Alert

NEWS - November 04, 2015

Hackers use anti-adblocking service to deliver nasty malware attack

More than 500 websites that used a free analytics service inadvertently exposed their visitors to a nasty malware attack made possible by a hack of PageFair, the anti-adblocking company that provided the analytics.

The compromise started in the last few minutes of Halloween with a spearphishing e-mail that ultimately gave the attackers access to PageFair's content distribution network account. The attacker then reset the password and replaced the JavaScript code PageFair normally had execute on subscriber websites. For almost 90 minutes after that, people who visited 501 unnamed sites received popup windows telling them their version of Adobe Flash was out-of-date and prompting them to install malware disguised as an official update.

Continued : http://arstechnica.com/security/2015/11/hackers-use-anti-adblocking-service-to-deliver-nasty-malware-attack/

Related:
PageFair Hack Serves Up Fake Flash Update to 500 Sites
PageFair analytics hacked and used to distribute malware on Halloween

Note: Emphasis by me
Discussion is locked
Follow
Reply to: NEWS - November 04, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - November 04, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Google Project Zero Turns Over 11 Bugs in Galaxy S6 Edge

Google’s Nexus Android devices are considered the most secure by default since they’re guaranteed to receive all security patches for vulnerabilities found internally and those disclosed by third parties.

Google’s Project Zero research team, however, decided to expand its reach and test the waters with one of its biggest OEM partners in Samsung, evaluating the security of the Galaxy S6 Edge.

“OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers,” Google researcher Natalie Silvanovich wrote Monday in a blog post.

Continued: https://threatpost.com/google-project-zero-turns-over-11-bugs-in-galaxy-s6-edge/115250/

Related:
11 zero-days uncovered in Samsung Galaxy S6 Edge
Google finds severe holes in Galaxy S6 Edge, some remotely exploitable
Google says Samsung Galaxy S6 Edge reduces Android security

- Collapse -
vBulletin enforces password reset after website attack

The website of popular forum software maker vBulletin has been breached.

Following claims, nay, boasts, of an attack on Sunday evening, the software developer moved quickly to negate the effects of the hack by releasing a series of security patches on Monday, saying:

"A security issue has been reported to us that affects the versions of vBulletin listed here: 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8 and 5.1.9 We have released security patches to account for this issue. It is recommended that all users update as soon as possible."

That was in response to a hacker going by the name of "Coldzer0" who bragged about his alleged exploits on various web forums, as well as social media. He also uploaded a Youtube video and posted data on Facebook, both of which have since been deleted.

Continued : https://nakedsecurity.sophos.com/2015/11/04/vbulletin-enforces-password-reset-after-website-attack/

Related:
Password reset invoked after vBulletin.com forum software site defaced
vBulletin password hack fuels fears of serious Internet-wide 0-day attacks

- Collapse -
Hacking tool swipes encrypted credentials from password..
.. manager

"KeeFarce" targets KeePass, but virtually all password managers are vulnerable."

Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file.

KeeFarce, as the tool has been dubbed, targets KeePass, but there's little stopping developers from designing similar apps that target virtually every other password manager available today. Hackers and professional penetration testers can run it on computers that they have already taken control of. When it runs on a computer where a logged in user has the KeePass database unlocked, KeeFarce decrypts the entire database and writes it to a file that the hacker can easily access.

Continued: http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/

Related: Open source KeeFarce tool loots encrypted passwords stored in KeePass
- Collapse -
Dear lord!

My passwords are in a little blue book locked away separately from my computers.
Dafydd.

- Collapse -
Device-Rooting Adware Hidden in 20,000 Android Apps

Researchers at mobile security firm Lookout have come across a new malicious adware family distributed via trojanized versions of popular Android applications.

The new threat, dubbed by the security company “Shuanet,” has been found in numerous Android programs, including Okta’s two-factor authentication application.

Similar to other recently discovered malicious adware families, such as Kemoge (ShiftyBug) and Shedun (GhostPush), Shuanet is designed to root the infected phone without the user’s knowledge, allowing attackers to gain unrestricted access to the device and prevent the victim from removing the threat.

Continued : http://www.securityweek.com/device-rooting-adware-hidden-20000-android-apps

Related:
Adware That Roots Android Devices Found in 20,000 Apps
Shuanet Adware Rooting Android Devices Via Trojanized Apps

- Collapse -
How Carders Can Use eBay as a Virtual ATM

How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.

So-called “triangulation fraud” — scammers using stolen cards to buy merchandise won at auction by other eBay members — is not a new scam. But it’s a crime that’s getting more sophisticated and automated, at least according to a victim retailer who reached out to KrebsOnSecurity recently after he was walloped in one such fraud scheme.

Continued : http://krebsonsecurity.com/2015/11/how-carders-can-use-ebay-as-a-virtual-atm/

- Collapse -
Firefox 42 tightens privacy with Tracking Protection, ..
.. revamps Control Center

Mozilla has made Firefox 42 FINAL available for download ahead of its official release, with Firefox 42 for Android due to follow later this week.

Both builds implement a new Tracking Protection feature to tighten web privacy, while the desktop version adds a new Control Center. Android users also gain a number of new features, including a login manager and the ability to queue up links from other apps.

Firefox 42 opens with its headline Tracking Protection feature, which has been added to its Private Browsing tool and is enabled by default. It’s designed to prevent user browser data being collected across multiple sites.

Continued : http://betanews.com/2015/11/02/firefox-42-tightens-privacy-with-tracking-protection-revamps-control-center/

See Updates thread: Mozilla Firefox version 42.0 FINAL

Related: Firefox 42 ... answer to the ultimate question of life, security bugs and fully private browsing?
- Collapse -
Many US enterprises still run XcodeGhost-infected Apple apps

"A new version of XcodeGhost has also appeared that tries to defeat defenses built into iOS 9, security firm FireEye says"

Dozens of U.S. enterprises are still using Apple mobile apps seeded with malware for a clever hacking scheme revealed last month known as XcodeGhost.

The computer security firm FireEye said Tuesday it detected that 210 enterprises that are still using infected apps, showing that the XcodeGhost malware "is a persistent security risk," according to a blog post.

Last month, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, an application development tool from Apple.

Continued : http://www.computerworld.com/article/3000917/mobile-security/many-us-enterprises-still-run-xcodeghost-infected-apple-apps.html

CNET Forums