Spyware, Viruses, & Security forum


NEWS - May 11, 2015

Millions of WordPress Websites at Risk from in-the-wild Exploit

Graham Cluley @ Tripwire's "State of Security" blog:

What's happened?
A widespread vulnerability has been found in WordPress, that impacts millions of websites running the popular blogging software and content management system.

What's the vulnerability?
It's a cross-site scripting (XSS) vulnerability inside the popular JetPack plugin. and the default Twenty Fifteen theme installed on all WordPress sites.

The problem lies in the genericons package, specifically a file called example.html. Any plugin which makes use of the package is potentially vulnerable.

If a website administrator was tricked into clicking on a malicious link, the vulnerability can be exploited to hijack the website - making changes to it code or altering settings.

Who found the vulnerability?
David Dede, a researcher with security firm Sucuri, uncovered the problem and blogged about it yesterday:

Continued : http://www.tripwire.com/state-of-security/security-data-protection/wordpress-xss/

Millions of WordPress sites risk hijacking due to flaw in default theme
Hackers target critical XSS vulnerability in millions of Wordpress sites
Actively exploited WordPress bug puts millions of sites at risk
Discussion is locked
You are posting a reply to: NEWS - May 11, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 11, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Alleged Developers of Photobucket Hacking Tool Arrested

In reply to: NEWS - May 11, 2015

Law enforcement authorities in the United States on Friday indicted and arrested two individuals suspected of developing, marketing and selling a piece of software designed to enable unauthorized access to protected content stored on the image and video hosting website Photobucket.

According to the indictment (pdf), Brandon Bourret, 39, of Colorado Springs, Colorado and Athanasios Andrianakis, 26, of Sunnyvale, California have been accused of conspiring to commit computer fraud and abuse, access device fraud, identification document fraud, and wire fraud.

Photobucket allows users to protect albums containing private content by marking them "private" or "password protected." Bourret and Andrianakis are said to have developed a tool, dubbed "Photofucket," that allowed them to access images and videos stored in private or password-protected albums.

Continued : http://www.securityweek.com/alleged-developers-photobucket-hacking-tool-arrested

Related : The hackers who broke into Photobucket's system have been arrested by the FBI

Collapse -
GPU-based rootkit and keylogger offer superior stealth and..

In reply to: NEWS - May 11, 2015

.. computing power

"Proof-of-concept malware may pave the way for future in-the-wild attacks."

Developers have published two pieces of malware that take the highly unusual step of completely running on an infected computer's graphics card, rather than its CPU, to enhance their stealthiness and give them increased computational abilities.

Both the Jellyfish rootkit and the Demon keylogger are described as proofs-of-concept by their pseudo-anonymous developers, whom Ars was unable to contact. Tapping an infected computer's GPU allows malware to run without the usual software hooks or modifications malware makes in the operating system kernel. Those modifications can be dead giveaways that a system is infected.

Here's how the developers describe their rootkit:

Continued : http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/

Related : GPU-based malware is real, say developers of PoC rootkit and keylogger
Collapse -
Breaking Bad-themed ransomware targeting users

In reply to: NEWS - May 11, 2015

A new type of ransomware is targeting Australian users, and its creators have decided to have some fun and express their love for the popular US TV show Breaking Bad while trying to "earn" some money. [Screenshot]

Aside from the "Los Pollos Hermanos"-branded ransom message and the email address used in the extortion demand sporting a popular quote by the show's main character, the ransomware is not very innovative.

It encrypts the usual assortment of file types - images, documents, audio and video files, archive and database files - with a random Advanced Encryption Standard (AES) key, which is then encrypted with an RSA public key.

Continued : http://www.net-security.org/malware_news.php?id=3035

@ Symantec's "Security Response Blog" : Breaking Bad-themed 'Los Pollos Hermanos' crypto ransomware found in the wild

Related :
Breaking Bad ransomware
Breaking Bad Ransomware Targeting Australian Computers

Collapse -
Get ready for Android M, for "more privacy"

In reply to: NEWS - May 11, 2015

Google's next Android update may put privacy back into its owners' hands -- literally.

According to sources speaking to Bloomberg on Thursday, the next iteration of Android will give users more detailed choices over what data apps can access. That includes access to photos, contacts, and location data, according to the report.

ZDNet's Kevin Tofel noted the change would give a user more granular controls over their data and how its used, adding that the option has been present in the past -- albeit hidden for developers' use only.

The anticipated move would follow in the footsteps of Google's closest rival, Apple, which added similar security features more than two years ago.

