Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - November 11, 2014

Nov 10, 2014 11:32PM PST
New malware 'Masque Attack' targets iOS, replaces apps to steal data

Just one week after researchers discovered that "WireLurker" malware was targeting iOS devices, cyber security company FireEye unearthed another threat to the two latest versions of Apple's mobile operating system. The bug, called "Masque Attack," reportedly replaces third-party apps with fake ones that go by the same name. The infected apps masquerade as real apps and steal your sensitive data.

FireEye explained that hackers exploited a flaw in iOS 7 and 8 that allows them to install fake apps on iOS devices through email or text messages, if the app names match. As long as the hacker gives the false, infected app the same name as the real one, hackers can infiltrate the device. Of course, iOS users still have to download the app from the text or email, as opposed to going directly to the App Store and searching for the same app.

However, if users install the app using the link provided by the hackers, the malicious version will take over a real app on the user's iPhone or iPad, where it can then steal the user's personal information....

Continued : http://www.digitaltrends.com/mobile/ios-bug-masque-attack-news/

Related:
Vulnerability leaves iPhones open to fake app attack
'Powerful' Masque iOS Vulnerability Disclosed
Major iOS security flaw 'Masque Attack' reportedly uncovered, found to 'pose much bigger threat' than WireLurker

Discussion is locked

- Collapse -
"DarkHotel" uses bogus crypto certificates to snare ...
Nov 10, 2014 11:40PM PST
... Wi-Fi-connected execs

"Malware operators know in advance when targeted fat cats will check in and out."

Researchers have uncovered a seven-year-old malware operation that combines advanced cryptographic attacks, zero-day exploits, and well-developed keyloggers to target elite executives staying in luxury hotels during business trips.

The attackers behind "DarkHotel," as the advanced persistent threat has been dubbed, appear to know in advance when a targeted exec will check in and check out of a hotel. Victims are infected through a variety of methods, including bogus software updates for Adobe Flash, Google Toolbar, or other trusted software that are presented when the exec uses the hotel's Wi-Fi or wired Internet access.

In many cases, the attack code is signed with a trusted digital certificate that the attackers were able to clone by factoring the underlying 512-bit private key. While factoring weak 512-bit keys has been practical for several years, the crypto attack nonetheless is an "advanced" capability, particularly a few years ago. Taken together, the characteristics are an indication the operators have some sophistication, said researchers from Kaspersky Lab, the Russia-based security firm that disclosed the campaign.

Continued : http://arstechnica.com/security/2014/11/darkhotel-uses-bogus-crypto-certificates-to-snare-wi-fi-connected-execs/

Related :
Darkhotel APT Group Targeting Top Executives in Long-Term Campaign
Darkhotel espionage campaign targets corporate executives traveling abroad
- Collapse -
Personal info of 800,000 USPS employees compromised
Nov 10, 2014 11:40PM PST
.. in breach

The US Postal Service has joined the ranks of private sector companies and governmental agencies that have been breached and had data stolen by hackers.

According a statement (pdf) released by the service on Monday, the attackers managed to find a way into some of their information systems, and have likely compromised personal information of some 800,000 current and past employees, as well as some data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014.

Continued: http://www.net-security.org/secworld.php?id=17621

Related:
All US Postal Service employees' personal data exposed by hackers
China suspected of breaching U.S. Postal Service computer networks
- Collapse -
Mozilla makeover to boost Tor torque, capacity
Nov 10, 2014 11:40PM PST

Mozilla will tweak its flagship Firefox browser and host relays to speed up and boost the capacity of Tor under the Polaris project launched today.

The browser baron joined the Tor Project and the Centre for Democracy and Technology, under the Polaris initiative, to create warmer, fuzzier relationships between the organisations to help build more privacy controls into kit.

Legal eagle Denelle Dixon-Thayer said the initiative will involve two projects and help keep participants accountable to privacy.

"Mozilla engineers are evaluating the Tor Project's changes to Firefox, to determine if changes to our own platform code base can enable Tor to work more quickly and easily," Dixon-Thayer said.

Continued : http://www.theregister.co.uk/2014/11/11/mozilla_polaris/

- Collapse -
There's no opting out of Verizon's PrecisionID
Nov 11, 2014 12:11AM PST
Verizon back in the news:

Verizon's PrecisionID allows Verizon and advertisers to profile those who use Verizon data networks, and there's no opting out. But here's how to block it.

