Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - March 11, 2016

Mar 11, 2016 5:14PM PST
Another Android Trojan Flaunts Inexistent Adobe Flash Player to Infect Users

People's obsession with Adobe's Flash Player is putting them and their financial status in harm's way, allowing crooks to trick them into downloading and installing malware-laced Android applications.

Two days ago we wrote on an Android banking trojan which was fooling users into installing a fake Adobe Flash version with the sole purpose of showing phishing pages that stole their banking and Google credentials.

The same technique is also used by another trojan called Android Marcher that relies on a massive SMS and email spam campaign to drive users to adult-themed websites.

Continued: http://news.softpedia.com/news/another-android-trojan-flaunts-inexistent-adobe-flash-player-to-infect-users-501627.shtml

Related:
Marcher Trojan Morphs, Now Targets Porn Sites
https://threatpost.com/marcher-trojan-morphs-now-targets-porn-sites/116743/

Discussion is locked

- Collapse -
Botched Java patch leaves millions vulnerable to ..
Mar 11, 2016 5:18PM PST
.. 30-month-old attack

A botched security fix released for the Java software framework 30 months ago has left millions of users vulnerable to attacks that Oracle had claimed were no longer possible, a security researcher said.

The bypass code, which was released Thursday by Polish security firm Security Explorations, contains only minor changes to the original proof-of-concept, according to an e-mail posted to the Full Disclosure security list. Security Explorations released the original exploit in October 2013 following the release of a patch from Oracle.

Thursday's bypass changes only four characters from the 2013 code and uses a custom server to work. The bypass means that millions of Java users have remained vulnerable to the flaw, categorized as CVE-2013-5838, despite assurances from Oracle that the attacks were no longer possible.

Continued: http://arstechnica.com/security/2016/03/botched-java-patch-leaves-millions-vulnerable-to-30-month-old-attack/

Related:
Two Years Later, Java Security Still Broken Due to Faulty Oracle Patch
http://news.softpedia.com/news/two-years-later-java-still-broken-due-to-faulty-oracle-patch-501633.shtml
- Collapse -
Samsung Windows Laptop Owners Urged To Download Fix To ..
Mar 11, 2016 5:23PM PST
.. MitM Vulnerability

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop.

The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16” designed keep Samsung laptop users’ drivers and software up to date. Security researchers at Core Security discovered the vulnerability in November 2015 and disclosed the flaw March 4 after Samsung issued the patch to fix the problem.

“This vulnerability could be considered as a medium or low threat to most Samsung laptop users,” said Joaquin Varela, senior security researcher from Core Security CoreLabs Team, who discovered the Samsung vulnerability.

Continued: https://threatpost.com/samsung-windows-laptop-owners-urged-to-download-fix-to-mitm-vulnerability/116710/

Related:
Samsung PC, laptop owner? Better update the update tool
http://www.theregister.co.uk/2016/03/11/samsung_software_update_mitm_flaw_patched/
- Collapse -
Hackers Target Anti-DDoS Firm Staminus
Mar 11, 2016 5:27PM PST
Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data.

Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday.

Continued: http://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/
- Collapse -
Locky is now one of the most commonly seen ransomware
Mar 11, 2016 5:40PM PST

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.

Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.

Trustwave's SpiderLabs said on Wednesday that 18 percent of the 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky.

"We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware," wrote Rodel Mendrez, a Trustwave security researcher.

Continued: http://www.computerworld.com/article/3042617/security/locky-ransomware-activity-ticks-up.html

Related:
Locky Ransomware Spreading in Massive Spam Attack
https://threatpost.com/locky-ransomware-spreading-in-massive-spam-attack/116727/
@ SpiderLabs:
Massive Volume of Ransomware Downloaders being Spammed
https://www.trustwave.com/Resources/SpiderLabs-Blog/Massive-Volume-of-Ransomware-Downloaders-being-Spammed/