Spyware, viruses, & security forum: NEWS - January 08, 2013

"Company expects to release patches on January 15"

Adobe Systems warned users of its ColdFusion application server software that hackers are reportedly exploiting unpatched vulnerabilities in the product to take control of affected servers.

The company published a security advisory on Friday regarding three critical vulnerabilities - identified as CVE-2013-0625, CVE-2013-0629 and CVE-2013-0631- that affect ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0.

CVE-2013-0625 can be exploited to bypass authentication controls and take control of a ColdFusion server, CVE-2013-0629 can allow unauthorized users to access restricted directories on a vulnerable server and CVE-2013-0631 can result in information disclosure.

Continued : http://news.techworld.com/security/3418957/adobe-warns-of-actively-exploited-coldfusion-flaws/

Also: Adobe ColdFusion Exploits in Wild; Patch Remains Week Away

In the movies, hackers work hard breaking into electronic networks to steal passwords. In the real world, they just politely ask for your credentials using a phishing website designed to look exactly like a valid financial website. If you log in to the fake website, you compromise your own security.

Fortunately, most popular browsers include some degree of antiphishing protection. Unfortunately, their effectiveness varies widely. AV-Comparatives just released the results of a test examining how well popular browsers detect and block these frauds.

I test antiphishing protection for my own security reviews by checking URLs that have been reported as fraudulent, but not yet verified. I check each one myself, using only those that are clearly fraudulent and clearly attempt to steal login credentials. I find that a significant majority of current security suites are less effective at phishing prevention than Internet Explorer 8 alone. However, Internet Explorer didn't come out on top in the AV-Comparatives study.

Testing Methodology

Continued : http://securitywatch.pcmag.com/none/306686-best-browser-for-blocking-fraud-opera

The EU's cyber security agency ENISA has published the first Cyber Threat Landscape analysis of 2012, summarizing over 120 threat reports.

The report identifies and lists the top threats and their trends, and concludes that drive-by exploits have become the top web threat.

The report summaries 120 recent reports from 2011 and 2012 from the security industry, networks of excellence, standardization bodies and other independent parties, making the report the world's most comprehensive synthesis presently available.

The report provides an independent overview of observed threats and threat agents together with the current top threats, and emerging threats trends landscapes. Moreover, the Threat Landscape report analyses the "cyber enemy"; identifying and also listing the top ten (out of a total of sixteen) threats in emerging technology areas.

The identified top ten threats are:

Continued : http://www.net-security.org/secworld.php?id=14194

Also: Drive-by attacks, Trojans and code injection the biggest threats, says ENISA

In the process of creating a system which would allow Facebook users with compromised accounts to regain control of their accounts, the company managed to open a hole which could have allowed attackers to reset users' passwords without knowing their old password and, ironically, allowing them to compromise users' accounts. The flaw was reported to Facebook and closed through its White Hat disclosure page.

The problem, discovered by Sow Ching Shiong and documented on his blog, required that the user be logged in and visit the https: // www.facebook.com/hacked URL. This URL is apparently designed for users who still have an active session but believe their account has been compromised; accessing it without logging in sends the user to forms which ask them to establish their identity. If they are logged in, the user was redirected to https: // www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked and on clicking "Continue" on that page asked to enter a new password. But, contrary to best practice, the form did not ask for their old password.

Continued : http://www.h-online.com/security/news/item/Facebook-password-reset-bug-closed-1779440.html

Related: Serious Flaw in Facebook Allows Arbitrary Account Hijacking

GFI Software released a collection of the most prevalent threat detections encountered last month. In December, GFI threat researchers found a handful of phony Google Play app markets hosting mobile Trojans as well as a number of spam email campaigns posing as messages from Amazon, PayPal and LinkedIn.

"Cybercriminals often make the effort to create phony websites and spam emails that appear authentic in order to increase the chances of catching users off guard and infecting their PCs," said Christopher Boyd, senior threat researcher at GFI Software.

"Over the past year, we have seen cybercriminals improve their ability to fabricate even more convincing sites that prey on users who rush into providing personally identifiable information or installing applications without completely investigating the legitimacy of the source. Users should be extra careful in every situation by taking the time to look at URLs and manually navigating to the sites that they want to visit," Boyd added.

Continued : http://www.net-security.org/malware_news.php?id=2370