Spyware, viruses, & security forum: NEWS - February 20, 2013

... eventually

Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. [[Screenshot]

Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off.

Curiously, Cupertino did push out a patch early in February, but only for OS X 10.6 users. Lion and Mountain Lion users have been in limbo until now.

Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases).

This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled.

Both Facebook and Apple have now admitted to being owned due to malicious Java code hosted inadvertently by a website popular with mobile developers.

Twitter, too, admitted to a breach recently, didn't say how it happened, but suggestively invited everyone to turn off Java in their browser as part of its official statement.

Continued : http://nakedsecurity.sophos.com/2013/02/20/apple-patches-its-own-java-hole/

Related: Apple Victim of Facebook, Twitter Hackers; Java to Blame

Malware Found Matches Code Used Vs. Defense Contractors in 2012

Cyber espionage hackers who broke into security firm Bit9 initially breached the company's defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.

Earlier this month, KrebsOnSecurity broke the story of the breach at Waltham, Mass.-based Bit9, which involved the theft of one of the firm's private digital certificates. That certificate was used to sign malicious software, or "malware" that was then sent to three of the company's customers. Unlike antivirus software, which tries to identify and block known malicious files, Bit9's approach helps organizations block files that aren't already digitally signed by the company's own certificates.

After publishing a couple of blog posts about the incident, Bit9 shared with several antivirus vendors the "hashes" or unique fingerprints of some 33 files that hackers had signed with the stolen certificate. KrebsOnSecurity obtained a list of these hashes, and was able to locate two malicious files that matched those hashes using Virustotal.com — a searchable service and database that lets users submit suspicious files for simultaneous scanning by dozens of antivirus tools.

Continued : http://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012/

The latest release of Mozilla's Firefox open source web browser, version 19, brings few new features but does close four critical security holes. The release notes list only the arrival of PDF.js, the PDF viewer written in JavaScript, as a new feature. This, it is hoped, should reduce users' exposure to malicious PDF documents which exploit third party PDF reader plugins to get access to the underlying operating system.

Alongside improvements in startup performance, the desktop version of Firefox 19 also adds, disabled by default, an experimental Remote Web Console, which can connect to Firefox for Android and Firefox OS web applications and interact with them from within the desktop installation of Firefox. Another experimental addition is a Browser Debugger for add-on and browser developers.

Continued : http://www.h-online.com/security/news/item/Firefox-19-brings-PDF-viewer-and-4-critical-security-fixes-1806437.html

Related: Rid yourself of Adobe: New Firefox 19.0 gets JAVASCRIPT PDF viewer

@ The Mozilla Blog: Firefox introduces PDF viewer to browse the Web without interruption

New underground E-shop offers access to hundreds of hacked PayPal accounts

Dancho Danchev @ the Webroot Threat Blog:

On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cybercriminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal.

We've recently spotted a newly launched underground E-shop that's exclusively selling access to hacked PayPal accounts. How much does it cost to purchase a hacked PayPal account on the underground marketplace these days? What pricing method is the cybercriminal behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in 2012?

Let's take a peek inside the E-shop.

More details:

Sample login page for the E-shop: [Screenshot]

Continued : http://blog.webroot.com/2013/02/20/new-underground-e-shop-offers-access-to-hundreds-of-hacked-paypal-accounts/