Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - November 20, 2014

Nov 20, 2014 12:30AM PST
Ransomware: City of Detroit didn't pay, TN sheriff's office did pay to decrypt

The mayor of Detroit admitted the city's database was held ransom, but Detroit didn't cave to extortion. When hit with CryptoWall, a sheriff's office in Tennessee DID pay to get back 'autopsy reports, witness statements and crime scene photographs.'

At the North American International Cyber Summit, Detroit Mayor Mike Duggan admitted that Detroit's entire city database was encrypted and held for a ransom of 2,000 bitcoins worth about $800,000. No, Detroit didn't pay back in April, as the database wasn't needed by the city, but Duggan described the wake up to ransomware as a "good warning sign for us."

When he began his four-year term as mayor on Jan. 1, he said, "It was pretty disturbing what I found. I found the Microsoft Office system we had was about 10 years old and couldn't sync the calendar to my phone." The city is now in the "early stages of ramping up," improving security and updating technologies.

Continued : http://www.networkworld.com/article/2850052/microsoft-subnet/ransomware-city-of-detroit-didnt-pay-tn-sheriffs-office-did-pay-to-decrypt.html

Discussion is locked

- Collapse -
Malware's new target: your password manager's password
Nov 20, 2014 12:34AM PST

Cyber criminals have started targeting the password managers that protect an individual's most sensitive credentials by using a keylogger to steal the master password in certain cases, according to research from data-protection company IBM Trusteer.

The research found that a configuration file, which attackers use to tailor the Citadel trojan for specific campaigns, had been modified to start up a keylogger when the user opened either Password Safe or KeePass, two open-source password managers. While malware has previously targeted the credentials stored in the password managers included in popular Web browsers, third-party password managers have typically not been targeted.

While the current impact of the attack is low, the implications of the attacker's focus is that password managers will soon come under more widespread assault, Dana Tamir, director of enterprise security for IBM Trusteer, told Ars Technica.

Continued : http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-victims-master-passwords/

Related :
Citadel Variant Targets Password Managers
New Citadel variant is after your master password

- Collapse -
Mozilla Ousts Google from Firefox in US, Picks Yahoo Search
Nov 20, 2014 12:45AM PST

Six months after usage of Google Chrome surpassed that of its own web browser, Mozilla has replaced Google with Yahoo as the default search experience in Firefox in the United States. The move was a long time coming—the two long-time partners have been at odds since Google launched Chrome back six years ago—but was waiting on the expiration of a 10-year search agreement between the two firms.

"Search is a core part of the online experience for everyone [and] Firefox users alone search the web more than 100 billion times per year," Mozilla's Chris Beard wrote in a post to The Mozilla Blog. "Firefox popularized the integration of search in the browser. We instituted a default search option ... and we have always provided pre-installed alternatives, and easy ways for our users to change, add or remove search engines."

Continued : http://windowsitpro.com/paul-thurrotts-wininfo/mozilla-ousts-google-firefox-us-picks-yahoo-search

- Collapse -
Nasty Security Bug Fixed in Android Lollipop 5.0
Nov 20, 2014 12:46AM PST

There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances. The bug was fixed in Lollipop, the newest version of the mobile OS, released earlier this week.

The vulnerability lies in java.io.ObjectInputStream, which fails to check whether an object that is being deserialized is actually a serialized object. Security researcher Jann Horn discovered the vulnerability and reported it to Google earlier this year.

Continued : http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/109476

Related : Privilege Escalation Risk Fixed in Android Lollipop, Lower Versions Vulnerable

- Collapse -
Test Tool for Web App Security Scanners Released by Google
Nov 20, 2014 12:46AM PST

A new tool was open-sourced by Google on Tuesday, aiming at improving the efficiency of automated web security scanners by evaluating them with patterns of vulnerabilities already seen in the wild.

Named Firing Range, the utility is basically a synthetic testing ground mostly for cross-site scripting (XSS) flaws, which are the most frequent bugs in web apps; other types of vulnerabilities (reverse click-jacking, Flash injection, mixed content, and cross-origin resource sharing) are also included, although to a much lesser extent.

Continued : http://news.softpedia.com/news/Test-Tool-for-Web-App-Security-Scanners-Released-by-Google-465322.shtml

Related: Google open sources Firing Range, a test tool for web app security scanners

- Collapse -
FTC gets federal court to shut down $120M tech support scam
Nov 20, 2014 12:46AM PST

The Federal Trade Commission today said a federal court has temporarily shut down two telemarketing operations that it says conned tens of thousands of consumers out of more than $120 million by deceptively marketing computer software and tech support services.

The FTC claims that since at least 2012, the defendants - including companies known as PC Cleaner, Inbound Call Experts and Boost Software -- have used software designed to trick consumers into thinking there are problems with their computers, then subjected those consumers to high-pressure deceptive sales pitches for tech support products and services to fix their non-existent computer problems.

