Spyware, Viruses, & Security forum


NEWS - March 25, 2015

by Carol~ Moderator / March 25, 2015 3:55 AM PDT
Half of Android Users Exposed to Attack via Installation Vulnerability

Nearly half of all Android systems, 49.5 percent to be exact, contain a vulnerability through which an attacker could hijack the application installation process in order to install malware on impacted mobile devices.

The security firm Palo Alto Networks says it discovered a Time-of-Check to Time-of-Use vulnerability in Google's Android operating system last year. Today's research is their disclosure: an attack — dubbed Android installer hijacking - which exploits that bug, giving an attacker the ability to wrest control of application package files (APKs) while they install.

"We have successfully tested both exploits against Android 2.3, 4.0.3-4.0.4, 4.1.X, and 4.2.x," a Palo Alto researcher wrote. "According to Android Dashboard, this vulnerability affected approximately 89.4 percent of the Android population as of January 2014 (when we first discovered it), and approximately 49.5 percent of the Android population as of March 2015." [...]

Continued: https://threatpost.com/half-of-android-users-exposed-to-attack-via-installation-vulnerability/111791

Half of all Android devices vulnerable to installer hijacking attacks
Android malware flaw a risk to almost 50 per cent of devices
Android Installer Hijacking Vulnerability Puts Users of Third-party App Stores at Risk
Discussion is locked
You are posting a reply to: NEWS - March 25, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 25, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Twitch resets user passwords following breach
by Carol~ Moderator / March 25, 2015 4:05 AM PDT
In reply to: NEWS - March 25, 2015

"Advisory says that logging software may have stolen some users' passcodes."

Twitch, the Amazon-owned game video streaming service, has reset passwords for all its users after warning of a security breach that may have allowed hackers to access user names, passwords, and other personal information.

According to a blog post Twitch published Monday evening, current passwords have been expired and users will be required to create a new one the next time they log in. Accounts have also been disconnected from Twitter and YouTube. As is standard practice, anyone who used the same password for multiple services should assume it's compromised and create a new and unique passcode for each property. Credit card data was not affected, the company said.

Continued : http://arstechnica.com/security/2015/03/twitch-resets-user-passwords-following-breach/

Twitch Hacked
Twitch forces users to reset password in wake of breach
Post-hack, Twitch users told to reset passwords.. but they don't have to make them too long
Twitch resets passwords, says user details may have been stolen

Collapse -
Google Hit Again by Unauthorized SSL/TLS Certificates
by Carol~ Moderator / March 25, 2015 4:06 AM PDT
In reply to: NEWS - March 25, 2015

The purpose of an SSL/TLS digital certificate is to provide a degree of authenticity and integrity to an encrypted connection. The SSL/TLS certificate helps users positively identify sites, but what happens when a certificate is wrongly issued? Just ask Google, which has more experience than most in dealing with this issue.

On March 23 Google reported that unauthorized certificates for Google domains were issued by MCS Holdings, which is an intermediate certificate authority under CNNIC. Because CNNIC is a trusted CA that is included in every major Web browser, the certificate might have been trusted by default, even though it wasn't legitimate.

Continued : http://www.esecurityplanet.com/browser-security/google-hit-again-by-unauthorized-ssltls-certificates.html

Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated]
Microsoft blacklists latest rogue SSL certificates, Mozilla mulls sanctions for issuer

Collapse -
Banking Trojan Vawtrak: Harvesting Passwords Worldwide
by Carol~ Moderator / March 25, 2015 4:06 AM PDT
In reply to: NEWS - March 25, 2015

The AVG Now blog:

Over the last few months, AVG has tracked the rapid spread of a banking Trojan known as Vawtrak (aka Neverquest or Snifula).

Once it has infected a system, Vawtrak gains access to bank accounts visited by the victim. Furthermore, Vawtrak uses the infamous Pony module for stealing a wide range of login credentials.

While Vawtrak Trojans are not new, this particular sample is of great interest.

How and where is it spreading?

Continued : http://now.avg.com/banking-trojan-vawtrak-harvesting-passwords-worldwide/

Multifunctional Vawtrak malware now updated via favicons
Favicons used to update world's 'most dangerous' malware

Collapse -
Researcher finds backdoor opened by Dell's helper app
by Carol~ Moderator / March 25, 2015 4:06 AM PDT
In reply to: NEWS - March 25, 2015

A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by attackers to make the computer download and execute potentially malicious files.

The software, which can be downloaded from the Dell Support page, can thus be effectively used to open a backdoor in the target's computer.

"While investigating this rather innocuous looking program I discovered that it accepts commands by listening for HTTP requests on localhost:8884 and that the security restrictions Dell put in place are easily bypassed, meaning an attacker could trigger the program to download and install any arbitrary executable from a remote location with no user interaction at all," Tom Forbes claims.

