Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - March 07, 2016

Mar 7, 2016 8:19AM PST
Popular WordPress plugin pulled after discovery of password-stealing backdoor

The precise number of websites out there running on WordPress may not be known, but one thing is for sure -- there are a lot of them. Two reasons for the popularity of WordPress are the ease of set up and the availability of a huge range of plugins. One popular plugin, Custom Content Type Manager (CCTM), has just been pulled from the WordPress Plugin Directory after a backdoor was discovered.

The plugin has been installed on thousands of websites, and a recent update -- automatically installed for many users -- included a worrying payload. In the hands of a new developer, Custom Content Type Manager made changes to core WordPress files, ultimately making it possible to steal admin passwords and transmit them in plaintext to a remote server.

Continued: http://betanews.com/2016/03/05/wordpress-plug-password-backdoor/

Related:
Updated: When a WordPress Plugin Goes Bad
https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html

Discussion is locked

- Collapse -
OS X ransomware found bundled with legitimate software
Mar 7, 2016 8:22AM PST

Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users.

The malware, dubbed KeRanger, has been found on Friday (March 4), bundled into the Mac version of the popular open source Transmission BitTorrent client, and made available for download on the Transmission developers’ official website.

The website now sports an alert on the main page, saying that everyone running version 2.90 of Transmit on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file.

Continued: https://www.helpnetsecurity.com/2016/03/07/os-x-ransomware-found-bundled-with-legitimate-software/

Related:
Apple Macs hit by ransomware 'for first time'
http://www.bbc.com/news/technology-35744416
Apple users targeted in first known Mac ransomware campaign
http://www.reuters.com/article/us-apple-ransomware-idUSKCN0W80VX
@ Pao Alto Networks:
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/

Post was last edited on March 7, 2016 10:19 AM PST

- Collapse -
Seagate Phish Exposes All Employee W-2’s
Mar 7, 2016 9:54AM PST

Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.

According to Seagate, the scam struck on March 1, about a week after KrebsOnSecurity warned readers to be on the lookout for email phishing scams directed at finance and HR personnel that spoof a letter from the organization’s CEO requesting all employee W-2 forms.

Continued: http://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/

Related:
Another big tech company has fallen victim to the email scam that tricked Snapchat
http://www.businessinsider.com/seagate-has-fallen-victim-to-the-email-scam-that-tricked-snapchat-2016-3

- Collapse -
Ad Blockers Are Making Money Off Ads (And Tracking, Too)
Mar 7, 2016 9:56AM PST

Advertising pays for a lot of what you see on the Internet. This makes ad blockers a big deal. Readers are using them. Advertisers are panicking about them. Publishers are attempting to quash them.

Meanwhile, ad blockers market themselves as a way to speed up web browsing while you skirt evil data collectors and attention-hungry advertisers. But ad blockers are running businesses too. And their business models aren’t too far off from the very ones that publishers and advertisers use to make money on the web.

Continued: http://www.wired.com/2016/03/heres-how-that-adblocker-youre-using-makes-money

- Collapse -
Passcode Bypass Bugs Trouble iOS 9.1 and Later
Mar 7, 2016 10:38AM PST

Apple has yet to patch a series of bypass vulnerabilities in iOS that could enable an attacker to sidestep the passcode authorization screen on iPhones and iPads running iOS 9.0, 9.1, and the most recent build of the mobile operating system, 9.2.1.

Like all passcode bypass bugs, an attacker would have to have the device in their possession to carry out the attack, but that’s not a valid excuse for not fixing the vulnerabilities, researchers say.

The bugs can be used to access apps native to iOS, such as Clock, Event Calendar, and Siri’s User Interface, and that’s been the case for at least three months, according to Benjamin Kunz Mejri, a researcher at Vulnerability Lab, who divulged details on them Monday.

Continued: https://threatpost.com/passcode-bypass-bugs-trouble-ios-9-1-and-later/116624/

- Collapse -
Amazon will restore Fire OS' encryption support ..
Mar 7, 2016 11:33AM PST
.. in the spring

Amazon will restore optional full disk encryption to Fire OS 5 in a software update "coming this spring," according to a statement released by the company on Friday evening.

The company originally removed disk encryption support in FireOS 5, which was introduced on Fire tablets last fall.

Continued: http://arstechnica.com/gadgets/2016/03/amazon-will-restore-fire-os-encryption-support-in-the-spring/

Related to Prior Post:
Amazon Faces Backlash Over Removal Of Device Encryption
http://www.cnet.com/forums/post/48b16e05-2e33-47a8-b217-49b953e47e5f/
- Collapse -
Google Fixes Critical Android Mediaserver Bugs, Again
Mar 7, 2016 11:55AM PST

Google today patched two critical holes in its problematic Android Mediaserver component which would allow an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. With this latest vulnerability, Google has patched its Mediaserver more than two dozen times since the Stagefright vulnerability was discovered in August.

The patch is part of Google’s monthly over-the-air security update for Android Nexus devices. In total, Google identified 16 vulnerabilities as part of this month’s Android Nexus Security Bulletin, of which six were rated as critical, eight as high and two as moderate. Google said a Nexus patch would be available within the next 48 hours and available at the Android Open Source Project repository. It says wireless carriers and device makers were made aware of the upcoming security bulletin on Feb. 1.

Continued : https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/