Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - November 24, 2014

Nov 24, 2014 12:54AM PST
Highly advanced backdoor trojan cased high-profile targets for years

" "Backdoor Regin" bears a resemblance to Stuxnet, was developed by a wealthy nation."

Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research.

Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Continued: http://arstechnica.com/security/2014/11/highly-advanced-backdoor-trojan-cased-high-profile-targets-for-years/

Related:
Symantec Uncovers Stealthy Nation-State Cyber Attack Platform
Symantec identifies sophisticated, stealthy Regin malware
Stuxnet-like espionage tool discovered by researchers

Researchers Uncover Government Spy Tool Used to Hack Telecoms and Belgian Cryptographer

Discussion is locked

- Collapse -
Regin Cyberespionage Platform Also Spies on GSM Networks
Nov 24, 2014 2:21AM PST

Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators (pdf) in order to launch additional attacks.

Kaspersky Lab published a report this morning that explains this aspect of the Regin attack platform, which has been detected on the Windows computers of 27 victimized organizations in 14 countries, most of those in Asia and the Middle East. In addition to political targets, Kaspersky Lab researchers identified Belgian cryptographer Jean Jacques Quisquater as one of its specific victims, along with an unnamed research institution that was also infected with other dangerous espionage malware including Mask/Careto, Turla, Itaduke and Animal Farm.

Continued: http://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-networks/109539

- Collapse -
Millions of WordPress websites in danger due to easily ..
Nov 24, 2014 2:21AM PST
.. exploitable bug

A new WordPress version has been released, and you better update to it, as it patches a critical cross-site scripting flaw that can be exploited by attackers to compromise your site.

The vulnerability has ben discovered by Jouko Pynnonen, CEO of Finnish IT company Klikki Oy, and affects version 3.0 of the popular CMS, which is used by at least 86 percent of WordPress sites around the world, meaning that millions of websites are in danger. Version 4.0 is not affected.

"An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication (login)," the company researchers explained.

Continued : http://www.net-security.org/secworld.php?id=17677

Related : Four-year-old comment security bug affects 86 percent of WordPress sites
- Collapse -
Attackers Hijack Craigslist Domain Name
Nov 24, 2014 2:21AM PST
[UPDATE] Users looking to visit online classifieds titan Craigslist on Sunday evening were redirected to a site hosted at the domain DigitalGangster(dot)Com, as a result of a DNS hijack.

Assumingly under a heavy load, the server receiving the hijacked traffic was unable to cope with the massive amount of web traffic that Craigslist.org receives and was unable to respond to most web requests.

Not long after, the attacker(s) apparently changed some settings, and redirected requests for craigslist.org to the New York Times website, after going through a third party click through gateway, which could have been an affiliate link. Soon after that, requests reverted back to the Digital Gangster site, which at the time of publishing still appeared to be choking under heavy traffic.

Continued : http://www.securityweek.com/attackers-hijack-craigslist-domain-name

Related: Hacker apparently hijacks Craigslist site and takes it offline
- Collapse -
First exploitation of Internet Explorer 'Unicorn bug' ..
Nov 24, 2014 4:32AM PST
.. in-the-wild

ESET's "We Live Security" Blog:

Microsoft released a patch for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability, known as Unicorn bug CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer users are vulnerable unless they are using patched systems. It gets worse: the vulnerability not only can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft's free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET).

".. In fact, this PoC showed that arbitrary code could be run on a machine merely by visiting a specially crafted website, if using an unpatched version of Internet Explorer. It was thus only a matter of time before we started seeing this vulnerability actively used as part of a cybercriminal campaign."

Continued : http://www.welivesecurity.com/2014/11/20/first-exploitation-of-unicorn-bug/

Related: IE "Unicorn" bug actively exploited in the wild

[Emphasis by me]
- Collapse -
PCs running Avast AV can't handle Windows fixes
Nov 24, 2014 4:32AM PST

"Fix issued, fingers pointed, forums in flames"

Security software outfit Avast are trying to figure out why the combination of recent Windows patches and updates to the latter company's software are breaking PCs.

