Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - October 31, 2014

Oct 31, 2014 3:14AM PDT
Android dialler hides, resists attempts to remove it

A malicious dialler disguised as an application for adults could become a big problem for Android users, as the malware systematically removes traces of itself from the phone and makes deinstallation impossible through normal means, Dr. Web researchers warn.

Once installed, the malware places its shortcut - without an icon or any captions - on the device's home screen which can make users believe that the installation has failed. [Screenshot]

"In some cases after its launch, Android.Dialer.7.origin can display an error message about the unavailability of the requested service, after which it hides its tracks in the infected system by deleting the shortcut, and operates in the guise of a system service," they explained.

Continued : http://www.net-security.org/malware_news.php?id=2903

Discussion is locked

- Collapse -
Facebook is now available on Tor for more secure browsing
Oct 31, 2014 3:23AM PDT

After enabling secure HTTPS browsing by default for all users in August last year, Facebook has taken another step to allow for secure browsing, and has made their social network available via the Tor network for users who want to maintain their anonymity when logging on to the Web.

The Facebook onion address (accessible only in Tor-enabled browsers) connects users to Facebook's Core WWW Infrastructure, so as to provide end-to-end communication, directly from the browser into a Facebook datacentre, allowing for private and secure browsing sessions. An SSL certificate issued by Facebook to visitors confirms to them that they're indeed accessing the right destination.

Continued: http://thenextweb.com/facebook/2014/10/31/facebook-now-available-tor-network/

Related : Facebook sets up shop on the Tor anonymity network

- Collapse -
Pirate Bay Founder Convicted on Hacking Charges..
Oct 31, 2014 3:23AM PDT
... Sentenced to 3.5 Years

The founder of the file-sharing site Pirate Bay was found guilty today in Denmark on hacking charges unrelated to the web site.

Swedish national Gottfrid Svartholm was found guilty of hacking into servers belonging to the U.S. technology firm CSC after being partially acquitted of other hacking charges in Sweden.

In the Danish case, Svartholm and a 21-year-old Danish accomplice were accused of hacking CSC's servers in April 2012 and remaining inside for four months, stealing and altering data during the breach, according to prosecutors.

Continued : http://www.wired.com/2014/10/pirate-bay-founder-hacking/

Related :
Pirate Bay co-founder sentenced for hacking CSC servers
Pirate Bay co-founder sentenced to 3.5 years imprisonment in Denmark
Danish court finds Pirate Bay cofounder guilty of hacking CSC servers
- Collapse -
Dyre malware targeting Swiss bank customers
Oct 31, 2014 3:24AM PDT

The Dyre/Dyreza banking Trojan has lately become very popular with cyber criminals - so much so that the US-CERT has issued an alert warning about the danger.

"Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s)," they shared.

"Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader."

Continued : http://www.net-security.org/malware_news.php?id=2902

[ Emphasis by me ]

- Collapse -
iOS App Vulnerability Exposed GroupMe Accounts
Oct 31, 2014 3:24AM PDT

Until recently, cybercriminals could have hijacked the account of any GroupMe user simply by knowing the phone number connected to the targeted account, a researcher reported on Thursday.

GroupMe is a popular mobile group messaging application that works on Android, iOS, Windows Phone, and even older phones via SMS. In 2011, GroupMe was acquired by Skype, which became a Microsoft company in the same year.

When users register a GroupMe account via the iOS app, they're first instructed to enter their name, email address and password. In the next phase of the registration process, they're asked to verify their phone number either by using the number of the iPhone on which the registration takes place, or a different phone number.

Continued: http://www.securityweek.com/ios-app-vulnerability-exposed-groupme-accounts

Related : GroupMe iOS Full Account Takeover Vulnerability

- Collapse -
Forget trick-or-treating - Kill a Zombie this Halloween
Oct 31, 2014 3:32AM PDT

Today marks the end of National Cybersecurity Awareness Month.

NCSAM is supposed to teach us to start taking computer security more seriously.

It's also All Hallows' Eve, better known as Halloween.

That's when lots of youngsters will be out and about, knocking on other people's doors and saying, "Trick or Treat."

Ironic, isn't it?

On one hand, we're making an effort to bolster our defences against the depredations of cybercrime threats such CryptoLocker and CryptoWall...

Continued : http://nakedsecurity.sophos.com/2014/10/31/forget-trick-or-treating-kill-a-zombie-this-halloween/

- Collapse -
Popular Science Website Infected, Serving Malware
Oct 31, 2014 4:07AM PDT

The website of widely read Popular Science magazine is reportedly hosting a malicious script that is redirecting site visitors to a third-party domain containing an exploit kit, which is infecting users by uploading files containing malware to their machines.

To give an idea of the scope of this problem, according to estimated metrics from the site traffic analysis service Alexa, Popsci[dot]com ranks 6,297 globally and 2,234 in the U.S. in terms of total traffic.

The compromise was discovered by researchers from the Websense Security Lab, who said they contacted the IT team at Popular Science and informed them of the breach.

Continued : http://threatpost.com/popular-science-website-infected-serving-malware/109089

Related : Popular Science site shrugs off malicious code infection

- Collapse -
Scary!
Oct 31, 2014 4:13AM PDT

I disabled NoScript some time ago.

I had forgotten why I installed it in the first place so time to review why I disabled it.

Thanks for that Carol.

Mark

- Collapse -
Scary it is !
Oct 31, 2014 5:41AM PDT

I don't know which is worse. The problems with the site, or the fact that Popular Science "made no attempt to warn surfers that it may have had a problem."

The additional details at Websense are scarier yet.

The last sentence @ Threat Post (Kaspersky Labs) reads "Forty percent of all infections detected thus far, according to Websense, are in the U.S., U.K. and Netherlands." Need I say more?

As coincidences would have it, I thought about disabling NoScript yesterday. I have since changed my mind. Grin

Time to hide from the trick or treaters put my Halloween costume on. It's right next to my Scrooge Mrs. Claus outfit. Silly

Carol

- Collapse -
Costume
Nov 2, 2014 12:54AM PDT

I bet you dress as a (^_^). lol >))))))^>

- Collapse -
>))))))^> .. In fact...
Nov 2, 2014 1:37AM PDT
>))))))^>

In fact ...

Many (many) years ago .... I did !

You won the bet ! Here's your payoff ¢ ¢ ¢ ¢ ¢ ¢ ¢ ¢ ¢

Don't spend it all in one place. Unless of course, you decide to take a vacation with it. Grin

(^_^) ~
- Collapse -
5 Things Freaking Out IT Security Pros This Halloween
Oct 31, 2014 4:07AM PDT

Fred Touchette from AppRiver outlines the spookiest threats to businesses

Ah, Halloween. A time when people dress up in creepy costumes and enjoy a marathon of classic horror flicks. And while some people may be spooked more easily than others, here are five things that will alarm even the most fearless IT security pro.

Protecting a network without sufficient funds. Whether it's locating qualified staff or convincing upper management that system updates are necessary expenditures, the lack of funds can seriously impede the health of an organization's security posture.

A future of unknowns. IT security pros spend a lot of time researching the world of cybercrime so that they can stay out of harm's way. Happily, White Hats are good at disseminating information to their peers when breach occurs. Vulnerabilities were recently found in Heartbleed SSL and Shellshock Bash, for example, and the community responded by sharing information and patching networks before incident. But what about those unknown exploits? It's enough to keep IT pros up at night.

Continued: http://www.techweekeurope.co.uk/news/halloween-security-threats-154473

Related: Things that freak out IT security pros