Spyware, Viruses, & Security forum

Alert

NEWS - September 03, 2013

by Carol~ Moderator / September 3, 2013 4:34 AM PDT
Facebook fixes bug that allowed anyone to delete ANY photo

A bug which allowed any Facebook user to delete photos from any other user's page without their knowledge has earned its discoverer $12,500 under Facebook's "bug bounty" program - more than 10 times the average payout.

Arul Kumar, 21, demonstrated the bug in a video where he almost - but not quite - deleted an image from Mark Zuckberberg's photo page.

The bug relies on a weakness in Facebook's "reporting" system - where Facebook provides users with a URL for "reported" photos, so they could send a "takedown" request to other users for pictures which included inappropriate content. By changing numbers in the URL, Kumar was able to create a "one-click delete" button for any photo on the site.

Kumar posted a bug report but Facebook's team were unable to reproduce its results, so Kumar reposted the bug in the form of a demonstration video. The bug worked from any account, regardless of whether the photo had ever been reported to Facebook's teams.

Continued : http://www.welivesecurity.com/2013/09/03/facebook-fixes-bug-that-allowed-anyone-to-delete-any-photo/

Related:
Facebook vulnerability that allowed any photo to be deleted earns $12,500 bounty
Facebook Bug 'Allowed Anyone's Photos To Be Deleted'
Facebook flaw allows hackers to delete any photo
Discussion is locked
You are posting a reply to: NEWS - September 03, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - September 03, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
NetTraveler Is Back: 'Red Star' APT Returns w/ New Tricks
by Carol~ Moderator / September 3, 2013 4:48 AM PDT
NetTraveler Is Back: The 'Red Star' APT Returns With New Tricks

Kaspersky Lab Weblog:

NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as 'Travnet' or "Netfile") include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.

During the last week, several spear-phishing e-mails were sent to multiple Uyghur activists. Here's an example: [Screenshot]

A rough translation:

"The spokesman of the WUC made the following statement about the massacre in Karghiliq country. To the kind attention of everyone."

It contains a link to a page purportedly on the World Uyghur Congress website. However, the real page link leads to a known NetTraveler-related domain at "weststock[dot]org".

Continued : http://www.securelist.com/en/blog/208214039/NetTraveler_Is_Back_The_Red_Star_APT_Returns_With_New_Tricks

Related:
NetTraveler Variant Adds Java Exploits, Watering Hole Attacks to Bag of Tricks
NetTraveler APT Attack Changes Tactics to Infect Activists
Despite Being Exposed, Cybercriminals Behind NetTraveler Campaign Continue Attacks
NetTraveler APT group is back, adds watering hole attacks to its arsenal
Collapse -
Syrian Electronic Army Denies New Data Leaks
by Carol~ Moderator / September 3, 2013 4:48 AM PDT

The high-profile Web site defacement and hacker group known as the Syrian Electronic Army (SEA) continues to deny that its own Web server was hacked, even as gigabytes of data apparently seized during the compromise leaked onto the Deep Web this weekend.

Following a string of high profile attacks that compromised the Web sites of The New York Times and The Washington Post among others, many publications have sought to discover and spotlight the identities of core SEA members. On Wednesday, this blog published information from a confidential source who said that the SEA's Web site was hacked and completely compromised in April 2013. That post referenced just a snippet of name and password data allegedly taken from the SEA's site, including several credential pairs that appeared tied to a Syrian Web developer who worked with the SEA. [Screenshot]

The SEA — through its Twitter accounts — variously denounced claims of the hack as a fraud or as a propaganda stunt by U.S. intelligence agencies aimed at discrediting the hacker group.

Continued : http://krebsonsecurity.com/2013/08/syrian-electronic-army-denies-new-data-leaks/

Collapse -
Twitter makes good on promise to make abuse reports ..
by Carol~ Moderator / September 3, 2013 4:49 AM PDT
... easier and more obvious

Twitter has lived up to its promise, made a month ago, to make it easier and more obvious how to report abusive messages published on its microblogging site.

The combination of Twitter's short messages, high volumes and "always logged in" style of use make it easy for internet pests (and worse) to pepper victims with the internet abuse equivalent of never-ending birdshot from a auto-repeating shotgun that never runs out of ammunition.