Hordes of users have found that their PCs, especially those running Windows 8 and 8.1, grind to a halt after they apply both Microsoft's recent KB3000850 update rollup and Avast's latest automatic updates.

Some users report their PCs won't boot, or take forever to apply patches. The Avast forums record many users venting their spleens. Microsoft's not immune either: a Redmond thread titled Major issues with KB3000850 includes plenty of people wondering why the company issued an update incompatible with third-party software.

That criticism may not be entirely fair, as an Avast staffer has posted the following explanation for the mess:

Continued : http://www.theregister.co.uk/2014/11/24/you_stupid_brick_pcs_running_avast_av_cant_handle_windows_fixes/

See Kees' reference to the issue : [url-http://forums.cnet.com/7723-6132_102-630906.html]Avast and KB3000850

- Collapse -
Scammers used fake product listings to steal from Walmart
Nov 24, 2014 4:32AM PST

On November 13, US retailer Walmart announced that they will officially start matching the price for items which are also sold for a lower price by online retailers. Less than a week later, the price matching policy has been amended to exclude marketplace vendors, third-party sellers, auction sites or sites requiring memberships.

What actually happened?

Well, a few days after the announcement, the website of Sears, another big US retailer, was hit by a glitch that made Wii U and 3DS bundles listed for sale at a price three or four times lower than usual. Some quick-witted individuals misused this for getting the same price for the items at several brick-and-mortar chain stores (including Walmart), and bragged about it online.

Continued : http://www.net-security.org/secworld.php?id=17684

Related : Dirt-cheap PS4 Amazon listings in Walmart price-match scam

- Collapse -
DoubleDirect hackers snaffle fandroid and iPhone-strokers'..
Nov 24, 2014 4:32AM PST
.. secrets

"Windows and Linux seem immune from redirection assault"

Hackers are running "Man-in-the-Middle" attacks (MitM) against smartphones using a new attack technique, security researchers warn.

The so-called DoubleDirect technique enables an attacker to redirect a victim's traffic to the attacker's device. Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim's mobile device that can not only quickly infect the device, but also spread throughout a corporate network," according to mobile security firm Zimperium.

Zimperium has detected the DoubleDirect technique in the wild in attacks against the customers of web giants including Google, Facebook, Live.com and Twitter, across 31 countries.

Hackers are also using DoubleDirect technique to gain access to victims' devices, essentially to steal usernames, emails, and passwords.

Continued : http://www.theregister.co.uk/2014/11/21/hackers_snaffling_smartphone_secrets_with_redirection_attack/
- Collapse -
DHS, FBI sound alert on holiday cyber scams
Nov 24, 2014 4:33AM PST

The FBI and the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) are both warning users that cyber scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.

On Monday, US-CERT reminded individuals through an alert to "remain vigilant when browsing online," particularly against e-cards containing malicious links and fake advertisements or shipping notifications delivering "infected attachments."

The FBI's Birmingham, Alabama field office also notified users of cyber criminals' "aggressive and creative ways to steal money and personal information," including "phishing emails advertising brand name merchandise for bargain prices," a release said.

Continued: https://www.scmagazine.com/dhs-fbi-sound-alert-on-holiday-cyber-scams/article/385018/

- Collapse -
Sony Pictures hacked, entire computer system reportedly ..
Nov 24, 2014 7:41AM PST
.. unusable

Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack.

According to the Reddit thread, an image appeared on all employee's computers reading "Hacked by #GOP" and demanding their "requests be met" along with links to leaked data.

The Reddit user that posted the thread posted a year ago that they worked at Sony Pictures. [Screenshot]

The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. The message shown on computers mentions "demands" that must be met by November 24th at 11:00PM GMT or the files named will be released.

Continued : http://thenextweb.com/insider/2014/11/24/sony-pictures-hacked-employee-computers-offline/

Related: Sony Pictures Network Hacked