple-declines-fbi-requests-to-create-backdoor-13419.html

Related:
Tim Cook says Apple will fight US gov’t over court-ordered iPhone backdoor
http://arstechnica.com/gadgets/2016/02/tim-cook-says-apple-will-fight-us-govt-over-court-ordered-iphone-backdoor/
Apple’s Cook Opposes Court Order to Hack San Bernardino Shooter’s Phone
https://threatpost.com/apples-cook-opposes-court-order-to-hack-san-bernardino-shooters-phone/116274/
Apple encryption fight with FBI could go to the Supreme Court
http://www.computerworld.com/article/3033926/security/apple-encryption-fight-with-fbi-could-go-to-the-supreme-court.html

- Collapse -
some thoughts on it
Mar 15, 2016 7:56AM PDT