Subscribe to This Feed

Malicious Kindle eBooks: DHS Open Source Highlights September 17th

By Kelli Tarala | September 18, 2014

new-kindles Source: http://blog.the-ebook-reader.com

Malicious Kindle eBooks can give hackers access to your Amazon account
A security researcher identified a security issue in Amazon’s “Manage your Kindle page” that can be exploited using a malicious eBook file to take over a user’s Amazon account. The same vulnerability was reported and fixed in November 2013 but was reintroduced in a new version of the page.

Full Story:
http://news.softpedia.com/news/Malicious-Kindle-Ebooks-Can-Give-Hackers-Access-to-Your-Amazon-Account-458983.shtml

THREE QUARTERS of Android mobes open to web page spy bug
A Metasploit developer released a Metasploit module for a vulnerability in Android versions 4.2.1 and below that was discovered September 1, which could automate an exploitation of the vulnerability and allow attackers behind a malicious Web page to see users’ other open pages and hijack sessions.

Full Story:
http://www.theregister.co.uk/2014/09/16/three_quarters_of_droid_phones_open_to_web_page_spy_bug/

LinkedIn feature exposes email addresses
Researchers with Rhino Security Labs demonstrated how an attacker could use a ‘find connections’ feature in LinkedIn and a large number of email contacts generated with likely email addresses to identify the email address of specific individuals for possible use in spear-phishing or other malicious activities. LinkedIn stated that it was planning at least two changes to the way the professional network handles user email addresses to counteract the issue.

Full Story:
http://krebsonsecurity.com/2014/09/linkedin-feature-exposes-email-addresses/

SNMP DDoS scans spoof Google public DNS server
The SANS Internet Storm Center reported September 15 that large-scale scans of Simple Network Management Protocol (SNMP) spoofing Google’s public DNS server traffic were taking place, indicating a scan being used to identify routers and devices using default SNMP passwords. Vulnerable routers and devices could have their configuration variables changed, creating a denial of service (DoS) situation on the affected devices.

Full Story:
http://threatpost.com/snmp-based-ddos-attack-spoofs-google-public-dns-server

‘Tiny banker’ malware targets US financial institutions
Researchers at Avast analyzed an updated variant of the Tiny Banker (also known as Tinba) financial malware and found that it is now able to target new financial institutions including ones in the U.S. The malware can inject HTML fields into banking Web sites when a user visits them in order to collect personal and login information.

Full Story:
http://www.networkworld.com/article/2684113/tiny-banker-malware-targets-us-financial-institutions.html

Aventura Hospital and Medical Center reports data breach
Valesco Ventures informed 82,601 Aventura Hospital and Medical Center patients in Florida September 9 that an employee may have accessed their personal information, including Social Security numbers, from September 2012 to June 2014. Authorities are investigating the breach.

Full Story:
http://www.local10.com/news/aventura-hospital-medical-center-reports-data-breach/28082920

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Lousy XOR opens door for victims: Sept.12 Cyber Updates

By Kelli Tarala | September 12, 2014

ransomware Source: http://www.techworm.net

TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Researchers with Nixu found that the encryption used by the TorrentLocker ransomware to encrypt victims’ files can be defeated if a user has an original copy of the encrypted version of a file over 2MB in size by applying XOR between the encrypted and unencrypted files.

Full Story:
http://www.theregister.co.uk/2014/09/11/torrentlocker_contains_freeunlock_crypto_shocker

Massive Gmail credential leak is not result of a breach
Google investigated a dump of Gmail credentials posted online and found that the credentials were not the result of a breach and that less than 2 percent of the credentials might have worked. Users were advised to change their passwords, use strong passwords, and enable two-factor authentication if possible as a precaution.

Full Story:
http://www.net-security.org/secworld.php?id=17352

Computer hardware containing patient data stolen from Ohio plastic surgery office. The Beachwood-Westlake Plastic Surgery and Medical Spa in Ohio notified 6,141 patients that their personal information was on a piece of computer hardware that was stolen in a June 29 burglary. The hardware contained names and some medical information.

Full Story:
http://www.scmagazine.com/computer-hardware-containing-patient-data-stolen-from-ohio-plastic-surgery-office/article/370808/

Zemot malware dropper strain delivered via Asprox botnet and exploit kits
Microsoft researchers analyzed the Zemot malware dropper, a variant of Upatre, and observed that it has been distributed through the Asprox (also known as Kuluoz) spam botnet and via exploit kits including Magnitude and Nuclear Pack. Once it infects a system the dropper can then deliver click fraud malware and was recently observed to distribute information-stealing malware including Rovnix, Tesch, and Viknok.

