Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: NEWS - February 08, 2013

by: Carol~ February 8, 2013 9:13 AM PST

Like this

0 people like this thread

Staff pick

NEWS - February 08, 2013

by Carol~ Moderator - 2/8/13 9:13 AM

Microsoft to Quash 57 Vulnerabilities in February

On Thursday, as part of the ritual of advance notification, Microsoft announced its plans to address 57 security vulnerabilities within Windows, Internet Explorer, and Office. Of the 12 bulletins that are addressing the fixes, five are critical while the rest are ranked as important.

Tuesday's pending security cycle means that some IT teams will be busy, due to the large amount of fixes to be deployed. Yet, the release is both a blessing and a curse it seems.

"It's good because administrators probably don't have to worry about applying multiple patches for the same advisory to a single host. It's bad because an organization with even the simplest deployment of Microsoft products will probably be hit by all of these advisories, meaning their desktop and server teams will be extra busy," explains Rapid7's Senior Manager of Security Engineering, Ross Barrett.

"The exceptions to the OS vulnerability trend are bulletins 4, which applies to MS Exchange 2007, and 2010 and bulletin 5, which applies to Microsoft FAST Search Server 2010. Bulletin 4 (affecting Microsoft Exchange) is listed as critical, which could mean it is something that a malformed email message would trigger," Barrett explained. "If so, this will be the most directly exploitable of the advisories and should be a top priority."

Continued : http://www.securityweek.com/microsoft-quash-57-vulnerabilities-february

Also:
Patch Tuesday: IE at risk of malware attacks; 57 flaws in total
Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday
Microsoft Announces Five Critical February Patch Tuesday Updates Coming Next Week


Reply
Report offensive post
Email to friend

Bush family privacy shattered after e-mails, photos exposed

by Carol~ Moderator - 2/8/13 9:35 AM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

... online

A brazen intrusion into several e-mail accounts belonging to friends and family of former President George H. W. Bush have exposed a wealth of personal photos, correspondence, home addresses, and other sensitive information, prompting a criminal investigation, according to published reports.

The trove of Bush communications, which were sent from 2009 to 2012, were lifted from at least six separate e-mail accounts, including the AOL account of Dorothy Bush Koch, daughter of George H. W. Bush and sister of former President George W. Bush, according to The Smoking Gun. The hack opens a window into some of the extended family's most personal and intimate moments, including several members planning the funeral of the older former president when he was hospitalized late last year.

One e-mail reported that George H. W. Bush's condition was so perilous in late December that his chief of staff informed the former president's adult children that "your dad's funeral team is having an emergency meeting at 10 a.m. just to go through all the details." The Bush aide, Jean Becker, went on to say the former president's health status "fell under the broadening category of things NOT TO TELL YOUR MOTHER."

Continued : http://arstechnica.com/security/2013/02/bush-family-privacy-shattered-after-e-mails-photos-exposed-online/

Also:
Hacker gains access to private Bush family emails and photos; criminal investigation launched
Hacker accesses Bush family emails, photos, report says
Hacker compromises email accounts of Bush family members


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Children turning into malicious code developers

by Carol~ Moderator - 2/8/13 9:35 AM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

In a world filled with laptops, tablets and smartphones, today's children become digitally fluent far earlier than previous generations.

Now, AVG has found evidence that pre-teens are writing malware designed to steal login details from online gamers, both young and old.

While stealing someone's game logins may at first seem a minor problem, online gaming accounts are often connected to credit card details to enable in-game purchases, and may also have virtual currency attached to them amounting to hundreds of dollars.

Furthermore, many gamers unfortunately use the same login details for social networks such as Facebook and Twitter, potentially putting the victim at risk of cyber-bullying, in addition to identity theft and major inconvenience.

"We have now seen a number of examples of very young individuals writing malware, including an 11-year-old from Canada," said Yuval Ben-Itzhak, CTO at AVG Technologies. "The code usually takes the form of a basic Trojan written using the .NET framework, which is easy to learn for beginners and simple to deploy via a link in an email or posted on a social media page."

