NEWS - May 10, 2016

May 10, 2016 7:58AM PDT
Infosec freeloaders not welcome as malware silo VirusTotal gets tough

Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb.

For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back.

Now Google, and other contributors, have had enough and have changed the terms and conditions of the website. Put simply, if you don’t share samples, you can find your own malware elsewhere.


Maintaining a healthy community
VirusTotal Changes T&Cs to Stop Abuses

Discussion is locked

Reply to: NEWS - May 10, 2016
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - May 10, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Viking Horde: A New Type of Android Malware on Google Play
May 10, 2016 8:00AM PDT

The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far.

Check Point notified Google about the malware on May 5, 2016.

On all devices — rooted or not — Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices. The larger the botnet, the greater its capabilities.


Viking Horde botnet malware lurks on Google Play
New Android malware poses as popular game, but enlists phones into botnet

- Collapse -
GoDaddy Addresses Blind XSS Vulnerability Affecting ..
May 10, 2016 9:13AM PDT
.. Online Support

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts.

Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer, Bryant wrote on Sunday on his blog that Name fields on a particular GoDaddy page accepted and stored a cross-site scripting payload. He left a generic payload behind, akin to leaving a mine that isn’t triggered until someone steps on it.


GoDaddy plugs account hijack XSS vulnerability
- Collapse -
Outdated Internet Explorer, Flash installs in enterprises
May 10, 2016 9:15AM PDT

A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more than 700 known vulnerabilities in process.

A study by mobile two-factor authentication firm Duo Security released today further reports that three in five (60 per cent) Flash users are running an out-of-date version, while 72 per cent have an outdated version of Java – exposing them to hundreds of vulnerabilities.

The stats are based on an analysis of a dataset of more than 2 million devices used by Duo Security’s customers (ranging from small startups to Fortune 500 enterprises) around the world. This issue of poorly patched Windows boxes is important because it leaves workers exposed to drive-by download attacks, a favourite hacker tactic readily put together using tools such as the Angler Exploit Kit and others.


- Collapse -
Attackers are probing and exploiting the ImageTragick flaws
May 10, 2016 9:30AM PDT

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.

The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.


Exploits gone wild: Hackers target critical image-processing bug

CNET Forums

Forum Info