Spyware, Viruses, & Security forum


NEWS - October 10, 2013

by Carol~ Moderator / October 10, 2013 7:04 AM PDT
Critical WhatsApp crypto flaw threatens user privacy, researchers warn

A security researcher said he has found an encryption flaw that makes it possible for adversaries to decrypt communications sent with WhatsApp, a cross-platform smartphone app that processes as many as 27 billion instant messages each day.

WhatsApp developers say messages are "fully encrypted," and company CEO Jan Koum told Ars that Tuesday's vulnerability report is "sensationalized and overblown." But a computer science student at Utrecht University in the Netherlands—and several cryptographers who have reviewed his work—said the app appears to contain long-documented weaknesses, including the use of the same encryption key on both sides of a conversation. As a result, they said, it's not hard for cryptographers to decrypt WhatsApp messages that travel over Wi-Fi networks or other channels that can be monitored.

"You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort," Utrecht computer science and mathematics student Thijs Alkemade wrote in a blog post published Tuesday. "You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this... except to stop using it until the developers can update it."

Continued : http://arstechnica.com/security/2013/10/critical-whatsapp-crypto-flaw-threatens-user-privacy-researchers-warn/

WhatsApp Crypto Error Exposes Messages
WhatsApp mobile messaging app in the firing line again over cryptographic blunder
D'oh! Basic flaw in WhatsApp could allow attackers to decrypt messages
Discussion is locked
You are posting a reply to: NEWS - October 10, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 10, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Phishers Use Malware in Fake Facebook App
by Carol~ Moderator / October 10, 2013 7:16 AM PDT

Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let's have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn't with the phishing bait alone. Their ploy also used malware for harvesting users' confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site. [Screenshot]

The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app. The first option was by downloading software containing the malware and the second was by entering user credentials and logging into Facebook. A message on the phishing page encouraged users to download the software that would allegedly send notifications to the user when someone visited their Facebook profile. If the download button was clicked, a file download prompt appeared. The file contained malicious content detected by Symantec as Infostealer. On the other hand, if user credentials were entered, the phishing site redirected to a legitimate Facebook page.

Continued : http://www.symantec.com/connect/fr/blogs/phishers-use-malware-fake-facebook-app

Related: Bogus Facebook login page steals credentials, pushes malware

Collapse -
Sirefef Malware Served Up By Bad Bing Ads
by Carol~ Moderator / October 10, 2013 7:16 AM PDT

From the ThreatTrack Security Labs Blog:

We're seeing our old friend "rogue ads in Bing" doing the rounds - should you go searching for "Youtube" and click on the rogue ad (in this case, the one in the bottom right hand corner under "Ads related to Youtube") you'll be taken to a site which redirects to an exploit. [Screenshot]

The scammers behind this could well be targeting other keywords, but here's a list of re-directors we've seen related to a basic Youtube search so far: [...]

It seems likely that at least some of the above were compromised sites, and some of them appear to be back to normal and / or offline at time of writing. End-users would be redirected from the above to a dynamic DNS service Hopto(dot)org subdomain, with the exploit domain resting on the IP 109(dot)236(dot)81(dot)176.

Continued: http://www.threattracksecurity.com/it-blog/sirefef-malware-served-bad-bing-ads/

Collapse -
'Bulletproof' Hoster Santrex Calls It Quits
by Carol~ Moderator / October 10, 2013 7:16 AM PDT
Santrex, a Web hosting provider that has courted cybercrime forums and created a haven for a nest of malicious Web sites, announced last week that it is shutting its doors for good, citing "internal network issues and recent downtime."

Couldn't have happened to a nicer company. Rarely has a Web hosting firm so doggedly cornered the market on so-called "bulletproof hosting" services. These are essentially mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.

If there were a Hall of Infamy for hosting providers, Santrex would be near the top. That's hardly an exaggeration: According to Google - which tracks top malicious hosts via its safebrowsing program — Santrex was among the Internet's top three most malicious hosts over the past year. Google's data indicates that nearly 90 percent of the sites on Santrex's network tried to foist malicious software on visitors, or hosted malware that was used in attacks against other Web sites. [Screenshot]

I first read about the news of Santrex's demise in a thread at vpsboard.com titled "Ding! Dong! Santrex is Dead!" ...

Continued: http://krebsonsecurity.com/2013/10/bulletproof-hoster-santrex-calls-it-quits/
Collapse -
Twitter Still Being Used By Shady Hackers
by Carol~ Moderator / October 10, 2013 8:02 AM PDT

TrendLabs Security Intelligence Blog:

Recently, Twitter made public financial statements related to its upcoming initial public offering (IPO). Part of these statements including how many active users it has: Twitter said it has 218 million monthly active users, three-quarters of which have accessed the site from a mobile device.

