Spyware, Viruses, & Security forum


NEWS - March 20, 2014

by Carol~ Moderator / March 20, 2014 1:50 AM PDT
PHP bug allowing site hijacking still menaces Internet 22 months on

A vulnerability that allows attackers to take control of websites running older versions of the PHP scripting language continues to threaten the Internet almost two years after security researchers first warned that attackers could use it to remotely execute malicious code on vulnerable servers.

As Ars reported 22 months ago, the code-execution exploits worked against PHP sites only when they ran in common gateway interface mode, a condition that applied by default to those running the Apache Web server. According to a blog post published Tuesday, CVE-2012-1823, as the vulnerability is formally indexed, remains under attack today by automated scripts that scour the Internet in search of sites that are susceptible to the attack. The sighting of in-the-wild exploits even after the availability of security patches underscores the reluctance of many sites to upgrade.

Continued : http://arstechnica.com/security/2014/03/php-bug-allowing-site-hijacking-still-menaces-internet-22-months-on/

New Exploits Arrive for Old PHP Vulnerability
Hackers Actively Exploiting Old PHP Vulnerability in Server Attacks: Imperva
Discussion is locked
You are posting a reply to: NEWS - March 20, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 20, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
25,000 Linux & Unix Servers Compromised in Operation Windigo
by Carol~ Moderator / March 20, 2014 1:57 AM PDT
In reply to: NEWS - March 20, 2014

Symantec Security Response Blog:

Security researchers have released a paper (pdf) documenting a large and complex operation, code named "Operation Windigo". Since the campaign began in 2011, more than 25,000 Linux and Unix servers were compromised to steal Secure Shell (SSH) credentials, to redirect Web visitors to malicious content, and to send spam. Well-known organizations such as cPanel and Linux Foundation were confirmed victims. Targeted operating systems include OS X, OpenBSD, FreeBSD, Microsoft Windows, and various Linux distributions. The paper claims Windigo is responsible for sending an average of 35 million spam messages on a daily basis. This spam activity is in addition to more than 700 Web servers currently redirecting approximately 500,000 visitors per day to malicious content.

The paper lists three main malicious components (ESET detection names):

Continued : http://www.symantec.com/connect/blogs/25000-linux-and-unix-servers-compromised-operation-windigo

10,000 Linux servers hit by malware serving tsunami of spam and exploits
25,000 UNIX servers hijacked by backdoor Trojan
Windigo Linux Analysis - Ebury and Cdorked

Collapse -
Tor warns of malicious Tor browser offered on the App Store
by Carol~ Moderator / March 20, 2014 1:57 AM PDT
In reply to: NEWS - March 20, 2014

A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple's App Store. [Screenshot]

The open ticket she linked to on the project's site show that for whatever reason, Apple is not moving fast enough to remove to address the concerns of Tor officials.

They first complained about the fake and malicious app to Apple on 26 December 2013.

Apple has responded on January 3, 2014 by saying that they are giving a chance to the author of the app to defend his offering. But after that, the company has remained silent, and has not responded to additional emails sent by Tor nor removed the app.

Continued: http://www.net-security.org/malware_news.php?id=2739

Tor Browser in Apple's App Store Still Packed with Spyware and Adware
Fake Tor browser for iOS laced with adware, spyware, members warn
Tor Browser in Apple's App Store Contains Adware and Spyware

Collapse -
Linux worm diversifies to mine cryptocurrencies
by Carol~ Moderator / March 20, 2014 1:57 AM PDT
In reply to: NEWS - March 20, 2014

A Linux worm that targets routers and set-top boxes is now looking for full-fledged computers to use its new feature, a cryptocurrency mining function, according to Symantec.

Symantec spotted the worm, which it calls Darlloz, in November. It was preloaded with usernames and passwords for routers and set-top boxes that run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL.

The latest variant of Darlloz, found by Symantec in mid-January, looks for computers running Intel's architecture, wrote Kaoru Hayashi, a senior development manager and threat analyst with Symantec in Japan.

Continued : http://www.cso.com.au/article/540956/linux_worm_diversifies_mine_cryptocurrencies/

Over 31,000 IoT devices and computers infected by cryptocoin-mining worm
Linux Worm Darlloz Infects over 31,000 Devices in Four Months

Collapse -
Mozilla Patches Pwn2Own Zero Days in Firefox 28
by Carol~ Moderator / March 20, 2014 2:42 AM PDT
In reply to: NEWS - March 20, 2014

The Firefox web browser took a beating during last week's Pwn2Own contest with researchers bringing four zero-day vulnerabilities and exploits to the table, walking away with a collective $200,000 in prize money in the process.