UK journalist Caroline Criado-Perez found this out to her personal alarm recently.

She'd run a campaign to promote a well-known female British author for inclusions on a banknote: Charles Dickens and Charles Darwin have both had a go in recent years; Criado-Perez thought that Jane Austen deserved a turn.

Continued : http://nakedsecurity.sophos.com/2013/09/03/twitter-makes-good-on-promise-to-make-abuse-reports-easier-and-more-obvious/
Collapse -
RSA Peeks into Bits of New Linux-based Trojan Hand of Thief
by Carol~ Moderator / September 3, 2013 4:49 AM PDT

The Hand of Thief Trojan (or "HoT") is commercial malware that was first released for sale in late July 2013 by an underground vendor in Russian-speaking cybercrime communities.

Hand of Thief was named a banking Trojan by its developer, programmed to be a form grabber and backdoor. What's special about this malware is that HoT may be the first malware from the banking Trojan class to target all the common Linux distributions.

Although the malware has not been traced in the wild yet, the RSA FraudAction team has obtained its builder and created HoT binaries, testing its actual functionality, exposing the operational features, as well as revealing the bugs that can prevent it from stealing data from Linux users.

Our research and analysis shows that, in reality, HoT's grabbing abilities are very limited if not absent, which would make the malware a prototype that needs a lot more work before it can be considered a commercially viable banking Trojan.

Continued : https://blogs.rsa.com/rsa-peeks-into-the-bits-of-new-linux-based-trojan-hand-of-thief/

Related: Experts Say "Hand of Thief" Linux Trojan Is Far from Being Commercially Viable

Collapse -
Privacy case makes your phone untrackable
by Carol~ Moderator / September 3, 2013 4:50 AM PDT

With all the recent revelations about NSA's long cyber reach and the (in)voluntary involvement of big Internet companies and US telecoms in its many surveillance programs, it's not entirely surprising that a Kickstarter project offering a portable and usable Faraday cage for mobile devices has been successful.

A Faraday cage - for those who don't know - is an enclosure that is padded with conducting material that prevents electromagnetic signals to reach inside it, and that includes radio waves. In short, if you put your smartphone inside it, no voice, data, SMS, and GPS signal will reach it or can be sent from it, making it digitally untrackable.

The name of the project and the product whose manufacturing it's trying to kickstart is OFF Pocket, and this "privacy accessory" is extremely easy to use: simply put your phone inside it and close it.

Continued: http://www.net-security.org/secworld.php?id=15502

Collapse -
Cold call victim forces telemarketers to pay him by ..
by Carol~ Moderator / September 3, 2013 6:03 AM PDT
.. using premium number

A British man fed up with cold calls from telemarketers set up a premium phone number in November 2011 and has made £300 by accepting calls and keeping the annoying marketers on the line as long as possible.

Lee Beaumont, who works at home in Leeds, UK, was getting calls at all times of the day. "I thought there must be a way to make money off these phone calls," he told the BBC. He searched on Google and found a small company that charged him £10 (about $15.50) to set up an 0871 line (equivalent to a 900 line in the US), which forces people who call him to pay 10p per minute. Of that, he receives 7p (about 10.9¢).

The BBC has an article and radio segment on Beaumont here. He now gives out his 0871 line to any business that might cold call him, while giving friends and family a different number. The BBC writes:

Because he works from home, Mr Beaumont has been able to increase his revenue by keeping cold callers talking—asking for more details about their services....

Continued : http://arstechnica.com/business/2013/08/cold-call-victim-forces-telemarketers-to-pay-him-by-using-premium-number/
Collapse -
Citadel Makes a Comeback, Targets Japan Users
by Carol~ Moderator / September 3, 2013 8:23 AM PDT

TrendLabs Security Intelligence Blog :

Through investigation and collaboration between our researchers and engineers, we discovered a malicious online banking Trojan campaign targeting users in Japan, with the campaign itself ongoing since early June of this year. We've reported about such incidents in the past, including in our Q1 security roundup - and we believe this latest discovery shows that those previous attacks have been expanded and are a part of this particular campaign.

