Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - February 26, 2015

Feb 26, 2015 3:00AM PST
Webnic Registrar Blamed for Hijack of Lenovo, Google Domains

Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google's Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.

On Feb. 23, google.com.vn briefly redirected visitors to a page that read, "Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)." The message also included a link to the group's Twitter page and its Lizard Stresser online attacks-for-hire service.

Today, the group took credit for hacking Lenovo.com, possibly because it was recently revealed that the computer maker was shipping the invasive Superfish adware with all new Lenovo notebook PCs (the company has since said Superfish is now disabled on all Lenovo products and that it will no longer pre-load the software).

Continued : http://krebsonsecurity.com/2015/02/webnic-registrar-blamed-for-hijack-of-lenovo-google-domains/

Related :
Lenovo, Google websites hijacked by a DNS attacks
Lizard Squad Hijacks Lenovo Website, Emails
Lenovo.com hijacking made possible by compromise of Webnic registrar
Attackers Hijack Lenovo Domain, Spoof Website and Intercept Company Emails

Discussion is locked

- Collapse -
New DDoS attack and tools use Google Maps plugin as proxy
Feb 26, 2015 3:29AM PST

Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks.

A known vulnerability in a Google Maps plugin for Joomla allows the plugin to act as a proxy. Attackers spoof (fake) the source of the requests, causing the results to be sent from the proxy to someone else - their denial of service target. The true source of the attack remains unknown, because the attack traffic appears to come from the Joomla servers.

With cooperation from PhishLabs' R.A.I.D, PLXsert matched DDoS signature traffic originating from multiple Joomla sites, which indicates vulnerable installations are being used en masse for reflected GET floods, a type of DDoS attack. Observed attack traffic and data suggest the attack is being offered on known DDoS-for-hire sites.

Continued : http://www.net-security.org/secworld.php?id=18002

- Collapse -
Spam Uses Default Passwords to Hack Routers
Feb 26, 2015 3:29AM PST

In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims.

Calif. based security firm Proofpoint said it recently detected a four-week spam campaign sent to a small number of organizations and targeting primarily Brazilian Internet users. The emails were made to look like they were sent by Brazil's largest Internet service provider, alerting recipients about an unpaid bill. In reality, the missives contained a link designed to hack that same ISP's router equipment.

According to Proofpoint, the link in the spam campaign led to a page that mimicked the telecom provider. The landing page included code that silently attempted to execute what's known as a cross-site request forgery attack on known vulnerabilities in two types of routers, UT Starcom and TP-Link. The malicious page would then invoke hidden inline frames (also known as "iframes") that try to log in to the administration page of the victim's router using a list of known default credentials built into these devices.

Continued : http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/

- Collapse -
Firefox 36 Arrives With Patches For Three Critical Flaws
Feb 26, 2015 3:30AM PST

Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser.

One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances.

"Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash," the Mozilla advisory says.

Among the other critical bugs patched in this release is a use-after-free vulnerability in the indexdDB component of the browser.

Continued : http://threatpost.com/firefox-36-arrives-with-patches-for-three-critical-flaws/111284

Related : Firefox 36 Gains HTTP/2 Support, Fixes Critical Vulnerabilities

Also See: Mozilla Firefox Version 36.0 Released

- Collapse -
Ransomware Looming As Major Long-Term Threat
Feb 26, 2015 3:30AM PST

On May 30, 2014, law enforcement officials from the FBI and Europol seized a series of servers that were being used to help operate the GameOver Zeus botnet, an especially pernicious and troublesome piece of malware. The authorities also began an international manhunt for a Russian man they said was connected to operating the botnet, but the most significant piece of the operation was a side effect: the disruption of the infrastructure used to distribute the CryptoLocker ransomware.

"CryptoLocker and GameOver Zeus were often installed alongside each other, and now you see these groups improving from there and specializing," said John Miller, manager, ThreatScape cyber crime, at iSIGHT Partners. "There's so much momentum behind ransomware operations and the black markets that support it, we expect it to be a problem for the foreseeable future. There are people selling ransomware, customization services for countries and distribution services for getting it onto machines or phones."

