NEWS - March 14, 2014

Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.

The vulnerability, identified as CVE-2014-0505, is the result of a memory corruption issue and can lead to arbitrary code execution. According to Adobe, the flaw was privately reported to the company and there are no reports of active exploits targeting it in the wild.

Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions to update to the newly released version 12.1.0.150, which is available for Windows and Mac, the company said Thursday in a security advisory.

Continued: http://news.techworld.com/security/3506613/adobe-patches-a-critical-vulnerability-in-shockwave-player/

Related: Didn't you know? Today's Patch Thursday! Adobe splats hijack bug in Shockwave Player

Security alert: Attackers can remotely exploit a software-based backdoor -- present in at least nine different models of Samsung smartphones and tablets -- to steal files and location data or surreptitiously activate a microphone or camera.

That warning was sounded Wednesday by members of the Replicant project, which builds free versions of Android to replace the proprietary versions installed by most carriers and manufacturers.

Replicant researchers said they found that the radio modems on some Samsung devices will execute remote file system (RFS) commands. "We discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a back door that lets the modem perform remote file I/O operations on the file system," said Replicant developer Paul Kocialkowski in a blog post on the Free Software Foundation site.

Continued : http://www.darkreading.com/vulnerability/samsung-galaxy-security-alert-android-ba/240166619

Related:
"Virtually no evidence" for claim of remote backdoor in Samsung phones
Backdoor in Samsung Galaxy Devices Could Give Attackers Remote Control
Backdoor snoops can access files on your Samsung phone via the cell network - claim

On Wednesday, KrebsOnSecurity was hit with a fairly large attack which leveraged a feature in more than 42,000 blogs running the popular WordPress content management system (this blog runs on WordPress). This post is an effort to spread the word to other WordPress users to ensure their blogs aren't used in attacks going forward.

At issue is the "pingback" function, a feature built into WordPress and plenty of other CMS tools that is designed to notify (or ping) a site that you linked to their content. Unfortunately, like most things useful on the Web, the parasites and lowlifes of the world are turning pingbacks into a feature to be disabled, lest it be used to attack others.

And that is exactly what's going on. Earlier this week, Web site security firm Sucuri Security warned that it has seen attackers abusing the pingback function built into more than 160,000 WordPress blogs to launch crippling attacks against other sites.

Continued : http://krebsonsecurity.com/2014/03/blogs-of-war-dont-be-cannon-fodder/

TrendLabs Security Intelligence Blog:

Recently we've discussed how Control Panel (CPL) malware has been spreading in Latin America. In the past, we've analyzed in some detail how CPL malware works as well as the overall picture of how this threat spreads. In this post, we shall examine in detail how they spread, and how they relate with other malicious sites and components.

Recently, while I was checking my spam mailbox, I found one of these messages there. Specifically, I found this email sample: [Screenshot: Spam Message]

This roughly translates to:

From: {Dear Customer} (delivery-receipt@outlook.com)
Subject: As requested, the Invoice of Payment is Below
Message Body:
Good Morning Sir/Madam customer,
As requested, the following is the invoice for payment

[PDF icon] Click here to download.

The email address used in this attack may look authentic at first glance, but it is actually just an address from Outlook.com, Microsoft's free webmail service. In the message itself, there are two highlighted items: the PDF icon, and a link after the PDF icon.

Continued: http://blog.trendmicro.com/trendlabs-security-intelligence/anatomy-of-a-control-panel-malware-attack-part-1/

"A fake login page looks legitimate since it is served up by Google over SSL, Symantec said"

Symantec has spotted a phishing campaign leveraging Google Drive that would be hard for users to discern as a scam.

Potential victims receive an email with a subject line saying "Documents" with encouragement to click on a link to a purported important document, wrote Nick Johnston of Symantec in a blog post.

Clicking on the link takes a user not to Google Docs but to a login page that looks the same as the one used for Google's many online services.

That fake login page is "actually hosted on Google's servers and is served over SSL [Secure Sockets Layer], making the page even more convincing," Johnston wrote.

Continued :http://www.networkworld.com/news/2014/031414-phishing-campaign-targets-google-docs-279718.html

Related: Beware of well-executed Google Docs phishing scam

We already knew that the NSA has weaponized the internet, enabling it to "shoot" exploits at anyone it desires. A single web fetch, imitated by an identified target, is sufficient for the NSA to exploit its victim.