Continued : http://www.net-security.org/secworld.php?id=18134

Collapse -
A $60 Gadget That Makes Car Hacking Far Easier
by Carol~ Moderator / March 25, 2015 4:06 AM PDT
In reply to: NEWS - March 25, 2015

The average automobile today isn't necessarily secured against hackers, so much as obscured from them: Digitally controlling a car's electronics remains an arcane, specialized skill among security researchers. But that's changing fast. And soon, it could take as little as $60 and a laptop to begin messing around with a car's digital innards.

Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact. The open source board, which he hopes to sell for between $60 and $100, connects on one end to a computer's USB port, and on the other to a car or truck's OBD2 port, a network port under its dashboard. That makes the CANtact a cheap interface between any PC and a vehicle's controller area network or CAN bus, the collection of connected computers inside of every modern automobile that control everything from its windows to its brakes.

Continued : http://www.wired.com/2015/03/60-gadget-thatll-make-car-hacking-easier-ever/

Collapse -
Tax Fraud Advice, Straight from the Scammers
by Carol~ Moderator / March 25, 2015 4:11 AM PDT
In reply to: NEWS - March 25, 2015

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. And few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post.

As several stories these past few months have noted, those involved in tax refund fraud shifted more of their activities away from the Internal Revenue Service and toward state tax filings. This shift is broadly reflected in discussions on several fraud forums from 2014, in which members lament the apparent introduction of new fraud "filters" by the IRS that reportedly made perpetrating this crime at the federal level more challenging for some scammers.

Continued : http://krebsonsecurity.com/2015/03/tax-fraud-advice-straight-from-the-scammers/

Collapse -
Microsoft enlists web security pariah Adobe to help build ..
by Carol~ Moderator / March 25, 2015 4:11 AM PDT
In reply to: NEWS - March 25, 2015
.. Internet Explorer-killer Spartan

Microsoft has revealed it's working with Adobe on some aspects of project Spartan, its replacement browser that will confine Internet Explorer to the Antique Code Show.

When one contemplates Adobe's contribution to browsers, it's hard not to think of the carnage its Flash plugin has wrought with a seemingly never-ending cavalcade of flaws.

Microsoft doesn't mention the war in its post about the collaboration, which it says has been established because Adobe has helped open-source web rendering engines and so knows its way around the browser. Adobe's "Web Platform Team" is therefore contributing to Spartan "in the areas of layout, typography, graphic design and motion".

Continued : http://www.theregister.co.uk/2015/03/25/microsoft_enlists_web_security_pariah_adobe_to_help_build_spartan/
Collapse -
Google Adds Deceptive Software to Safe Browsing API
by Carol~ Moderator / March 25, 2015 4:11 AM PDT
In reply to: NEWS - March 25, 2015

Google is continuing to refine its Safe Browsing API and now is giving users warnings about not just malicious software on sites they're attempting to visit, but also about unwanted software.

Google's Safe Browsing API is designed to help protect users from a variety of threats on pages across the Internet. The functionality is built into Chrome, as well as Firefox and other browsers, and when a users tries to visit a page that Google's crawlers or other users have reported to be hosting malware, phishing links or other types of threats it will throw up a warning dialog. Depending upon the type of threat found on the target page, the browser will give the user various types of information and options.

Continued: https://threatpost.com/google-adds-deceptive-software-to-safe-browsing-api/111801

Collapse -
Fake "Incoming Fax Report" emails lead to crypto-ransomware
by Carol~ Moderator / March 25, 2015 4:30 AM PDT
In reply to: NEWS - March 25, 2015

Once again, fake "Incoming Fax Report" emails carrying malware are being sent out to random users. Given the popularity of online fax-sending services, there are likely to be many victims.

The email takes the same, often repeated form: [Screenshot]

Most of the time, the subject of the fake fax is something related with payrolls, or an internal report, and the malicious file is hosted on an online file storage account and linked to from the email.

In this case, the email carries the malware in the attachment.

According to Dr. Web researchers, the file - a SRC file - is a Trojan downloader which, once run, extracts and launches encryption ransomware.

Continued : http://www.net-security.org/malware_news.php?id=2994

Collapse -
Bankrupt RadioShack's Attempts To Sell Customer Data ..
by Carol~ Moderator / March 25, 2015 5:08 AM PDT
In reply to: NEWS - March 25, 2015
.. Meets Resistance

By now most everyone knows that RadioShack's Chapter 11 bankruptcy was designed to be a pre-packaged asset sale. That sounded pretty benign when we were talking about the sale or auction of store leases to companies like Sprint, but it turns out data is an asset too. And customer data is the most highly prized at all.

Bloomberg reported today that RadioShack's 100 million customer database is a planned part of the asset auction. That database includes names, email addresses and phone numbers of people who have bought something at the Shack.

Continued : http://www.forbes.com/sites/paularosenblum/2015/03/24/bankrupt-radioshacks-attempts-to-sell-customer-data-meets-resistance/
Collapse -
(NT) One reason, I never supplied mine...just common sense
by Willy / March 25, 2015 5:30 AM PDT

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!