Full Story:
http://news.softpedia.com/news/Zemot-Malware-Dropper-Strain-Delivered-Via-Asprox-Botnet-and-Exploit-Kits-458437.shtml

Details disclosed for critical vulnerability patched in Webmin
A researcher with the University of Texas published details on a critical vulnerability in Webmin that was patched in May, showing that the vulnerability could have been used by unauthenticated users to delete files stored on the server.

Full Story:
http://threatpost.com/details-disclosed-for-critical-vulnerability-patched-in-webmin 32.

Apache warns of Tomcat remote code execution vulnerability
The Apache Software Foundation warned users of some older versions of Apache Tomcat that they are vulnerable under limited circumstances to a vulnerability that could allow an attacker to upload malicious JavaServer Pages (JSP) to a server, trigger the execution of the JSP, and then execute arbitrary commands on the server. The vulnerability affects versions 7.0.0 to 7.0.39 and users were advised to update their installations.

Full Story:
http://threatpost.com/apache-warns-of-tomcat-remote-code-execution-vulnerability

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Hackers target Apple Max OS X with 25 malware variants: DHS Open Source Highlights September 9th

By Kelli Tarala | September 9, 2014

78528771  Source: http://www.v3.co.uk/v3-uk/news

F-Secure released its Threat Report H1 2014 which found that 25 new malware variants targeting Apple OS X systems were observed in the first half of the year. Several variants were observed being used in targeted attacks against activists, the energy industry, and other industries.

Full Story:
http://www.v3.co.uk/v3-uk/news/2363893/hackers-target-apple-mac-os-x-with-25-malware-variants

AltaMed employee suspected of identity theft, company notifies clients
AltaMed Medical Group informed an undisclosed number of patients of a personal information breach after learning from law enforcement that a former employee is under investigation following the June 30 discovery of a hard drive from the suspect’s home. The company investigated and found that the former employee had accessed the details of patients at its Orange and Los Angeles locations.

Full Story:
http://news.softpedia.com/news/AltaMed-Employee-Suspected-of-Identity-Theft-Company-Notifies-Clients-457853.shtml

Computer glitch may have exposed student data
The Minnesota Office of Higher Education announced September 5 that a coding error on the State’s Student Educational Loan Fund program may have compromised the private information, including Social Security numbers, of college students seeking loans after it was discovered the weekend of August 30. Officials are investigating and will notify all students affected by the glitch.

Full Story:
http://www.startribune.com/local/274181251.html?page=all&prepage=1&c=y

Dodgy Norton update borks UNDEAD XP systems
Symantec issued a fix for a recent update to its Norton security software after some users running Windows XP reported issues after applying the update.

Full Story:
http://www.theregister.co.uk/2014/09/08/dodgy_norton_update_hits_win_xp/

Social engineering campaign leads to malicious Chrome extension
TrendMicro researchers identified a social engineering campaign that uses malicious shortened Twitter links to lead victims to a malicious Chrome browser extension used in a click fraud campaign. The malicious extension circumvents Google’s security policy against non-Chrome Web Store apps by creating a folder in the browser directory where it then drops its components.

Full Story:
http://www.scmagazine.com/social-engineering-campaign-leads-to-malicious-chrome-extension/article/370037/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

$7.4 million fine against Verizon, Cyber Highlights September 8th

By Kelli Tarala | September 8, 2014

Federal_Communications_Commission_Inspector_General_badge_(USA) Image: FCC Badge, Source: Wikipedia

Verizon failed to tell 2 million using their personal info for marketing
Now the FCC is making it pay. The U.S. Federal Communications Commission issued a $7.4 million fine against Verizon after the company failed to tell 2 million customers of their ability to opt out of having their personal information used for marketing purposes for 6 years. Verizon agreed to pay the fine and stated that the technical glitch has since been fixed.

Full Story:
http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/03/verizon-failed-to-tell-2-million-people-it-was-using-their-personal-info-for-marketing-now-the-fcc-is-making-it-pay/

Cyberespionage group starts using new Mac OS X backdoor program
FireEye researchers found that a cyberespionage group dubbed GREF has recently begun using a backdoor program known as XSLCmd that targets Mac OS X systems in order to steal files and install additional malware. The GREF group is known for attacks on several sectors including the U.S. defense industry as well as electronics manufacturers, engineering firms, and non-governmental organizations worldwide.

