10 total posts
Proof of concept captures all SSL traffic via Apple's goto..
Proof of concept captures all SSL traffic via Apple's goto fail exploit
" A New Zealand security consultant has used a man-in-the-middle proxy to mop up all SSL traffic related to the App store, updates, iCloud data, and traffic from apps that use certificate pining, such as Twitter."
Less than a day's work was all it took for one New Zealand security consultant to develop a proof of concept for the actively open OS X exploit revealed at the weekend, and known as "goto fail".
Aldo Cortesi, CEO and founder of security consultancy firm Nullcube, said in a blogpost today that he had modified his existing mitmproxy code to take advantage of the open hole in OS X Mavericks.
"I've confirmed full transparent interception of HTTPS traffic on both IOS (prior to 7.0.6) and OSX Mavericks," Cortesi wrote.
"Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured."
Cortesi said that iCloud data, including KeyChain enrollment and updates, data from Calendar application, and traffic from apps that use certificate pining, such as Twitter. A New Zealand security consultant has used a man-in-the-middle proxy to mop up all SSL traffic related to the App store, updates, iCloud data, and traffic from apps that use certificate pining, such as Twitter."
Continued : http://www.zdnet.com/proof-of-concept-captures-all-ssl-traffic-via-apples-goto-fail-exploit-7000026735/
YouTube ads spread banking malware
Security researchers at Bromium have discovered that hackers were spreading malware onto computers while unsuspecting users were watching YouTube videos.
The drive-by-download attack was distributed via adverts shown on the YouTube website, and used an exploit kit to infect Windows PCs with a version of the Caphaw banking Trojan.
According to a blog post by Bromium, the attack relied upon the exploitation of a Java vulnerability (CVE-2013-2460, patched by Oracle in mid-2013).
According to the security firm, whose vSentry technology intercepted the attack, the exploit kit used by the hackers was the same one which was recently used to infect visitors to the Hasbro toys website.
Card Backlog Extends Pain from Target Breach
Last week's story about steeply falling prices on credit and debit card data stolen from Target mentioned several reasons why many banks may not have already reissued all of their cards impacted by the breach. But it left out one other key reason: A huge backlog of orders at companies that manufacture credit and debit cards on behalf of financial institutions.
Turns out, while the crooks responsible for monetizing the Target breach seem to have had little trouble counterfeiting stolen cards, the process by which banks obtain legitimate replacement cards for their customers is not always quite so speedy.
I recently spoke with a gentleman who heads up security at a small federal credit union, and this individual said his institution ended up printing their own cards in-house after being told by their financial services provider that their order for some 2,000 new customer cards compromised in the Target breach would have to get behind a backlog of more than 2 million existing orders from other banks.
Continued : http://krebsonsecurity.com/2014/02/card-backlog-extends-pain-from-target-breach/
Android Trojan delivered via Facebook "Suggested Posts"
Researchers have uncovered a potentially massive attack on Android users. This highly elaborate ploy originates on Facebook, where cyber-criminals advertise a series of apps.
When users access Facebook from their Android mobile device, they will see different messages under the title "Suggested Post" advertising WhatsApp tips like: "Want to know how to see your contacts' chats on WhatsApp?" or "Want to hide your WhatsApp connection status?".
If the intended victim clicks on any of these ads, they are redirected to a fake version of Google Play, the Android app store. The user, thinking that this is the genuine site, downloads the free app, which is really a Trojan that subscribes users to a premium-rate SMS service without their knowledge.
Continued : http://www.net-security.org/malware_news.php?id=2717
WhatsApp Desktop Client Doesn't Exist, Used in Spam Attack
TrendLabs Security Intelligence Blog:
The popular messaging application WhatsApp recently made headlines when it was acquired by Facebook for a staggering $19 billion. Cybercriminals didn't waste much time to capitalize on this bit of news: barely a week after the official announcement, we saw a spam attack that claims that a desktop version of the popular mobile app is now being tested. [Screenshot: Spammed message]
Our engineers found a spam sample that mentions Facebook's purchase of WhatsApp, and also says that a version of WhatsApp is now available for users on Windows and Mac PCs. The message also provides a download link to this version, which is detected as TROJ_BANLOAD.YZV, which is commonly used to download banking malware. (This behavior is the same, whether on PCs or mobile devices.)
"Pony" botnet pilfers digital coins worth $220,000 in ..
.. sustained attack
"Malware steals digital wallets from infected computers." - [Screenshot: Geographical break down of computers infected by Pony]
Criminals have pilfered about $220,000 worth of bitcoins and other digital currencies in a sustained, global attack that uses malware to steal the digital wallets stored on infected computers, researchers said Monday.
The malicious application known as Pony stole the digital loot from 85 wallets from September through January, researchers from security firm Trustwave's Spider Labs division wrote in a blog post. In all, the malware stole coins from at least four different digital currencies, including 355 bitcoins, 280 Litecoins, 33 Primecoins, and 45 Feathercoins. The coins were only a small part of the assets seized by Pony. During the same four-month span, Pony lifted credentials for more than 725,000 accounts. Those user names and passwords controlled access to accounts for websites, e-mail, FTP, secure shell, and remote desktops.
Cybercriminals Use Pony Botnet to Steal 700,000 Account Credentials, Virtual Currencies
Latest Instance of Pony Botnet Pilfers $200K, 700K Credentials
New Charity Scam Claims Parents Can't Afford Surgery
Bitdefenders' "HOTforSecurity" Blog:
A new charity scam spreading on Facebook claims parents can't afford surgery for their sick baby, according to Hoax Slayer. Once again, scammers "trade" likes, comments and shares for $1 to $100. After gaining user engagement and compassion, they can redirect likes towards fraudulent or malicious profiles and pages.
The hoax features an image of a baby with a large surgery scar lying in a hospital bed. The scam claims that Facebook and CNN will donate money to cover parents' medical expenses. Users are tricked into believing their like, share or comment will be converted in donation money.
"Please Dont Ignore,!" scam messages read. "His parents can't afford surgery so facebook and cnn are paying half of the expenses
1 like - $1
1 comment - 10$
1 share - 100$."
According to Hoax Slayer, the heart-wrenching picture is actually stolen from a 2012 blog post that discussed the baby's surgery. [Screenshot]
Continued : http://www.hotforsecurity.com/blog/new-charity-scam-claims-parents-cant-afford-surgery-8015.html