Yesterday, Mozilla capped all four bugs among 18 security advisories addressed in Firefox 28.

Firefox was by no means the only browser targeted during the annual contest; all four leading vendors failed to hold up against some of the best white hat hackers in the world. Two days ago, Google led the charge with the first set of patches addressing vulnerabilities disclosed during Pwn2Own. Google also paid out more than $150,000 to the winners of its Pwnium contest which went after bugs in Chromium and the Chrome OS.

Continued: http://threatpost.com/mozilla-patches-pwn2own-zero-days-in-firefox-28/104889

Related: Mozilla patches 20 Firefox flaws, plugs Pwn2Own holes

Collapse -
National Geographic Fans Targeted with Mobile Scareware
by Carol~ Moderator / March 20, 2014 2:42 AM PDT
In reply to: NEWS - March 20, 2014

Bitdefender's "HOTforSecurity" Blog:

Mobile users of the National Geographic website are targeted with scareware saying they have been infected with malware, according to the Bitdefender Labs. They are then abusively redirected to a Google Play app that would clean their Android device.

The ad poses as a message from the news.nationalgeographic.com page. "Your Android has been infected with a virus," the deceptive alert reads. "Tap OK to remove now."

Such messages end up on the National Geographic official web page through a chain of ad networks, including the Rubicon Project, Google's DoubleClick and AppNexus. [Screenshot]

"Dubious advertising techniques try to redirect users to various apps and downloads," Bitdefender Chief Security Strategist Catalin Cosoi said. "This time, scammers managed to mess with the website of a famous international brand to gain extra-exposure and add legitimacy to their message. From kids to grown-ups - who wouldn't believe National Geographic?"

Continued : http://www.hotforsecurity.com/blog/national-geographic-fans-targeted-with-mobile-scareware-8209.html

Collapse -
Automatic Face-Recognition Software Getting Better
by Carol~ Moderator / March 20, 2014 2:43 AM PDT
In reply to: NEWS - March 20, 2014

Bruce Schneier @ his "Schneier on Security" Blog:

Facebook has developed a face-recognition system that works almost as well as the human brain:

Asked whether two unfamiliar photos of faces show the same person, a human being will get it right 97.53 percent of the time. New software developed by researchers at Facebook can score 97.25 percent on the same challenge, regardless of variations in lighting or whether the person in the picture is directly facing the camera.

Human brains are optimized for facial recognition, which makes this even more impressive.

This kind of technology will change video surveillance. Right now, it's general, and identifying people is largely a forensic activity. This will make cameras part of an automated process for identifying people.


Collapse -
Are Credit Monitoring Services Worth It?
by Carol~ Moderator / March 20, 2014 2:43 AM PDT
In reply to: NEWS - March 20, 2014

In the wake of one data breach after another, millions of Americans each year are offered credit monitoring services that promise to shield them from identity thieves. Although these services can help true victims step out from beneath the shadow of ID theft, the sad truth is that most services offer little in the way of real preventative protection against the fastest-growing crime in America.

Having purchased credit monitoring/protection services for the past 24 months — and having been the target of multiple identity theft attempts — I feel somewhat qualified to share my experience with readers. The biggest takeaway for me has been that although these services may alert you when someone opens or attempts to open a new line of credit in your name, most will do little — if anything — to block that activity. My take: If you're being offered free monitoring, it probably can't hurt to sign up, but you shouldn't expect the service to stop identity thieves from ruining your credit.

Avivah Litan, a fraud analyst at Gartner Inc., said offering credit monitoring has become the de facto public response for companies that experience a data breach, whether or not that breach resulted in the loss of personal information that could lead to actual identity theft (as opposed to mere credit card fraud).

Continued : http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/

Collapse -
Google makes Gmail HTTPS-only in bid to thwart NSA snoopers
by Carol~ Moderator / March 20, 2014 4:38 AM PDT
In reply to: NEWS - March 20, 2014

Gmail has always supported HTTPS, and even made the communications protocol the default option in 2010. Today Google announces it will always use an encrypted HTTPS connection when you check or send email.

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers -- no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet", Nicolas Lidzborski, Gmail Security Engineering Lead says.

"In addition, every single email message you send or receive -- 100 percent of them -- is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers -- something we made a top priority after last summer's revelations", he adds.

Continued : http://betanews.com/2014/03/20/google-makes-gmail-https-only/

Related: Google promises always-on encrypted HTTPS connection for Gmail

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?