PrecisionID is the controversial ingredient of Precision Market Insights, a stealthy, recently discovered Verizon advertising program. PrecisionID is also known as X-UIDH by IT-types or perma-cookie; the term preferred by advocacy groups like the Electronic Frontier Foundation (EFF). Below is what a PrecisonID/X-UIDH/perma-cookie looks like:

X-UIDH: PKgxNTk2NDm0ADLVquRu5NS5+rSbBANlrp+13QL7CXLGsFHpMi4LsUHw

The Verizon webpage describing Precision Market Insights said, "The PrecisionID is a deterministic identifier matched to devices on Verizon's wireless network powering data-driven marketing and addressable advertising solutions that offer audience scale and increase ROI."

Continued : http://www.techrepublic.com/article/theres-no-opting-out-of-verizons-precisionid/

Hat-tip to Bob!
- Collapse -
BrowserStack: "We did get hacked."
Nov 11, 2014 1:28AM PST

BrowserStack, the cross-browser testing tool website, has not had a very good weekend. There was a compromise and a rather odd email was sent to customers.

The email made a number of worrying claims regarding security, and - just to add that little extra dash of panic - was titled "BrowserStack is shutting down": [...]

Continued : https://blog.malwarebytes.org/hacking-2/2014/11/browserstack-we-did-get-hacked/

* * * * * * * * * * * * * *

BrowserStack hacked, but it's not shutting down

BrowserStack, the popular cross browser testing service used by over 25,000 customers around the world, including Microsoft, eBay, Adobe, Wikipedia and many others, has suffered a breach but is not shutting down.

An indication that something went wrong came in the form of the following email sent to the service's customers: [...]

"We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it & will keep you posted," they initially wrote on their Twitter account. They added that the hacker's access was restricted solely to a list of email addresses.

Continued : http://www.net-security.org/secworld.php?id=17615

- Collapse -
Old-time phishing scams are working just fine, Google finds
Nov 11, 2014 1:28AM PST

Well, sorry to say, but it's not yet time to feel smug about being able to successfully spot a phishing scam.

In fact, a new study (pdf) from Google and the University of California, San Diego, finds that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.

Granted, those sites are the true masterpieces of phishing. But Google says that, taken together, all fake sites on average convinced people to submit their information 14% of the time.

Continued : http://nakedsecurity.sophos.com/2014/11/11/old-time-phishing-scams-are-working-just-fine-google-finds/

- Collapse -
Attackers Using USB Malware to Steal Data From Air-Gapped..
Nov 11, 2014 5:13AM PST
.. Networks

Researchers from security firm ESET have analyzed a malicious tool used by a notorious cyber espionage group to steal valuable information from air-gapped networks.

Isolating a sensitive computer network from the Internet can be an efficient security measure, but threat actors have found ways to get around it. A group believed to be linked to the Russian government, know as "Sednit," "APT28" and "Sofacy," appears to have developed the tools necessary to achieve this task.

In a recent report on the attacks launched by APT28 against European governments, militaries and security organizations, FireEye revealed that one of the tools used by the group is a modular family of implants called CHOPSTICK. Researchers identified one variant of CHOPSTICK that defeats closed networks by routing messages between local directories, the registry and USB drives.

Continued : http://www.securityweek.com/attackers-using-usb-malware-steal-data-air-gapped-networks

Related: Sednit Espionage Group Attacking Air-Gapped Networks
- Collapse -
Adobe Patches 18 Vulnerabilities in Flash
Nov 11, 2014 5:13AM PST

Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today.

The Patch Tuesday updates, available for Windows, Macintosh, and Linux machines, remedy vulnerabilities in several builds of Flash Player and AIR, Adobe's run-time system.

The lion's share of the vulnerabilities - 15 of the 18 - a use-after-free, double free, memory corruption, type confusion and buffer overflow vulnerability, could lead to code execution if left unpatched. Other vulnerabilities patched include issues that could trigger session tokens to be disclosed, and cause privilege escalation.

Continued: http://threatpost.com/adobe-patches-18-vulnerabilities-in-flash/109300

See: Adobe Flash Player Security Updates (APSB14-24)