Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: NEWS - January 23, 2013

by: Carol~ January 23, 2013 12:10 PM PST

Like this

0 people like this thread

Staff pick

NEWS - January 23, 2013

by Carol~ Moderator - 1/23/13 12:10 PM

Twitter Bug Changes Application Security Levels on Twitter

A security researcher uncovered a bug in Twitter's code which may have resulted in some third-party applications getting access to private direct messages without the user's explicit approval.

Many Web applications allow users to sign in using their Twitter and Facebook accounts instead of creating yet another account. It is convenient for users and application developers can access user data stored on the social networking site. Cesar Cerrudo, a security researcher with IOActive, stumbled across a flaw in which these applications could wind up with higher levels of access than they should have.

In a post on the IOActive Labs Research blog, Cerrudo described how he was testing a Web application (still under development) which allowed users to sign in with Twitter or Facebook. At the "Sign in" page, Cerrudo saw that the application would be able to view his public tweets, post on his account, see his followers, follow new people, and make changes to the profile. The page also explicitly stated the application would not have access to his Direct Messages or his password.

Continued : http://securitywatch.pcmag.com/none/307241-twitter-bug-changes-application-security-levels-on-twitter

Also:
Twitter Bug Allowed Apps to Access Direct Messages Without Permission
Twitter bug gives 3rd-party apps access to users' Direct Messages
Twitter Bug Exposed Direct Messages to Third Party Apps Without User Approval
Twitter Fixes Bug That Allowed Third-Party Apps to Access DMs Without Permission


Reply
Report offensive post
Email to friend

Just-patched Java, IE bugs used to snare human rights sites

by Carol~ Moderator - 1/23/13 12:14 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

"Reporters without Borders is latest site used in "watering hole" campaign."

The website belonging to non-governmental organization Reporters Without Borders is the latest to be hit by attacks that use the recently patched Java and Internet Explorer vulnerabilities to surreptitiously hijack computers of visitors, security researchers said.

The compromise comes a week after similar attacks successfully commandeered sites belonging to major Hong Kong political parties, Jindrich Kubec, a security researcher with antivirus provider Avast, wrote in a blog post published Tuesday. It's most likely another example of a "watering hole" attack, in which attackers target the sites their victims are likely to visit, in much the way predators position themselves near a river or lake bed to lie in wait for thirsty prey.

"Such an organization is an ideal target for [a] watering-hole campaign, as it seems right now the miscreants concentrate only on human rights/political sites—many Tibetan, some Uygur, and some political parties in Hong Kong and Taiwan which are the latest hits in this operation," Kubec wrote. "In our opinion the finger could be safely pointed to China (again)."

Continued : http://arstechnica.com/security/2013/01/just-patched-java-ie-bugs-used-to-snare-human-rights-sites/

Related:
Reporters Without Borders website abused in malware campaign
Reporters Without Borders Site Hacked, Abused in Watering Hole Attacks


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

More Malware Moving on Skype

by Carol~ Moderator - 1/23/13 12:57 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

With Skype expanding its reach with services designed for small businesses, and other messaging platforms such as Microsoft Windows Messenger shutting down, Skype is becoming an attractive target for malware writers.

Reports surfaced last week of the Shylock financial malware spreading on Skype and yesterday, researchers reported the discovery of more malware propagating on Skype.

Researchers found two worms, Bublik and Phorpiex, spreading mostly in Japan. Bublik is a backdoor with rootkit functionality. It opens a communication channel with a command and control server and downloads additional plug-ins. In this case, Trend Micro discovered the Kepsy worm, which helps Bublik spread over Skype and also clears Skype message history.

Bublik can enable remote access for an attacker, download and upload files to a C&C server, download additional plug-ins and monitor browser activity. It also gathers and reports application data, system and network information, hardware specs and running processes.

Continued : https://threatpost.com/en_us/blogs/more-malware-moving-skype-012213

Also: Skype Malware Campaign Grows - Businesses and Consumers Targeted

From TrendLabs: Shylock Not the Lone Threat Targeting Skype


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

How Java dumps useless add-ons and toolbars on PC users

by Carol~ Moderator - 1/23/13 12:58 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

"Java is the newly crowned "king of foistware.""

Remember the Ask search engine? Oracle sure does—and by extension, so do Java users. Oracle has taken the practice of bundling useless add-ons and toolbars with legitimate software to new heights while collecting a commission each time it tricks a user into installing an Ask toolbar.

That's what Windows expert and legendary skeptic Ed Bott of ZDNet reports after examining Java's installation and update practices. Bott has done extensive reporting on "foistware," previously crowning Adobe and Skype as the worst offenders. But over the past year, Adobe and Skype have reformed themselves a little bit, while Oracle's Java now deserves the crown for "king of foistware," he wrote today.

"The evidence against Oracle is overwhelming," Bott wrote, continuing:

Continued : http://arstechnica.com/information-technology/2013/01/how-java-dumps-useless-add-ons-and-toolbars-on-pc-users/

Related : Oracle, please stop sneakily foisting third-party toolbars on us with your Java updates

From Ben Edelman within IAC Toolbars and Traffic Arbitrage in 2013::

The Special Problems of IAC Ask Toolbar Installed by Oracle's Java Updates


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Three Men Charged in Connection with 'Gozi' Trojan

by Carol~ Moderator - 1/23/13 12:59 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

Federal prosecutors today announced criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer.