It's not a surprise that some of these users are malicious. What is uncommon is that some of these malicious accounts do try to "engage" with other accounts - even those of security vendors like Trend Micro. Too bad for these users - we are one step ahead of them, as we have previously blocked the dubious sites they offer.

Recently, we came across four accounts that added the @TrendLabs Twitter account to various lists. This would not have been unusual, except all four accounts were clearly malicious: [Screenshot]

Upon further investigation, these accounts led to more malicious sites offering a variety of hacking tools targeting sites like Facebook and Twitter, as well as a scam site offering free iPhone 5ses.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/twitter-still-being-used-by-shady-hackers/

Collapse -
Cisco Patches 11 Vulnerabilities in FWSM, ASA Products
by Carol~ Moderator / October 10, 2013 8:02 AM PDT

Cisco pushed out patches for two products this week, addressing a handful of vulnerabilities in its Firewall Services Module (FWSM) software and Adaptive Security Appliance (ASA) software.

According to security updates posted on the company's Advisory page yesterday, at least nine separate vulnerabilities exist in ASA:

• IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
• SQL*Net Inspection Engine Denial of Service Vulnerability
• Digital Certificate Authentication Bypass Vulnerability
• Remote Access VPN Authentication Bypass Vulnerability
• Digital Certificate HTTP Authentication Bypass Vulnerability
• HTTP Deep Packet Inspection Denial of Service Vulnerability
• DNS Inspection Denial of Service Vulnerability
• AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
• Clientless SSL VPN Denial of Service Vulnerability

Five of the nine can either reload an affected device or lead to a denial of service (DoS) condition.

Continued : http://threatpost.com/cisco-patches-11-vulnerabilities-in-fwsm-asa-products/102563

Also: Cisco patches vulnerabilities in some security appliances, switches and routers

Collapse -
Nordstrom Finds Cash Register Skimmers
by Carol~ Moderator / October 10, 2013 8:02 AM PDT

Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.

The fraud devices in this case resemble small keyloggers that are sold by dozens of stores for approximately $30 to $40 apiece. These hardware keyloggers are essentially Ps2 connectors that are about an inch in length. The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS2 keyboard connector and the female receptor on a computer. [Screenshot]

According to an alert circulated by the police department in Aventura, Florida, on the afternoon of Saturday, Oct. 5, 2013, three male subjects were captured on closed-circuit cameras at Nordstrom tampering with registers in the store. Authorities there say the footage showed two of the men worked to distract sales staff, while the third took pictures of the register and removed the rear access panel to the register and took additional photographs.

Continued : http://krebsonsecurity.com/2013/10/nordstrom-finds-cash-register-skimmers/

Collapse -
Hackers exploit vBulletin Internet forum software
by Carol~ Moderator / October 10, 2013 8:54 AM PDT
.. vulnerability

Hackers are exploiting a vulnerability in the popular vBulletin Internet forum software in order to inject rogue administrator accounts into websites using it.

The exploit was found by researchers from security firm Imperva on underground hacker forums and targets versions 4.x.x and 5.x.x of vBulletin.

The vulnerability allows attackers to abuse the vBulletin configuration mechanism to create a secondary administrative account, the researchers said Wednesday in a blog post.

At the end of August, vBulletin Solutions, the company that develops the forum software, advised users to delete the "install" directories from their vBulletin deployments because of an unspecified exploit vector.

The company declined to release any additional information about the issue at that time, but Imperva's researchers believe it's the same vulnerability targeted by the exploit script they found.

Continued : http://www.pcworld.com/article/2053920/hackers-exploit-vbulletin-vulnerability-to-inject-rogue-administrator-accounts.html

Related : vBulletin vuln opens backdoor to rogue accounts
Collapse -
Fake Payment Slip Emails Carry Malware
by Carol~ Moderator / October 10, 2013 8:54 AM PDT

Users are advised to be on the lookout for fake emails that purport to carry a payment slip. The scam notifications are part of a cybercriminal campaign designed to distribute malware.

Cisco's Security Intelligence Operation detected a significant volume of these scam emails on October 1. However, the company issued a second warning on October 9.

One version of the email comes with an attachment (Bank Slip.rar) that contains a malicious .scr file. When it's executed, the victim's computer becomes infected. A second variant of the bogus notification has a different body and it carries a malicious executable inside a .zip archive.

Here's what the emails look like. If you come across them in your inbox, delete them immediately.

Variant 1. "Payment Slip"

Continued : http://news.softpedia.com/news/Fake-Payment-Slip-Emails-Carry-Malware-390011.shtml

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!