We discovered the online banking Trojan involved in this campaign to be a variant of the Citadel family. Citadel variants are well-known for stealing the online banking credentials of users, directly leading to theft.

We've identified at least 9 IP addresses serving as its command and control(C&C) servers, most of them detected to be belonging in the US and Europe. Monitoring these servers, we also discovered that 96% of the connections to these servers are coming from Japan - further proof that the most of the banking trojan infections are coming from that one specific country.

In addition to this, we also managed to find out the following about this campaign:

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-comeback-targets-japan-users/

Collapse -
The Murky Waters Of The Zero-Day Business
by Carol~ Moderator / September 3, 2013 8:24 AM PDT

"Malwarebytes Unpacked" Blog:

Finding software vulnerabilities is a full-time job for some people but for another group, discovering a flaw in popular software can be like striking gold. To better understand why, we need to explain what a software vulnerability is and most importantly what can be done with it.

ITSEC defines a vulnerability as "the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved." [Screenshot]

Let's take a simple example to illustrate a possible scenario: you browse to a particular webpage using Internet Explorer when all the sudden a specially crafted font cannot be rendered properly. Instead of displaying an error, the browser performs an authorized operation where malicious code is downloaded and executed.

Since our lives and economy are dependent on computers running software applications, you may get the idea why vulnerabilities can have disastrous consequences. It could go from a power plant getting shutdown with millions of people left in the dark and cold, a plane crashing when the autopilot software reads instructions from a hacker, etc.

Continued : http://blog.malwarebytes.org/intelligence/2013/09/the-murky-waters-of-the-zero-day-business/

Collapse -
Malicious Spammers Bait Facebook Users with Fake News Feed
by Carol~ Moderator / September 3, 2013 8:24 AM PDT

Here's something new about Facebook spam: the criminals behind this latest campaign are now using Facebook's "news feed" as lure to get recipients clicking on malicious links. [Screenshot]

Facebook "News Event" Spam

From: {fake Facebook email address}
To: {random}
Subject: Hi {random}, here are some Pages you may like
Message body:
Like these Pages to get updates in your News Feed.

{malicious URLs}


The malicious URLs are compromised domain sites inserted with an HTML page containing the following code: [Screenshot]

All three JavaScript (JS) codes contain a redirection to a malicious .PHP page where users are then redirected to malware hosted on sites that are also compromised. We were able to retrieve the following files below:

Continued : http://www.threattracksecurity.com/it-blog/malicious-spammers-bait-facebook-users-with-fake-news-feed/

Collapse -
Unmasked: Sambreel's String of Aliases
by Carol~ Moderator / September 3, 2013 9:19 AM PDT

Our friends at Spider.Io have published an article about Sambreel not so long ago. In case you're not familiar with the name, Sambreel is the US-based company that made angry users out of Facebook, Google, and Yahoo! because of their fake browser plugins. Once these pieces of software are installed into the user's browser, they're able to insert ads into major websites and overlay already existing ads with their own. You can read more about this hullabaloo here.

Researchers at Spider.Io found two plugins—Easy YouTube Video Downloader and Best Video Downloader—being bundled and distributed by Yontoo and Alactro, brands that are also owned by Sambreel.

Here's a bit of good news: Firefox has made the great move of removing the offending plugin from their free add-ons page.

The bad news is, although Yontoo explicitly claims that their product has been discontinued and Alactro appears to be AWOL, researchers at ThreatTrack have found that Sambreel still continues to distribute dubious apps under different names.

"This has been the tactic of adware groups." says Patrick, one of our threat researchers in the AV Labs, "When their brand comes under fire, they change their names, create new sites and keep operating."

And they keep operating, indeed. Below are brands and websites we found that the aforementioned Sambreel affiliates have been using to date:

* Web Cake — getwebcake(dot)com
[Screenshot]
[Screenshot]

* Web Layers — weblayers(dot)com

Continued: http://www.threattracksecurity.com/it-blog/unmasked-sambreels-string-of-aliases/

@ spider.io: Sambreel is Still Injecting Ads. Video Advertisers, Beware

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?