Alert

NEWS - October 01, 2015

Nerves rattled by highly suspicious Windows Update delivered worldwide [Updated]

"Strange payload raised concerns that Windows Update has been hacked."

Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn't correctly implemented.

"We incorrectly published a test update and are in the process of removing it," a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.

The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft's automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out. What follows is the remainder of this post as it appeared before the company issued its explanation.

Continued : http://arstechnica.com/security/2015/09/nerves-rattled-by-highly-suspicious-windows-update-delivered-worldwide/

Related:
Suspicious Windows 7 Update Actually an Accidental Microsoft ‘Test’ Update
Weird garbled Windows 7 update baffles world – now Microsoft reveals the truth
Don't panic: Microsoft mistakenly posted a 'test' Windows update patch
Discussion is locked
Follow
Reply to: NEWS - October 01, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 01, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Stagefright is back, affecting millions of Android devices

If you though the bluster of the first Stagefright vulnerability had blown over, think again.

A set of two new vulnerabilities, dubbed Stagefright 2.0, could allow an attacker to exploit a weakness in how Android processes audio (MP3) and video (MP4) files, which can be used to install malware.

The scope of the flaw isn't thought as wide as the first Stagefright vulnerability. The second flaw affects devices mostly running Android 5.0 "Lollipop" and later. The researchers said in a blog post that some Android phones running an older components may also "be impacted."

Continued : http://www.zdnet.com/article/new-stagefright-2-0-flaws-affect-millions-of-android-devices/

Related:
Stagefright 2.0 Vulnerabilities Affect 1 Billion Android Devices
Stagefright 2.0: A billion Android devices could be compromised
A billion Android phones are vulnerable to new Stagefright bugs

- Collapse -
Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS
UPDATE - Apple pushed out its latest operating system, El Capitan, yesterday, and while it boasts many security fixes, the update fails to address the outstanding vulnerability in Gatekeeper that came to light this week.

The issue with Gatekeeper, as described yesterday by Patrick Wardle, the director of research at Synack, fails to verify whether an app runs or loads other apps or dynamic libraries from the same or relative directory. Apple is reportedly working on a short term mitigation for the simple, but effective bypass that Wardle cooked up and presented at Virus Bulletin today in Prague.

Continued: https://threatpost.com/apple-patches-100-vulnerabilities-in-os-x-safari-ios/114876/

Related: Apple releases OS X El Capitan, patches passcode loophole in iOS
- Collapse -
Scammers use Google AdWords, fake Windows BSOD to steal ..
... money from users

Faced with the infamous Windows Blue Screen of Death (BSOD), many unexperienced computer users' first reaction is panic. If that screen contains a toll free number ostensibly manned by Microsoft technicians who are there to help users overcome this problem, many are probably tempted to pick up the phone.

It is this reaction that cyber crooks are counting on. But how to make this fake screen appear on the user's computer?

According to Malwarebytes' researcher Jerome Segura, the latest scheme of this kind was detected only days ago. The crooks have been using Google's AdWords to make links to malicious pages appear at the top of the Google Search page when user searched for "youtube".

Continued: http://www.net-security.org/secworld.php?id=18913
- Collapse -
Highly personal data for 15 million T-Mobile applicants ..
.. stolen by hackers

"Breach involves T-Mobile database maintained by credit-reporting service Experian."

Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile.

The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It's at least the third data breach to affect Experian disclosed since March 2013.

Continued: http://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/

Related: Hackers Steal 15M T-Mobile Customers’ Data From Experian
- Collapse -
Car Hack Technique Uses Dealerships to Spread Malware

Over the last summer, the security research community has proven like never before that cars are vulnerable to hackers—via cellular Internet connections, intercepted smartphone signals, and even insurance dongles plugged into dashboards. Now an automotive security researcher is calling attention to yet another potential inroad to a car’s sensitive digital guts: the auto dealerships that sell and maintain those systems.

At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch. Smith’s invention, built with around $20 of hardware and free software that he’s released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of vehicles.

Continued: http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-brothels/

CNET Forums