Full Story:
http://www.networkworld.com/article/2603441/cyberespionage-group-starts-using-new-mac-os-x-backdoor-program.html

Coursera privacy issues exposed
A researcher identified and reported two issues in the Coursera online educational software that could disclose a list of students’ names, email addresses, information on their courses, and disable a stated protection feature. Coursera partially addressed one of the reported issues while the second remains unaddressed.

Full Story:
http://www.net-security.org/secworld.php?id=17334

Researchers discover two SQL injection flaws in WordPress security plugin
Researchers with High-Tech Bridge identified and reported two SQL injection vulnerabilities in the All in One WordPress Security and Firewall plugin that affects version 3.8.2 and likely all prior versions.

Full Story:
http://www.scmagazine.com/researchers-discover-two-sql-injection-flaws-in-wordpress-security-plugin/article/369851/

Bitcoin exchange CEO pleads guilty to enabling Silk Road drug deals
The former CEO of Bitcoin exchange BitInstant and a Bitcoin seller pleaded guilty September 4 in New York City to charges of operating an unlicensed money exchange that was used to facilitate illicit transactions for users of the Silk Road underweb marketplace.

Full Story:
http://www.wired.com/2014/09/bitcoin-exchange-ceo-pleads-guilty-in-silk-road-case/

Hackers break into Healthcare.gov
The U.S. Department of Health and Human Services announced September 4 that hackers were able to successfully install malicious software on Healthcare.gov that could have been used to launch an attack on other sites from the federal insurance portal in July. The intrusion was detected August 25 and mitigated after technicians determined that no consumer data was taken.

Full Story:
http://abcnews.go.com/Health/wireStory/hackers-break-healthcare-25252518

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Updated Vawtrak banking malware: DHS Cyber Updates September 5th

By Kelli Tarala | September 5, 2014

Updated-Vawtrak-Banking-Malware-Strain-Expands-Target-List

Researchers with PhishLabs identified a new variant of the Vawtrak financial malware (also known as Neverquest) that has added features in the last month enabling it to expand its targets to users in the U.S., Canada, and Europe. The malware targets financial institutions as well as social networks, online retailers, gaming portals, and analytics firms and can steal credentials and automate fraudulent transactions.

Full Story:
http://news.softpedia.com/news/Updated-Vawtrak-Banking-Malware-Strain-Expands-Target-List-457656.shtml

Old Slider Revolution vulnerability massively exploited
Researchers at Sucuri found that attackers began heavily exploiting an old vulnerability in unpatched versions of the Slider Revolution Premium plugin for WordPress during August, which could allow a Local File Inclusion (LFI) attack. The vulnerability was fixed in February and all users were advised to update to the latest version as soon as possible.

Full Story:
http://news.softpedia.com/news/Old-Slider-Revolution-Vulnerability-Massively-Exploited-457607.shtml

CERT warns of Android apps vulnerable to MitM attacks
The Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT/CC) published a list of popular Android apps that expose users to man-in-the-middle (MitM) attacks due to the apps not properly validating SSL certificates. CERT/CC released its findings in a spreadsheet detailing their results and is attempting to contact the authors of every app that failed the organization’s tests.

Full Story:
http://www.securityweek.com/cert-warns-android-apps-vulnerable-mitm-attacks

Home router DNS settings changed via Web-based attack
Kaspersky Lab researchers identified a Web-based attack that uses Web pages with malicious scripts to attempt to change users’ home router Domain Name System (DNS) settings in order to redirect users to phishing pages of financial institutions. The attack was mostly observed in Brazil but also targeted some users in the U.S., Canada, Mexico, and other countries.

Full Story:
http://news.softpedia.com/news/Home-Router-DNS-Settings-Changed-Via-Web-Based-Attack-457668.shtml

VirusTotal mess means YOU TOO can track Comment Crew!
A researcher released findings on how he was able to use structured data and analysis to identify a subgroup of the Comment Crew group and an unnamed Iranian group using Google’s VirusTotal service to test new versions of malware against security software and check for detection rates.

Full Story:
http://www.theregister.co.uk/2014/09/04/

Semalt botnet hijacked nearly 300k computers
Incapsula researchers reported that the Semalt botnet is spreading quickly and is currently made up of around 290,000 infected machines. The botnet is linked to a Ukrainian search engine optimization (SEO) service and spams millions of Web sites in a referrer spam campaign designed to fraudulently boost a site’s search engine ranking.

Full Story:
http://www.net-security.org/malware_news.php?id=2857

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »


« Previous Entries