Spyware, Viruses, & Security forum


NEWS - June 11, 2013

by Carol~ Moderator / June 11, 2013 1:57 AM PDT
First Lawsuit Over NSA Phone Scandal Targets Obama, Verizon

The first of what likely will be many lawsuits challenging the constitutionality of the NSA's dragnet phone surveillance program was lodged Sunday, declaring the newly disclosed spy operation an "outrageous breach of privacy."

The suit names Larry Klayman, the former chairman of Judicial Watch, and two others who say the government has illegally spied on their Verizon accounts. The spy program, Klayman's suit in the U.S. District Court for the District of Columbia claims, "violates the U.S. Constitution and also federal laws, including, but not limited to, the outrageous breach of privacy, freedom of speech, freedom of association, and the due process rights of American citizens."

The suit comes days after the Guardian posted a leaked copy of a top secret Foreign Intelligence Surveillance Court opinion requiring Verizon to provide the NSA the phone numbers of both parties involved in all calls, the International Mobile Subscriber Identity (IMSI) number for mobile callers, calling card numbers used in the call, and the time and duration of the calls.

Continued : http://www.wired.com/threatlevel/2013/06/nsa-phone-lawsuit/

Lawsuit filed over NSA phone spying program
Suit Filed Against NSA, Obama Over Surveillance Program
Discussion is locked
You are posting a reply to: NEWS - June 11, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 11, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Going Solo: Self-Propagating ZBOT Malware Spotted
by Carol~ Moderator / June 11, 2013 2:05 AM PDT
In reply to: NEWS - June 11, 2013

From the Trendlabs Security Intelligence Blog:

Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own.

This particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document. If the user opens this file using Adobe Reader, it triggers an exploit which causes the following pop-up window to appear: [Screenshot]

While this is going on, the malicious ZBOT variant - WORM_ZBOT.GJ - is dropped onto the system and run. It is here that several differences start to appear.

First of all, WORM_ZBOT.GJ has an autoupdate routine: it can download and run an updated copy of itself. Secondly, however, it can spread onto other systems via removable drives, like USB thumb drives.

Continued: http://blog.trendmicro.com/trendlabs-security-intelligence/going-solo-self-propagating-zbot-malware-spotted/

Related: Experts Find ZeuS Malware That's Capable of Spreading via USB Flash Drives

Collapse -
"Your Google Account has been Hacked" Phone Spam
by Carol~ Moderator / June 11, 2013 2:05 AM PDT
In reply to: NEWS - June 11, 2013


There's been an awful lot of spam messages arriving on phones since at least March of this year, claiming to be from Google:

ID #[6 digit number] Your Google account has been hacked. Reply now to take a call to verify your account

Your first thought would probably be phishing - most likely, the recipient jumps through hoops and ends up leaving a username and password on a voicemail, phishing themselves into the middle of next week. Right?

That doesn't seem to be the case, however. A few...brave?...souls followed the steps, and we can see that this follows a consistent pattern.

1) Text message arrives claiming your Google account has been hacked.

2) Recipient replies with VERIFY.

3) Another message arrives, stating "Activation #[6 digit number]: Please enter the verification code -44- when we will call you"

Continued : http://www.threattracksecurity.com/it-blog/your-google-account-has-been-hacked-phone-spam/

Collapse -
Google Adds Detection For Obad Malware
by Carol~ Moderator / June 11, 2013 2:05 AM PDT
In reply to: NEWS - June 11, 2013

Just a follow-up to our story from last week on Obad, the new family of mobile malware that affects Google Android devices: In an e-mail to The Security Ledger on Friday, Google acknowledged the existence of the Trojan horse program and has updated its detection tools to be able to identify it.

Google says it added detection for the Obad Trojan to its Application Verification Tool to prevent infections via third party app stores.

In an e-mail, a Google spokeswoman said that the malware, dubbed "Obad" by Kaspersky Lab, was not found on the company's Google Play application store. The company added detection for the new malware to its Application Verification Tool, which protects Android users who tried to download it from a third-party application store or browser.

Obad, or Backdoor.AndroidOS.Obad.a, is described as a "multi function Trojan" that primarily acts as an SMS Trojan, surreptitiously sending short message service (SMS) messages to premium numbers. It was first described in a blog post by Kaspersky Lab researcher malware researcher Roman Unuchek last week.

Continued : https://securityledger.com/2013/06/google-adds-detection-for-obad-malware/

Related: The most sophisticated Android Trojan

Collapse -
Microsoft FixIt Tool Blocks Java Attacks in IE
by Carol~ Moderator / June 11, 2013 2:06 AM PDT
In reply to: NEWS - June 11, 2013

Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, while still leaving the desktop Java functionality intact.

Attackers have had a field day with Java for years now and users have struggled to find ways to defend themselves, especially when patches have been slow to come from Oracle. Many attacks that have been successful over the last few years have targeted vulnerabilities in older versions of Java, finding plenty of machines with out-of-date Java applications. However there also has been a steady parade of zero day vulnerabilities in Java revealed either by security researchers or through their use by attackers.

To help users defend themselves against Web-based attacks using Java plug-ins in the browser, Microsoft's FixIt tool will block all of the Web-based vectors for attack on all versions of Java.

Continued : http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/

@ the Microsoft Security Response Center: Java: A Fix it for when you cannot let go

Collapse -
Multiple vulnerabilities found in HP Insight Diagnostics
by Carol~ Moderator / June 11, 2013 2:06 AM PDT
In reply to: NEWS - June 11, 2013

Multiple vulnerabilities have been found lurking in HP's server management application Insight Diagnostics. When combined with each other the gaps can allow an attacker to execute arbitrary PHP code with administrators rights on the servers. There is no patch for the vulnerabilities so far.

