NEWS - March 28, 2014

by Carol~ Mar 28, 2014 4:37AM PDT

Philips Smart TVs wide open to Gmail cookie theft, other serious hacks

Internet-connected TVs manufactured by Philips running the latest firmware update are wide open to browser cookie theft and other serious attacks by hackers within radio range, a security researcher has warned.

The hacks work against Philips Smart televisions that have a feature known as Miracast enabled, Luigi Auriemma, a researcher with Malta-based ReVuln (Twitter handle @revuln), told Ars. Miracast allows TVs to act as Wi-Fi access points that nearby computers and smartphones can connect to so their screen output can be displayed on the larger set. The hacking vulnerability is the result of a recent firmware update that allows anyone within range to connect to the TV, as long as they know the hard-coded authentication password "Miracast."

Continued :http://arstechnica.com/security/2014/03/philips-smart-tvs-wide-open-to-gmail-cookie-theft-other-serious-hacks/

Related: Philips Smart TVs riddled with security and privacy flaws, researcher reveals

Discussion is locked

- Collapse -

Cisco fixes denial-of-service flaws in IOS software for ..

by Carol~ Mar 28, 2014 5:07AM PDT

.. networking devices

Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear in order to fix seven vulnerabilities that could be exploited by attackers to impact the performance of affected devices or force them to reboot.

The newly released IOS versions contain patches for two vulnerabilities identified in the software's Network Address Translation (NAT) feature that's commonly used in routing scenarios. One vulnerability could be exploited by sending malformed DNS packets to be processed and translated by an affected device and the other by sending certain sequences of TCP packets.

"To determine whether NAT has been enabled in the Cisco IOS Software configuration, log in to the device and issue the 'show ip nat statistics' command," Cisco said in a security advisory published Wednesday. "If NAT is active, the sections 'Outside interfaces' and 'Inside interfaces' will each include at least one interface."

Continued : http://www.pcworld.com/article/2116880/cisco-fixes-denialofservice-flaws-in-ios-software-for-networking-devices.html

Related: Cisco Patches Denial-of-Service Vulnerabilities in IOS

- Collapse -

Apple Phishing Scam Steals Credentials, Credit Cards

by Carol~ Mar 28, 2014 5:08AM PDT

A new email phishing scam is making use of a realistic-looking Apple login page in order to pilfer Apple ID usernames and passwords before moving on to steal user credit card information.

According to SANS Internet Storm Center forums member, Craig Cox, this phishing scam is particularly sophisticated because of its use of JavaScript code that purports to validate whether Apple IDs entered into the malicious field are legitimate. In other words, if a user falls for the trick, but enters the incorrect Apple ID, the site will come back and ask that the user "Double check that [he or she] typed a valid Apple ID." [Screenshot]

The malicious domain that the attackers are using here is appleidconfirm[dot]net.

It's not clear whether the attackers have found a way to distinguish legitimate Apple ID email addresses from a non-existent one. However, once the victim has entered what is considered valid credentials, that person is redirected to another part of the malicious domain (ending in /?2).

Continued : http://threatpost.com/apple-phishing-scam-steals-credentials-credit-cards/105108

- Collapse -

Journalists increasingly under fire from hackers, Google ..

by Carol~ Mar 28, 2014 7:33AM PDT

... researchers show

According to a new paper authored by two Google security engineers, 21 out of the world's top 25 news organizations have been successfully hacked by state-sponsored actors.

Reuters reported on the duo's findings, which were presented on Friday at the Black Hat Asia hackers conference in Singapore.

Among targets of hacking attacks, journalists were "massively over-represented," Shane Huntley, one of the paper's authors, told the news wire. Google has been monitoring such attacks, which are often sponsored by foreign governments that seek sensitive information held by journalistic enterprises, in many cases related to secretive corporate and governmental operations.

Continued : http://arstechnica.com/security/2014/03/journalists-increasingly-under-fire-from-hackers-google-researchers-show/

Related: Google Experts: 21 of Top 25 News Organizations Targeted by State-Sponsored Hackers [Reuters]

- Collapse -

WordPress sites hijacked via "free" premium plugins

by Carol~ Mar 28, 2014 7:33AM PDT

If you run a WordPress site, and are trying to make some money through it, think twice before installing "free" versions of premium plugins.

Researchers from Sucuri have recently analyzed a couple of third-party websites offering such versions for download, and have discovered more than one plugin equipped with malicious code aimed at hijacking any WP site on which they are installed.

The lure is actually quite clever - it is well known that some people are simply never going to pay for software they think they can get for free. But, unfortunately, they might end up paying another kind of price later on.

What motivated the researchers to do a more in-depth investigatio in the matter was finding a "free" SEOPressor plugin installed on a severely infected site they were tasked with cleaning.

Continued : http://www.net-security.org/malware_news.php?id=2749

Related : Cybercriminals Hijack WordPress Websites with Free Premium Plugins

NEWS - March 28, 2014

CNET Forums

Other Forums

Forum Info