Continued : http://www.net-security.org/malware_news.php?id=2406

Also: AVG finds 11 year-old creating malware to steal game currency


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Battered Twitter, Phish but no Chips!

by Carol~ Moderator - 2/8/13 11:22 AM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

From the Websense Security Labs Weblog:

Hot on the heels of Friday's announcement by Twitter that they 'detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data' and subsequent confirmation that 'attackers may have had access to limited user information' for 'approximately 250,000 users', Websense Security Labs are tracking a phishing campaign propagated via Twitter's direct message functionality.

Whilst no correlation between the two events can be drawn at this time, Twitter users should be on guard for signs of their own account being abused or compromised, as well for abnormal signs or unusual behavior (or perhaps in many cases, more unusual than normal) from those that they follow. Specifically, users should be cautious, as always, when following any links received from direct messages or Tweets particularly if the page you've been directed to is asking for your credentials or personal information.

Given the recent compromise, Websense Security Labs suggest that you regularly check your online accounts for signs of compromise and, as if anyone needs an excuse to do so, regularly update your suitably complex (and most definitely not your pet/team/town or dictionary word) password as well as reviewing the permissions granted to third-party applications that have access to your accounts (Twitter: How to Connect and Revoke Third-Party Applications). Should you have been unlucky enough to fall victim to this recent compromise, you'll have hopefully received a notification from Twitter that suggests these actions along with some general tips for account security: [Screenshot]

Continued : http://community.websense.com/blogs/securitylabs/archive/2013/02/05/battered-twitter-phish-but-no-chips.aspx


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Facebook outage took several other sites with it

by Carol~ Moderator - 2/8/13 11:51 AM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

A Facebook glitch briefly took down a large number of sites that use the social network's login credentials on Thursday — highlighting just how wide Facebook's reach has become.

The glitch lasted a few minutes and affected only those who were logged into Facebook at the time. But there were widespread reports of users having trouble getting to sites such as Gawker, CNN, Mashable and, yes, The Washington Post. When users tried to visit those sites, they were sent to a Facebook page that displayed an error. To get around the bug, users had to log out of the social network.

Facebook released a short statement after the outage, saying, "For a short period of time, there was a bug that redirected people from third party sites integrated with Facebook to Facebook.com. The issue was quickly resolved."

The company has yet to provide further information about the flaw or say how many Web sites may have been affected.

Continued : http://www.washingtonpost.com/business/technology/facebook-outage-took-several-other-sites-with-it/2013/02/08/329d83e0-71ee-11e2-ac36-3d8d9dcaa2e2_story.html

Related:
Facebook Hijacks Internet Sites For An Hour Thursday Afternoon
Facebook briefly takes over entire Internet with redirection bug


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Learn by doing: Phishing and other online tests

by Carol~ Moderator - 2/8/13 12:46 PM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

As a tech-savvy person in a family that mostly consists of low level Internet users - and especially because of my line of work - I'm often tasked with helping them when their computers become riddled with malware.

One of these shortcuts were online tests that let you test your ability to spot fake emails, webpages or software. After all, repetition IS the best teacher.

When the idea first came to me, I thought the Internet was rife with them, but I was wrong. So, I had to take the time to dig around and make a collection of links to present to my "pupils."

Learning how to spot phishing emails and websites

Phishing tests were relatively easy to find, but unfortunately there aren't many of them.

By far the most popular is MailFrontier's (renamed as SonicWALL Phishing IQ Test when SonicWALL acquired MailFrontier in 2006).

It's easy to see why. Once you go over the test and see the results, you are able to see the "warning signs" for each email: [Screenshot]

The explanations are simple and directly applied to each mail. Still, there is one downside: the email examples are always the same each time you take the test.

Continued : http://www.net-security.org/secworld.php?id=14375


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Security Firm Bit9 Hacked, Used to Spread Malware

by Carol~ Moderator - 2/8/13 2:37 PM

In Reply to: NEWS - February 08, 2013 by Carol~ Moderator

Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known "safe" files from computer viruses and other malicious software.

Waltham, Massachusetts-based Bit9 is a leading provider of "application whitelisting" services, a security technology that turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous.

But earlier today, Bit9 told a source for KrebsOnSecurity that their corporate networks had been breached by a cyberattack. According to the source, Bit9 said they'd received reports that some customers had discovered malware inside of their own Bit9-protected networks, malware that was digitally signed by Bit9's own encryption keys.

Continued : http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close