Continued : http://threatpost.com/ransomware-looming-as-major-long-term-threat/111265

- Collapse -
Europol shut down Ramnit botnet that infected 3.2m computers
Feb 26, 2015 3:31AM PST

"Seven servers being used to control millions of devices infected by Ramnit - including many in Britain - have been shut down overnight"

A cybercrime ring that used millions of hacked computers in Britain to steal banking information has been shut down by European police and technology companies.

Europol's European cybercrime centre coordinated the operation from its headquarters in The Hague, targeting the so-called Ramnit botnet - a network of computers infected with malware.

It worked with investigators from Britain, Germany, Italy and the Netherlands and was assisted by companies AnubisNetworks, Microsoft and Symantec, which said 3.2m computers were hacked.

Continued : http://www.theguardian.com/technology/2015/feb/25/europol-shuts-down-ramnit-botnet-that-infected-32m-computers

Related:
3 million strong RAMNIT botnet taken down
Europol shuts down darn RAMNIT botnet
Ramnit Botnet Brought Down in Joint Operation by Police, Security Researchers

- Collapse -
FBI offers $3 million reward for Russian 'cyber fugitive'
Feb 26, 2015 3:33AM PST

The FBI today announced it's offering a $3 million reward for information leading to the direct arrest or capture of Evgeniy Mikhailovich Bogachev, who the bureau is labeling "a prolific cyber criminal" guilty of helping push along the crippling GameOver Zeus botnet. The feds maintain that the botnet was responsible for financial damages exceeding $100 million before it was finally shut down in June of last year.

"The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts," the FBI said in a press release meant to shine an unwanted spotlight on Bogachev. Through sophisticated methods of intrusion, the GameOver Zeus botnet was able to infect over 1 million PCs — a quarter of them inside the US — before law enforcement managed to stop "the most sophisticated botnet" it had ever come up against.

Continued : http://www.theverge.com/2015/2/24/8103553/fbi-3-million-reward-evgeniy-mikhailovich-bogachev

Related:
$3m reward offered for alleged Gameover Zeus kingpin
US offers highest-ever cybercrime reward for arrest of Russian hacker
US offers $3m reward for arrest of Russian hacker Evgeniy Bogachev

- Collapse -
New Android Adware on Google Play More Aggressive than Ever
Feb 26, 2015 7:49AM PST

Bitdefender's "HOT for Security" blog:

Bitdefender has found 10 Google Play apps that have been packed full of aggressive adware to either subscribe users to premium-rated numbers using scareware messages or install additional apps that pack in even more ads.

The apps (including the "What is my ip?" app still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.

Once installed, they create a desktop shortcut named "System Manager." If someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, he'll have a hard time finding and uninstalling the app in the Application Manager menu as it hides under the vague new name and not, for instance, "What is my ip?" Less tech-savvy users will be thrown off the scent and the app will remain installed and running indefinitely.

Continued : http://www.hotforsecurity.com/blog/new-android-adware-on-google-play-more-aggressive-than-ever-11470.html

- Collapse -
Anthem: Non-customers may have been hit by hack
Feb 26, 2015 7:49AM PST

"Millions of Blue Cross Blue Shield customers could be affected by the cyberattack against Anthem, the insurance provider confirms."

You don't have to be a direct customer of Anthem to have been a victim of the company's recent hack.

Anthem's initial analysis indicates that about 78.8 million people may have been affected by the cyberattack, according to the company's Anthem Facts page. That number refers to the volume of people whose data could have been viewed by the hackers but not necessarily stolen from the database.

Around 60 million to 70 million of those 78.8 million people are current or former Anthem members. The rest include non-members, specifically current and former non-Anthem Blue Cross Blue Shield members who used their Blue Cross and Blue Shield insurance over the last 10 years in a state where Anthem operates Doing the math, that means anywhere from 8.8 million to 18.8 million people who were not direct Anthem customers could have been impacted by the attack.

Continued : http://www.cnet.com/news/anthem-non-customers-may-have-been-hit-by-hack/

- Collapse -
How safe are Android-based children's tablets?
Feb 26, 2015 7:49AM PST

Looking for an Android-based tablet for your child but don't know which one to choose?

If you are concerned about the security of your child's data - as you should be - and about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children: [...]

The company tested the devices with their own Trustable app and a combination of three malware scanners. They looked for flaws in the device and software security configurations, preinstalled adware and riskware (and malware), and they did an analysis of network traffic and potential privacy violations.

Continued : http://www.net-security.org/secworld.php?id=18003