According to charging documents filed in the U.S. District Court for the Southern District of New York, authorities believe Gozi was the creation of Nikita Kuzmin, a 25-year-old Russian national. Authorities say Kuzmin was aided by 27-year-old Latvian resident Deniss "Miami" Calovskis, and Mihai Ionut Paunescu, a 28-year-0ld Romanian national who allegedly used the screen name "Virus". The charges include bank-fraud conspiracy, conspiracy to commit computer intrusion, wire-fraud conspiracy.

A press conference announcement sent to reporters today by the office of New York U.S. Attorney Preet Bharara states that Gozi infected more than one million computers — at least 40,000 of which were in the United States — and caused millions of dollars in losses. Kuzmin was arrested in California in Nov. 2010; Calovskis was arrested in Latvia in Nov. 2012; Paunescu was arrested in last month in Romania. Bharara's office called Gozi "one of the most financially destructive computer viruses in history."

Continued : http://krebsonsecurity.com/2013/01/three-men-charged-in-connection-with-gozi-trojan/

Also: Three Charged with Creating, Distributing Gozi Banking Malware


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

2012 Annual Security Roundup: Post-PC Threats

by Carol~ Moderator - 1/23/13 2:53 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

From the Trendlabs Security Intelligence blog:

The "post-PC era" is a phrase which has been a veritable buzzword for some time. However, 2012 saw cybercrime expanding to mobile platforms, highlighting how threats have entered the post-PC era, too.

Mobile Threats: 350,000 and Growing

By the end of 2012, the number of Android malware grew to 350,000. This was a monumental growth from the 1,000 mobile malware we saw at the end of 2011. Much of this growth was driven by adware and premium service abusers, which accounted for a sizable majority of the seen growth.

The popularity of Android in the mobile space means that it is now facing threats similar to what has faced Windows in the desktop space. This threat grew and became more sophisticated throughout the entire year, and we expect that this will continue into 2013.

Data breaches and Malware: Business as Usual

The year saw a continuation and evolution of many familiar threats. Data breaches and APTs continued to hit organizations large and small. Increasingly, the question is no longer if a system will suffer a data breach, but when. Throughout the year, we discovered and looked into various information theft campaigns, as well as the tools used.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/2012-annual-security-roundup/

Related: Android malware could reach the 1 million mark by year's end


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

`Confidential Message' Infects Employees w/ Password Stealer

by Carol~ Moderator - 1/23/13 2:53 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

Malware writers target companies and public and private institutions by tricking employees into downloading a password stealer disguised as a confidential corporate document addressed to employees only.

The document in the form of a ZIP file is attached to an e-mail addressed to company employees under the confidentiality mark. The sender's address is spoofed to make it look as if the mail is sent by DocuSign Electronic Signature Service, on behalf of the administrative department of the employer company. [Screenshot]

Under the pretext of viewing or printing a confidential document, recipients in fact download a password stealer that snatches passwords of their e-mail client (TheBat, Thunderbird, Outlook, or IncrediMail) and website passwords - saved under popular browsers such as Chrome, Firefox, Opera or Internet Explorer - to send them to a remote attacker.

Continued : http://www.hotforsecurity.com/blog/confidential-message-infects-employees-with-password-stealer-5089.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Mega acknowledges security concerns, promises changes

by Carol~ Moderator - 1/23/13 2:54 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

Representatives of newly launched file-storage and sharing service Mega addressed some of the concerns raised by security researchers in recent days about the site's architecture and the implementation of its cryptographic features.

In a blog post published Tuesday, Mega officials acknowledged that some of the security risks pointed out by researchers are valid, but said that users had already been informed about some of them through the FAQ (Frequently Asked Questions) section of the website. In the case of other issues, they promised some improvements.

For example, it has been pointed out that the encryption keys generated by users during the sign-up process, and which are later used to encrypt their files, are encrypted using the account password and are only stored on Mega's servers. Since there is no password recovery feature, users will lose the ability to decrypt their files if they forget their passwords, some people said.

Continued: http://www.computerworld.com/s/article/9236059/Mega_acknowledges_security_concerns_promises_changes

Related:
Mega facts
Mega's first crypto faux pas


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Google Tells Cops to Get Warrants for User E-mail,

by Carol~ Moderator - 1/23/13 3:46 PM

In Reply to: NEWS - January 23, 2013 by Carol~ Moderator

... Cloud Data

Google demands probable-cause, court-issued warrants to divulge the contents of Gmail and other cloud-stored documents to authorities in the United States — a startling revelation Wednesday that runs counter to federal law that does not always demand warrants.

The development surfaced as Google publicly announced that more than two-thirds of the user data Google forwards to government agencies across the United States is handed over without a probable-cause warrant.

A Google spokesman told Wired that the media giant demands that government agencies — from the locals to the feds — get a probable-cause warrant for content on its e-mail, Google Drive cloud storage and other platforms — despite the Electronic Communications Privacy Act allowing the government to access such customer data without a warrant if it's stored on Google's servers for more than 180 days.

Continued : http://www.wired.com/threatlevel/2013/01/google-says-get-a-warrant/

RelatedL Google: User-data requests have increased by 70 percent since 2009


Was this reply helpful? (2)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close