But the Edward Snowden slides and story published yesterday at The Intercept convey a wealth of new detailed information about the NSA's technology and its limitations.

First, it's clear that the NSA has settled on a system called QUANTUM as its preferred, if not near-universal, internet exploitation mechanism. QUANTUM is vastly more effective than just sending spam. But since its launch at NSA, the program has clearly suffered from both mission creep and target creep.

If NSA only used QUANTUM to attack wannabee terrorists attempting to read Inspire, hardly anyone would object. But instead the agency expanded it greatly, not only in target scope (including its confirmed use against Belgacom) but also in functionality.

Continued: http://www.wired.com/opinion/2014/03/quantum/

Related: NSA's Deployed Malware via Automated Tools to Enhance Spy Capabilities

"Home addresses and bank details among information stolen by hackers from Morrisons headquarters"

Thousands of staff at the supermarket chain Morrisons have had their personal details stolen and published online by hackers, the company has revealed.

The bank details and home addresses of up to 100,000 workers were among the details taken in the security breach, which is believed to have been the result of an internal leak.

The data, which covered employees from executive level to those on the shop floor, was apparently copied onto a portable storage device and taken out of Morrisons' Bradford headquarters, before being sent anonymously to Yorkshire local paper the Telegraph & Argus, by "a concerned Morrisons shopper".

Continued : http://www.techweekeurope.co.uk/news/morrisons-hit-by-security-hack-141618

Related:
Employees' bank details stolen from UK supermarket Morrisons
Morrisons supermarket suffers major pay-roll data breach after insider attack
UK Supermarket Chain Morrisons Suffers Data Breach

The disappearance of flight MH370 of the Malaysian Airlines has made a lot of headlines lately. As expected, scammers are also trying to profit from the mystery story.

The airplane in question disappeared on Saturday somewhere above the Gulf of Thailand, between Malaysia and Vietnam. The flight was heading to Beijing and had 239 people on board. 12 nations are involved in the search, but so far the plane is nowhere to be found.

Since many people are wondering where the plane might have ended up and if the passengers are still alive, scammers came up with the "answer." The plain is in the famous Bermuda Triangle and all passengers are alive.

"Video of Malaysia MH370 Plane found in Bermuda Triangle! Passengers alive! Breaking news video footage of this miracle just released on CNN!" the scam posts spotted by Hoax Slayer read.

Continued : http://news.softpedia.com/news/Facebook-Scam-Missing-Malaysian-Plane-Found-in-Bermuda-Triangle-431945.shtml

Related: "Malaysian Airlines flight MH370 found" video is a scam

"Malwarebytes Unpacked" Blog:

Well, not literally, although that would make a frightening read.

Nonetheless, the folks at Softpedia reported on a spam campaign instilling fears of cancer to users via email.

The email features the UK's National Institute for Health and Care Excellence (NICE) as the proposed sender.

Once a victim opens the email, they 're informed of their recent test results, which may indicate signs of cancer. [Screenshot]

The attachment, which claims to be the victim's test result, has a double file extension; the two files currently known to be distributed appear to be variants of the Fareit Trojan, capable of stealing passwords and DoS attacks.

Continued : http://blog.malwarebytes.org/cyber-crime/2014/03/cyber-criminals-use-cancer-to-deliver-malware/

People who plan to run Windows XP after Microsoft pulls the patch plug should dump Internet Explorer (IE) and replace it with a different browser, the U.S. Computer Emergency Readiness Team (US-CERT) said Monday.

US-CERT is part of the U.S. Department of Homeland Security, and regularly issues security warnings and threat alerts.

"Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a Web browser other than Internet Explorer," US-CERT said in a Monday bulletin. "The Windows XP versions of some alternative browsers will continue to receive support temporarily. Users should consult the support pages of their chosen alternative browser for more details."

US-CERT's advice was not new: Security companies and experts have said the same before.

Because Microsoft ties support for Internet Explorer (IE) to the underlying operating system's end date, people running Windows XP will also not receive patches for IE7 or IE8, although others, including customers running the same browsers on Windows Vista and Windows 7, will continue to receive fixes.

Continued : http://www.computerworld.com/s/article/9246877/US_CERT_urges_XP_users_to_dump_IE