Continued: http://www.networkworld.com/article/2849636/security0/ftc-gets-federal-court-to-shut-down-120m-tech-support-scam.html

Related:
A neverending story: PC users lose another $120M to tech support scams
FTC shuts down tech support companies for selling $120M worth of fake software & services
__

Tech Support Scam-related: New Twist to the Telephone Tech Support Scam

"In a new twist to the tech support scam, cyber criminals attempt to defraud using another avenue. The scam is executed while a user is browsing the Internet. In this scenario, a website being viewed provided a link to articles related to popular topics. .."

Continued : http://www.ic3.gov/media/2014/141113.aspx

- Collapse -
Sophisticated Android-based botnet a danger to enterprise ..
Nov 20, 2014 12:47AM PST
..networks

A new, more sophisticated and more stealthy version of the NotCompatible Android Trojan continues to strengthen one of the most long-lived and advanced mobile botnets ever to exist (since mid-2012).

Posing as a "security patch" and distributed to victims via drive-by downloads from compromised websites and spam emails from compromised webmail accounts, NotCompatible.C shows many changes when compared to earlier variants.

The malware serves as a proxy, and the botnet - thought to be for-rent - is used for spam campaigns, bulk ticket purchasing, bruteforce attacks (mainly against WordPress sites), and accessing c99 shells.

Continued : http://www.net-security.org/malware_news.php?id=2919

Related : The Most Sophisticated Android Botnet to Date Is NotCompatible
- Collapse -
Privacy advocates release free 'Detekt' tool that finds ..
Nov 20, 2014 1:42AM PST
.. surveillance malware

A free tool released Thursday allows users to scan their computers for surveillance malware that has been used in attacks against journalists, human rights defenders and political activists around the world.

The open-source tool, dubbed Detekt, was developed by security researcher Claudio Guarnieri. It was released in partnership with Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International.

Detekt scans computers for infection patterns associated with several families of remote access Trojans (RATs): DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.

Continued: http://www.pcworld.com/article/2850432/activists-release-detekt-tool-that-finds-surveillance-malware.html

Related:
Amnesty backs Detekt tool to scan for state spyware on computers
Amnesty's Detekt tool wants to help you thwart government spying
Amnesty, EFF, Privacy International Put Out Free Anti-Surveillance Tool
- Collapse -
Got a webcam? You might want to pick a stronger password ..
Nov 20, 2014 1:59AM PST
.. right about now

The UK's privacy watchdog is warning about a website which is streaming live footage from unsecured web cams — from devices used in corporate CCTV systems to those in baby monitors.

The Information Commissioner's Office (ICO) said the website, which is based in Russia, accesses the information by using the default login credentials for thousands of models of cameras, which are freely available online. According to the BBC, around 500 of the feeds are from the UK and 5,000 from the US.

The ICO said that with 350,000 of these cameras sold in the UK alone last year, "this is a threat that all of us need to be aware of and be taking action to protect against." It warned webcam users to make sure they are using strong passwords and not the default password their system shipped with.

Continued : http://www.zdnet.com/got-a-webcam-you-might-want-to-pick-a-stronger-password-right-about-now-7000036011/

Related : You thought you were ALONE in the BATH, but webcam PERVS were INSIDE YOUR HOUSE
- Collapse -
Thousands Fall with Each Hour for Free Audi R8 Facebook Scam
Nov 20, 2014 3:10AM PST

Over 200,000 Facebook users have fallen prey to a like-farming scam promising two free Audi R8 cars, and thousands join the victim list with each hour, according to antivirus software provider Bitdefender. The bait spreads on fraudulent web pages and Audi communities, and also targets car lovers with malicious videos picturing Audi R8 in a race against Nissan GT-R. [Screenshot]

Bitdefender was already detecting the malware spreading within the videos as JS:Trojan.JS.Likejack.A. As the name suggests, the Trojan can grab likes without users' knowledge, making them accomplice in further cyber-crime activities.

At the time of analysis, the misleading Audi page gathered 179,551 likes and 211,736 shares. The numbers keep growing with thousands from one hour to another. Most users who enrolled in the free Audi R8 "giveaway" originate from the US, Denmark, the UK, Australia, Malaysia, Germany, and South Africa.

Continued : http://www.hotforsecurity.com/blog/thousands-fall-with-each-hour-for-free-audi-r8-facebook-scam-10859.html

Related : Two Audi R8 Given Away in Raffle Scam on Facebook

- Collapse -
Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440
Nov 20, 2014 3:12AM PST

Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit's arsenal.

This is a common tactic for exploit kit authors, who are in the business of getting the most useful exploits available at the moment into their kits. Angler is just one of the many such exploit kits available to attackers, but the creators of this one seem to be especially quick about adding exploits for new vulnerabilities to the kit. In October, a week after Adobe released its monthly patch update, researchers saw Angler exploiting an integer overflow in Flash that had just been patched.

"This is really, really fast," Kafeine, a French security researcher who identified the attack at the time, said. "The best I remember was maybe three weeks in February 2014."

Continued : http://threatpost.com/angler-exploit-kit-adds-new-flash-exploit-for-cve-2014-8440/109498