news aggregator

Hackers use DRAFT emails as dead-drops for running malware

The Register Spam-News - Thu, 06/11/2014 - 14:29
Python bite opens doors to get into Gmail, Yahoo! accounts

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments.…

Rovnix Trojan infection outbreak infects 130,000 machines in Blighty

The Register Spam-News - Thu, 06/11/2014 - 12:44
Email-borne nasty slurps your banking details

A new cluster of infections by the Rovnix Trojan has infected more than 130,000 Windows computers in the UK alone.…

Hide your Macs, iPhones and iPads: WireLurker nasty 'heralds new era'

The Register Spam-News - Thu, 06/11/2014 - 09:29
A new era of pain, apparently

The largest-scale attack of its kind on Apple Macs, phones and tablets – and believed the first to maliciously target non-jailbroken iPhones – has been detected. And it's hit thousands and thousands of devices in the wild.…

NSA director: We share most of the <small>[crap]</small> bugs we find!

The Register Spam-News - Thu, 06/11/2014 - 06:19
Crypto, crypto everywhere, 'til all the boards databases did shrink

The National Security Agency (NSA) is only holding back a teeny, tiny number of code secrets, with director Admiral Mike Rogers promising the world the spook collective shares 'most' of the vulnerabilities it finds.…

Microsoft releases free anti-malware for Azure VMs

The Register Spam-News - Thu, 06/11/2014 - 04:20
Tick a box, zap the baddies, annoy the competition

Free anti-malware software is not hard to find: even reputable vendors offer product at the low, low, price of $0.00 for client devices/…

EFF: VPNs will crumble Verizon's creepy supercookie stalkers

The Register Spam-News - Thu, 06/11/2014 - 03:28
Now that ad networks are jumping on the privacy vulnerability

The Electronic Frontier Foundation says Verizon's silent supercookies, which always follow subscribers around the internet, are being abused by creepy advertisers to push targeted ads.…

158 new malware created EVERY MINUTE

The Register Spam-News - Thu, 06/11/2014 - 02:03
One for YOU and YOU and YOU and YOU

Malware monitors PandaLabs says 227,747 new malware samples are released every day.…

Feds investigate Homeland Security background checker security breach

The Register Spam-News - Wed, 05/11/2014 - 18:04
Extent of problem at contractor USIS still being assessed

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach.…

Watchdog bites hotel booking site: Over 3k card details slurped

The Register Spam-News - Wed, 05/11/2014 - 14:01
SQL flaw ‘oldest trick in the book' – ICO

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers.…

Russia to ban iCloud.. to PROTECT iPhone fiddlers' pics 'n' sh*t

The Register Spam-News - Wed, 05/11/2014 - 13:14
State secrets: This is local data for local people

The Kremlin is set to ban Apple's iCloud as part of plans to throw up a new iron curtain around Russia's digital communications.…

Fake Pizza Hut “Free Pizza” Coupons Latest Malware Threat

Cloudmark Blog - Wed, 29/10/2014 - 17:06

Starting on October 28, we saw a new hook used to try and trick users into installing a Trojan on their computer – Free Pizza. Fans of Robert Heinlein will be familiar with the acronym TANSTAAFL – There Ain’t No Such Thing As A Free Lunch. In this case TANSTAAFPE – There Ain’t No Such Thing As A Free Pizza, Either.

The attack features a realistic looking message, apparently from Pizza Hut:

Today we are celebrating our 55th anniversary and we want you to share this celebration with us - you may get a free pizza in any of our restaurants.

Pizza Hut was actually founded in 1956, which makes them 58 years old, not 55. Of course, if you click on the link, you do not get a coupon for free pizza – you get a .zip file containing a Windows executable which will make you part of a malicious botnet called Asprox or Kuluoz. This botnet has been around since 2008. It goes through sudden bursts of growth from time to time, and then cuts back in size, perhaps to avoid countermeasures from the security community.

jQuery(document).ready(function () { jQuery(".tweet-box").hover( function () { jQuery(this).find("p").css("color", "#333333"); }, function () { jQuery(this).find("p").css("color", "#333333"); } ); });

TANSTAAFPE – There Ain’t No Such Thing As A Free Pizza, Either.

Click to tweet

This attack appears to be more credible than the typical package delivery or invoice spam used to distribute malware. Everybody wants to believe in free pizza. We are seeing an unusually high number of people taking this email out of their spam folders. Users are more than four times more likely to take this out of their spam folder than the largest recent malware spam campaign which claimed to be a notice to appear in court.

Though the attack is low volume at the moment, it’s quite possible it may grow. Asprox infects both workstations (using Trojans), and web servers (using SQL injection attacks). By using infected workstations to probe for vulnerable web servers and infected servers to deliver malware to workstations the Asprox botnet has been capable of explosive growth in the past. In June 2010 the number of infected web servers grew by a factor of five in a single day.

The bottom line is that users should not click on any links in unsolicited email, especially if it is already in your spam folder. Free pizza may seem a lot more credible than Nigerian gold, but they are both dangerous scams. If you are tempted to click on a link (because who can turn down free pizza), hover the mouse over it first, and make sure that the URL goes to http://pizzahut.com/ and not http://pizzahut.com.[some random hacked domain].cn .

#Lawlipop: Android’s Latest Security Intiative

Cloudmark Blog - Tue, 28/10/2014 - 20:21

Just the act of Googling “Lollipop security” is reason for pause – who knows what surveillance list that might trigger? But do so and you’ll discover that the presumably amply insured head of Android security doesn’t bother locking the front door to his urban San Francisco home. As Seth Rosenblatt of CNET reports, the exact reason for that complacency is anyone’s guess. And as Rosenblatt notes:

Now Ludwig, the man with the unlocked door, wants you to feel just as safe using your mobile phone and “not think” about Android security, either.

Google has just announced that it’s newest Android release named Lollipop, will have a more robust, on-by-default security offering. Out of the gate, Adrian Ludwig points to the lock screen as “the simplest way to keep the data safe and secure on your mobile device.” And it definitely can be. This alongside full device encryption make a handset extremely resilient to even the most determined attackers.

It’s not all lawlipops and rainbows though. While this is all well and good when properly implemented, Samsung has just demonstrated that these remote controls in the name of “security” aren’t all they’re cracked up to be when implementation is poor. A recent vulnerability (CVE-2014-8346) was found that allows attacks to abuse the remote FindMyMobile security features to lock and unlock Saumsung devices at will.

A YouTube video example demonstrates that Samsung mobile devices do not validate where lock commands originate from. Using this, the researcher was able to lock the device with their own lock codes, thus barring the legitimate owner from their own device. If Android Lollipop were also on these Samsung devices, would attackers have the ability to potentially abuse the kill switch, maliciously bricking devices as they please?

To be clear, Google is not at fault here; the vulnerability lies in Samsung’s implementations. However, it’s not inconceivable that other handset manufacturers may introduce similar vulnerabilities. And while a denial of service due to a remotely configurable lock setting may be inconvenient, the potential for a total malicious wipe of a phone’s data is unsettling.

Syndicate content