11 total posts
VeriSign demands website takedown powers
VeriSign, which manages the database of all .com internet addresses, wants powers to shut down "non-legitimate" domain names when asked to by law enforcement.
The company said today it wants to be able to enforce the "denial, cancellation or transfer of any registration" in any of a laundry list of scenarios where a domain is deemed to be "abusive".
VeriSign should be able to shut down a .com or .net domain, and therefore its associated website and email, "to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process", according to a document it filed today with domain name industry overseer ICANN.
The company has already helped law enforcement agencies in the US, such as the Immigration and Customs Enforcement agency, seize domains that were allegedly being used to sell counterfeit goods or facilitate online piracy, when the agency first obtained a court order.
Continued : http://www.theregister.co.uk/2011/10/11/verisign_asks_for_web_takedown_powers/
Sneaky fake company virus warnings trick users into..
... installing malware
Picture the scene.
You receive an email from someone inside your company. He tells you that there is a virus problem inside the company and it has resulted in data being stolen and some files being deleted.
You are told to install an anti-virus tool to clean-up the infection properly. The link appears to point to a download on your company's own website.
Would you do it?
Well, hopefully not. But people less savvy in security matters might be fooled.
Here is the email that has been spammed out to a number of large companies: [Screenshot: Malicious Email]
Subject: IT Notice
Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is moving, a few files deleted. Expert written virus removal tools to help us fully remove this virus, Please download and install the patch, obtain virus definitions, and run the removal tool.Download the tool from: . Please Back Up Your System Databases, If any questions, please do not hesistate to contact IT department.
Although the link appears to the naked eye to point to a file called antivirus.exe on your company's own server (for instance, if your company's website was called example.com it would appear to link to www.example.com/download/antivirus.exe) it really directs your browser to a download on a third-party website.
Continued : http://nakedsecurity.sophos.com/2011/10/11/sneaky-company-virus-warnings-malware/
Symantec Research: The Motivations of Recent Android Malware
For years now, we in the cyber security industry have been saying an explosion of mobile malware is just around the corner. Beginning in earnest this year, we have indeed observed a marked increase in threats targeting mobile devices - particularly the Android platform. However, it's probably not accurate to say the expected explosion has in fact occurred. The reality is that cybercriminals are still very much in the exploratory phase of figuring out how to monetize the exploitation of mobile devices. This is the topic of Symantec's latest research. You can read the whitepaper in its entirety here (pdf).
Above all else, our analysis highlights how most current efforts to monetize mobile malware have only a low revenue-per-infection ratio. This has severely limited the return on investment achievable by attackers. It also offers detailed insight into the top current mobile malware monetization schemes observed by Symantec, including how each works and examples of the malware presently being used to carry them out. These schemes are:
• Premium-rate number billing scams
• Search engine poisoning
• Pay-per-click scams
• Pay-per-install schemes
• Stealing mobile transaction authentication numbers (mTAN)
Continued : http://www.symantec.com/connect/blogs/new-symantec-research-motivations-recent-android-malware
Zero-day exploits rarely used by criminals, Microsoft finds
"Criminals have easier attack methods, says latest analysis"
Software exploits, including zero-day attacks, appear to play a much smaller part in malware infections than previously thought, Microsoft's latest Security Intelligence Report (SIRv11) has found.
The vast majority of malware infections detected by the company's Malicious Software Removal Tool (MSRT) for the first half of 2011 depended either on user interaction or an abuse of the Windows AutoRun feature to infect PC, with these used in 44.8 percent and 26 percent of attacks respectively.
Surprisingly, despite the fear surrounding software exploits, attacks depending on these barely registered, recording just 5.6 percent of infections. More surprisingly still, under one percent of those turned out to use zero-day exploits, with not a single example of the most common malware types incorporating the method.
This is an unexpected finding. As Microsoft points out, zero day attacks are one of the most feared threat types because it appears to give the attacker the ability to compromise systems in a way that is impossible to quantify until it is too late.