The vulnerabilities, identified as CVE-2013-3573, CVE-2013-3574 and CVE-2013-3575, exist in version of the software and, possibly earlier versions. A remote attacker will need to be authenticated for the comined vulnerabilities to be exploitable. The holes were found by Markus Wulftange from Daimler TSS who recorded and reported the flaws to the vendor.

Since there is no fix available, the US-CERT advises users to follow good security practice and restrict network access to the software and only allow connections from trusted hosts and networks.


Also: DHS Warns of Remote Code Execution Flaw in HP Insight Diagnostics

Collapse -
Apple Fails To Act On Store Vulnerability Warnings
by Carol~ Moderator / June 11, 2013 5:01 AM PDT
In reply to: NEWS - June 11, 2013

Apple was told about a cross-site scripting vulnerability on its website a month ago but the flaw remains resident on the site, according to a German security researcher.

Stefan Schurtz wrote on the Full Disclosure mailing list on Seclists.org he had tested exploits on store.apple.com using Internet Explorer 8, Internet Explorer 10 and Google Chrome 27. He claimed he told Apple via email on 12 May, receiving feedback the following day.

After weeks of inaction, Schurtz went public with the vulnerability. Apple has not responded to TechWeekEurope requests for comment.

Apple XSS vulnerability

XSS attacks typically see a crook send their victim a link to a vulnerable site. The link has them enter JavaScript code into a form, such as a search box, but the link is tweaked so that the website sends information - such as cookies - to the hacker's own domain, instead of to the user's PC.

Continued : http://www.techweekeurope.co.uk/news/apple-ignoring-store-vulnerability-warnings-118713

Also: Apple Store Vulnerable to XSS

Collapse -
Adobe, Microsoft Patch Flash, Windows
by Carol~ Moderator / June 11, 2013 6:18 AM PDT
In reply to: NEWS - June 11, 2013

Patch Tuesday is again upon us: Adobe today issued updates for Flash Player and AIR, fixing the same critical vulnerability in both products. Microsoft's patch bundle of five updates addresses 23 vulnerabilities in Windows, Internet Explorer, and Office, including one bug that is already being actively exploited.

A majority of the vulnerabilities fixed in Microsoft's June patch batch — 18 of them — are addressed in a cumulative update for Internet Explorer (MS13-047). The other fix that Microsoft called specific attention to is MS13-051, which tackles a flaw in Office that "could allow remote code execution if a user opens a specially crafted Office document..or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader."

This Office flaw, which is present in the latest versions of Office 2003 and Microsoft Office for Mac 2011, is already being exploited in targeted attacks, Microsoft said. According to the company's advisory, this vulnerability was reported by Google.

Adobe's Flash and AIR updates also fix a critical bug that was reported by Google's security team, although Adobe says it is not aware of any exploits or attacks in the wild against the vulnerability address in its update. The latest Flash version is 11.7.700.224 for Windows and 11.7.700.225 for Mac OS X. This link will tell you which version of Flash your browser has installed. IE10 and Chrome should auto-update their versions of Flash. If your version of Chrome is not yet updated to v. 11.7.700.225, you may just need to restart the browser.

Continued : http://krebsonsecurity.com/2013/06/adobe-microsoft-patch-flash-windows/#more-21069

Collapse -
GAMARUE Uses Sourceforge to Host Files
by Carol~ Moderator / June 11, 2013 7:23 AM PDT
In reply to: NEWS - June 11, 2013

From the Trendlabs Security Intelligence blog:

In our monitoring of the GAMARUE malware family, we found a variant that used the online code repository SourceForge to host malicious files. This finding is the latest development we've seen since the increase in infection counts observed last month.

SourceForge is a leading code repository for many open-source projects, which gives developers a free site that allows them to host and manage their projects online. It is currently home to more than 324,000 projects and serves more than 4 million downloads a day. Its popularity among programmers and users is the perfect venue to make these malware available to users.

GAMARUE malware poses a serious risk to users; attackers are able to gain complete control of a system and use it to launch attacks on other systems, as well as stealing information. Among the most common ways it reaches user systems are: infected removable drives, or the user has visited sites compromised with the Blackhole Exploit Kit.

This attack is made up of four files. The first is a shortcut, which appears to be a shortcut to an external drive. (This is detected as LNK_GAMARUE.RMA.) Instead of a drive, however, it points to a .COM file (detected as TROJ_GAMARUE.LMG).

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/gamarue-uses-sourceforge-to-host-files/

Collapse -
New Features in iOS 7 Make iPhone More Secure Than Ever
by Carol~ Moderator / June 11, 2013 7:23 AM PDT
In reply to: NEWS - June 11, 2013

Yesterday, Apple CEO Tim Cook and his cadre of design-minded pals took to the stage of WWDC and gave consumers a peek at the new iOS 7 that will grace iPhones, iPads, and iPod Touches starting sometime this fall. Most of the coverage has focused on the new (snazzy) look, but Apple is adding some security features of which we heartily approve.

Call, Text, and FaceTime Blocking
Though somewhat downplayed in the company's press release, Apple will be including the ability to block specific numbers. Android developers have been providing this for a while, though it has never been implemented as part of the OS. Some security companies, like Kaspersky Mobile Security, have included call blocking as a key part of their offerings.

Apple, on the other hand, doesn't want to give anyone access to key functionalities like the Phone app, but will be addressing the issue themselves. The company's press release reads, "Phone, FaceTime and Messages blocking to prevent specific people from being able to contact you," indicating that blocking will be a base function that extends to the other apps Apple controls

Continued : http://securitywatch.pcmag.com/mobile-security/312473-new-features-in-ios-7-make-iphone-more-secure-than-ever

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?