Continued : http://www.zdnet.com/article/get-ready-for-android-m-for-more-privacy/

Related: Google's Next Android Version Could Offer More Privacy to Users

Collapse -
Windows 10 spells the end of Patch Tuesday

In reply to: NEWS - May 11, 2015

Microsoft is ready to abandon the longstanding patching schedule that saw patches and security updates being delivered on the second Tuesday of every month. With the advent of Windows 10, security updates and other software innovations will be pushed to PCs, tablets and phones as soon as they are ready.

But this change will only apply for home users - enterprise users will be able to take advantage of Windows Update for Business, a free service for all Windows Pro and Windows Enterprise devices.

Terry Myerson, the executive VP of Microsoft's Operating Systems group, noted that while they have implemented security in all the layers of the Windows 10 stack, keeping devices up-to-date with the latest security updates is still the most crucial thing enterprises can do to protect them.

Continued : http://www.net-security.org/secworld.php?id=18348

Windows 10 will kill off 'Patch Tuesday' as Microsoft pushes constant stream of updates
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday
Patch Tuesday Facelift End of an Era

Collapse -
Who's Scanning Your Network? (A: Everyone)

In reply to: NEWS - May 11, 2015

Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning. I couldn't believe that people actually still cared about scanning, and I told him as much: These days there are countless entities — some benign and research-oriented, and some less benign — that are continuously mapping and cataloging virtually every devices that's put online.

".. When I was first getting my feet wet on the security beat roughly 15 years ago, the practice of scanning networks you didn't own looking for the virtual equivalent of open doors and windows was still fairly frowned upon — if not grounds to get one into legal trouble. These days, complaining about being scanned is about as useful as griping that the top of your home is viewable via Google Earth. Trying to put devices on the Internet and then hoping that someone or something won't find them is one of the most futile exercises in security-by-obscurity."

Continued : http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone

Collapse -
Superfish ad injection plagues Google searches, study finds

In reply to: NEWS - May 11, 2015

"Google finds 50,870 Chrome extensions and 34,407 programs injecting ads into its websites"

Over five percent of browser visits to Google-owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.

The findings are the result of a study (pdf) by Google and researchers from the University of California at Berkeley and Santa Barbara, which analysed over 102 million page views to Google sites between June and September last year.

Google added code to its websites that detected and reported back when ads were injected into pages by programs or browser extensions. This revealed that locally-installed ad injectors interfered with 5,339,913 page views (5.2 percent of the total), impacting tens of millions of users around the world - or 5.5 percent of unique daily IP addresses that accessed Google's sites.

Continued : http://www.techworld.com/news/security/superfish-ad-injection-plagues-google-searches-study-finds-3610962/

One in 20 web users infected with ad injection software
Google Report Unmasks Ad Injection Economy

Collapse -
Lavaboom Secure Email Service Opens to the Public

In reply to: NEWS - May 11, 2015

After spending 20 months in closed development, Lavaboom, the email service that promises end-to-end encryption, started to send out sign-up invitations to 25,000 users on the waiting list.

Lavaboom aims to deliver completely private email communication that makes secret not only message content but also the metadata accompanying it, such as the address of the sender and the recipient and the subject line.

Lavaboom is powered by new technology

To achieve this, the service relies on OpenPGP.js, the open source PGP (Pretty Good Privacy) library for JavaScript, and DIME (Dark Internet Mail Environment) technology that uses new message exchange protocols DMTP (the Dark Mail Transfer Protocol) and DMAP (Dark Mail Access Protocol) for encryption.

DIME is developed by the Darkmail Technical Alliance, whose team is composed of Phil Zimmerman (the designer of PGP), Jon Callas from Silent Circle and Mike Janke, both from Silent Circle, and Ladar Levison, the founder of the now defunct Lavabit secure email service that refused to provide the SSL encryption keys to the NSA.

Lavaboom follows in the footsteps of Lavabit as far as the security of email exchange is concerned, but has a much stronger risk management approach. Its data centers are on German territory, where authorities in the US have no jurisdiction.

Continued : http://news.softpedia.com/news/Lavaboom-Secure-Email-Service-Opens-to-the-Public-480603.shtml

[Lavabit emphasis by me]

Collapse -
PayIvy Sells Your Online Accounts Via PayPal

In reply to: NEWS - May 11, 2015

Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts. [Screenshot]

Marketed and sold by a Hackforums user named "Sh1eld" as a supposed method of selling ebooks and collecting payments for affiliate marketers, PayIvy has instead become a major conduit for hawking stolen accounts and credentials for a range of top Web services.

Continued : http://krebsonsecurity.com/2015/05/payivy-sells-your-online-accounts-via-paypal/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.