Join Date: Feb 2011
Posts: 47,561
Thanks: 27,627
Thanked 14,458 Times in 10,262 Posts
|
New Malware Targets Windows, Linux, Mac OS, & MORE
This week’s edition of WIG is filled with news link goodness covering topics such as how the malware on Google Play went undiscovered for weeks, there may not be a full retail version of Windows 8 made available, interest in Windows 8 pre-releases has been lower than for Windows 7 pre-releases, and more.
Hackers have been having a field day this past 2 weeks, read some of the reports of what and where, has been attacked, here;
Security News
Image courtesy of F Secure Weblog .
- Cross-platform Trojan attacks Windows, Intel Macs, Linux
A second cross-platform Trojan downloader has been discovered that detects if you’re running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. Unlike the first one, which supported PowerPC Macs, this one does Intel x86 Macs.
- Tumblr haunted by stored (persistent) XSS flaw
Tumblr users are sitting ducks for cookie theft, malicious site redirection and script execution attacks.
- Warning: Don’t forget about meeting tomorrow (fake e-mail)
If you receive an e-mail reminding you of a meeting tomorrow and asking you not to forget the corresponding report, which is convenient attached, make sure to ignore it. The attached file is not a report. It is malware.
- Instagram vulnerability: Anyone can add you, see your photos
A new security flaw has been discovered in Instagram that allows a perpetrator to add anyone as a friend and see their private photos and profile information. Facebook has been contacted. While we wait for an explanation and/or a fix, please be wary of what you upload to the service.
- Malware went undiscovered for weeks on Google Play
Breaking the malware into separate, staged payloads allowed the Trojan’s authors to avoid detection by Google’s automated screening process.
- Microsoft fix kills Windows Gadgets, warns it could lead to PC hijack
Microsoft has warned that a Gadgets feature included in Vista and later versions of Windows could allow attackers to hijack end-user machines and has taken the unusual step of issuing a temporary update that allows it to be completely disabled.
- Microsoft kills more code-signing certs to stop Flame-like attacks
Microsoft has revoked more than two dozen digital certificates used to prove its wares are genuine after discovering some of them could be subject to the same types of attacks orchestrated by the designers of the Flame espionage malware.
- Defects leave critical military, industrial infrastructure open to hacks
Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment.
- Former Pentagon analyst: China has backdoors to 80% of telecoms
A former Pentagon analyst reports the Chinese government has “pervasive access” to about 80 percent of the world’s communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage.
- Android malware’s dirty secret: Repackaging of legit apps
Security researchers at North Carolina State University believe Google should invest in repackaging detection to get a handle on malware targeting the Android platform.
- Nation-state hackers attack small businesses, too
Small businesses have their hands full these days in light of a down economy, tightening budgets and the steepening pace of business, but with nation-state hacks front and center in the threatscape, should you worry about those, too, or are you (and your customers) safe?
- Smart TVs new Web threat frontier
Lack of security measures such as antivirus and intrusion detection system means Internet-connected TVs susceptible to online scams and bot campaigns too, security watchers warn.
- Cell carriers see dramatic increase in surveillance requests
Wireless companies have seen double-digit percentage increases in law-enforcement requests for subscriber information for each the past five years, according to a survey detailed by the New York Times
- Banking on a Live CD
Brian Krebs shares advice on the best way to conduct your online banking in safety.
- Yahoo gives all clear after hack attack
Company blames hack on contributor network, says compromised information was provided by writers who joined Associated Content prior to May 2010.
- Android Forums hacked: 1 million user credentials stolen
Phandroid’s AndroidForums.com has been hacked. The database that powers the site was compromised and more than 1 million user account details were stolen. If you use the forum, make sure to change your password asap.
- Hackers strike again, hit Nvidia’s developer zone
Nvidia says close to 400,000 accounts may have been hit, and recommends users change their passwords.
- Thousands of GMX accounts compromised to send spam
The cyber attack on users of GMX, a German web services provider, which was discovered on Wednesday, is potentially huge, with the company telling The H’s associates at heise Security that the spammers have been able to sign in to more than 300,000 accounts.
- Formspring resets millions of passwords amid breach
- Formspring has reset all of its user passwords, following a breach of its systems. Users of the popular question-and-answer site Formspring have received a brief email stating that “for security reasons”, their password has been disabled, and they will need to reset it when they log back in.
|