Continued : http://news.techworld.com/security/3310050/zero-day-exploits-rarely-used-by-criminals-microsoft-finds/
Microsoft Security Intel Report suggests zero-day flaws way overblown
Don't worry about zero-days, says Microsoft
Microsoft dismisses zero-day threats
VLC Media Player 1.1.12 closes security hole
The VideoLAN project development team has announced the release of version 1.1.12 of the VLC Media Player. The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC which could be exploited by an attacker to crash the server process.
For an attack to be successful, a victim must have started VLC server and manually started the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions. Versions up to and including 1.1.11 are affected. According to the developers, the issue "does not affect standard usage of the player".
The thirteenth release of the 1.1.x branch of VLC also brings improvements for audio output: it adds support for AC-3 and DTS passthrough included in version 1.0 of PulseAudio, has fixes for PulseAudio synchronisation, and better support for Mac OS X 10.7 Lion. Other changes include Unix port compatibility updates, translation updates and fixes for bugs that cause VLC to crash on Japanese locale Mac OS X systems.
Continued : http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-12-closes-security-hole-1358606.html
Microsoft flags Firefox and Chrome for security failings
Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats.
Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple's Safari browser in tests run by The Register.
The page is designed to educate users about the importance of choosing an up-to-date browser that offers industry-standard features. The ability to automatically warn users when they're about to download a malicious file, to contain web content in a security sandbox that has no access to sensitive parts of the computer's operating system, and to automatically install updates are just three of the criteria.
Continued : http://www.theregister.co.uk/2011/10/11/microsoft_browser_crituque/
Biggest Identity Theft Bust Ever Nets 111 In New York
Authorities in New York have arrested more than 100 people accused of participating in an identity theft scam that generated $13 million in illicit profits fore crime gains in Europe, Asia, Africa and the Middle East, according to a statement from the District Attorney for Queens County.
The accused are alleged to have stolen financial information from consumers in the U.S. and Europe over a 16 month period. The scam relied heavily on trusted insiders within financial and retail businesses to steal information and, in two cases, merchandise from Kennedy Airport and Citigroup, according to a statement Friday.
The scam was wide ranging and reported to be the largest ever in the U.S. Among those arrested were bank tellers, store employees, restaurant workers and others who worked on behalf of the criminal networks to steal financial and identity data. That data was then used to forge credit cards which were, in turn, passed to organized shopping "teams" who engaged in coast-to-coast shopping sprees, buying designer handbags, game consoles and jewelry-- all goods that can be easily fenced online and turned back into cash for the scammers.
Continued : http://threatpost.com/en_us/blogs/biggest-identity-theft-bust-ever-nets-111-new-york-101111
Police Arrest 111 Individuals in Queens-Based Identity Theft Bust
'Largest' ID theft ring, trading in Apple products, busted in NY
111 Arrested In Identity Theft Probe
Apple iTunes 10.5 Released
From SANS ISC:
Apple released iTunes 10.5 for Windows and Mac OS X. For those following Apple this comes as no big surprise as there are functionality changes expected due to the imminent release of a new iPhone model. What is however a bit surprising is that they also released an impressive list of fixed vulnerabilities in the windows version of iTunes.
Even more interesting is that that list also mentions that e.g. "For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006" or "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2". And those are respectively a security update and an OS update that are not yet released at the time of writing.
Malware-laden fake YesAsia invoices spammed out
YesAsia.com is a popular online retailer that sells Asian and Western products. Think of a website like Amazon.com, but with a focus on selling movies, music, and electronics to customers in Asian countries.
Unfortunately, it seems that cybercriminals are trying to take advantage of YesAsia's popularity by spamming out malicious emails posing as invoices.
Here's an example, claiming that the recipient's credit card has been charged for the purchase of a Logitech webcam and a Freecom external hard drive: [Screenshot: Malicious Email]
Be wary if you receive one of these emails, as the links do not point to yesasia.com but to a ZIP file on yesasia-invoices.com instead.
YesAsia-invoices.com is not a real YesAsia website, and was registered by somebody just yesterday for the purposes of duping PC owners into installing the malware.
Continued : http://nakedsecurity.sophos.com/2011/10/11/malware-laden-fake-yesasia-invoices-spammed-out/