Saturday, December 22, 2012

'Change Facebook color theme' Just another Scam

The picture message posted on Facebook timeline tags the users and claims to change your Facebook profile color to Red. Is it a fact? Absolutely NOT - the message is simply a misleading scam that directs people to other promotional sites with adult content. The Facebook scam comes with a catchy picture of Facebook Red color profile along with the logo, and has a message that asks to click a special link. As mentioned, the scammer tries to convince the user with a comment followed by Tumblr link claiming to change your Facebook profile color to Red. But users who clicked on the link were redirected to other promotional websites. Facebook does NOT allow any profile color change officially.

Wednesday, December 19, 2012

Linux servers targeted by iFrame attack

ESET warned Zeus trojan is attempting to infect Linux machines through iFrame attacks. The malware can automatically hijack websites hosted on compromised servers to attack web surfers with drive-by-downloads. It targets machines running 64-bit GNU/Linux and a web server, and acts like a rootkit by hiding itself from admins. When a user visits a site hosted on a compromised system will be directed via HTML iFrame to malicious site thus infecting user's machine. Details of the attack first surfaced in a post to the Full Disclosure mailing list.

Monday, December 17, 2012

Exynos 4 processor flaw puts Samsung Galaxy users at risk

Samsung Galaxy S3 and Samsung Galaxy Note 2, along with various other devices, can leave your Android devices vulnerable to potential security threats. According to a latest report by alephzain, a member of XDA developers forum, a serious security hole has been recorded in Samsung's Exynos 4-powered devices, including Samsung Galaxy S3, Galaxy S2, and Galaxy Note 2. The vulnerability can allow malicious apps to access your device's physical memory, helping the malicious apps to read user's data, brick some of the device's hardware, and perform various other malicious activities.

Thursday, December 13, 2012

Oracle rolls out new database security package

Oracle is planning to merge its security products into a single one so that it will be useful to tackle Oracle and non-Oracle database traffic. Oracle Audit Vault and Oracle Database Firewall are the products which are going to be bundled to extend protection beyond Oracle and third-party databases to audit operating systems, directories and custom sources. Furthermore, the new solution supports auditing and event logging from third-party sources such as Microsoft Windows, Microsoft Active Directory, and XML-based Audit Collection Plugins. Primary tasks for the Audit Vault and Database Firewall consist of being able to detect and block unauthorized database activity as well as consolidate audit data and logs into a secure, centralized repository. more info

Wednesday, December 12, 2012

First Fake Installer Trojan for Mac OS X

Fake installers are no more new to security arena. So antivirus companies are fully aware about these trojans which mostly target Windows machine uptil now. But now, researchers from security firm Doctor Web have identified a variant that's designed for Mac OS X. Dubbed Trojan.SMSSend.3666, the malicious element disguises itself as an installer for a popular application called VKMusic 4 - an app that allows users to listen to music on a Russian social media site. Experts advise users to beware of pieces of software that request them to provide their mobile phone numbers or ones that ask them to send SMS messages. It can be avoided by downloading apps only from trusted locations.

Tuesday, December 11, 2012

Malware Exploiting WordPress & Joomla

According to SANS Institute, reports of multiple attacks on websites by exploiting the WordPress and Joomla publishing platforms. The compromised sites are then injected with code which redirects to a third-party site. John Bambenek, Sans blogger and president of security firm Bambenek Consulting, said that the attacks were particularly interesting for their method of attempting to exploit pages en masse by targeting servers. "The interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," he explained. Webmasters and administrators are being advised to update their software to avoid any mishap.

Monday, December 10, 2012

Skynet botnet uses Tor network for anonymity

Recently, researchers have figured out a botnet which is controlled by its creators over the Tor anonymity network. Tor - a system enabling its users to communicate anonymously on the Internet. Pentesting firm Rapid7 believes that other botnet might follow this approach. The botnet is called Skynet and can be used to launch DDoS attacks, generate Bitcoins -- a type of virtual currency -- using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones.

Saturday, December 8, 2012

Metasploit Pro 4.5 released by Rapid7

Rapid7 released a new version of Metasploit Pro, which introduces advanced capabilities to simulate social engineering attacks. With Metasploit 4.5, security professionals can now gain visibility into their organization's exposure to phishing attacks through user-based and technical threat vectors, and introduce the necessary controls to manage the risk. Metasploit Pro’s social engineering reports go above and beyond alternative penetration testing solutions by providing conversion rates, such as how many people clicked through a phishing email, how many entered username and password on a fake website, and how many systems were compromised.

Wednesday, December 5, 2012

Twitter fixes SMS-based account hijacking vulnerability

Security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service). So, in response to this, Twitter has fixed the account hijacking flaw by restricting the attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts. Most Twitter SMS users are protected from spoofing attacks by default, but others need to set PIN in order to protect themselves for being a victim. The issue occurred in the origin of text messages that can be spoofed via services that allow users to do this with ease.

Tuesday, December 4, 2012

MariaDB fixes 0-day bug in MySQL

MariaDB - a community-developed branch of MySQL database has come up with a 0-day bug fix for MySQL. The updates fix the buffer overflow issue under CVE-2012-5579. This could allow attackers to crash DB server or execute arbitrary shell code with the same privileges as the database process. Another issue that covers in CVE 2012-5611 is just a duplicate of CVE 2012-5579. They also suggest that a third problem (CVE 2012-5613) is not actually a bug in the database's code, but it is documented server behaviour that can only be exploited in the case of misconfiguration. Although Oracle hasn't confirmed the vulnerabilities. Let see how much time they will going to take to release patches.

Monday, December 3, 2012

Windows AutoRun malware spreading

A bug in the Windows AutoRun software that allows auto-launching of programs on a DVD or USB device and can infect your machine. The surge in infection is bit alarming for antivirus vendors as Windows 7 and Windows 8 PCs will not launch autorun.inf files and Microsoft already released patches for older versions. Experts believe infections occurs through unpatched system whereas shared folders, files and social media could also play a vital role in spreading the malware.

Saturday, December 1, 2012

Yahoo Mail Exploit goes on sale for $700

Yahoo! mail is suspectible to XSS flaw and exploit is available in the market but with a price tag of $700. According to security blogger Brian Krebs, an exploit being sold by an Egyptian hacker targets an XSS vulnerability in a Yahoo service. The hacker is able to sell the exploit several times but does say that he expects the hole it targets to be closed soon. The vulnerability in question has been exploited to allow attackers to steal cookies from Yahoo webmail users. Cookies can then be used to help attackers see the emails of victims or send emails from the hijacked account.The hacker points out that this is a "stored XSS" which "works with all browsers". Stored XSS means that the injected code is being permanantly stored on the targeted server. Yahoo said it quickly repaired the vulnerability after learning about the video.

Samsung printers provides backdoor for attackers

Admin account in Samsung printers allows an attacker to take full control of the devices. The account seems to be a hard-coded community string with full SNMP read and write access. This account remains active, even when SNMP is disabled in the printer's administration interface. "As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," US-CERT advises. Besides Samsung-branded printers, some devices that the company produced for Dell also seem to be affected. However, the flaw seems to only affect models produced before 31 October 2012.

eBay patches two critical security flaws

eBay recently patched two potentially critical vulnerabilities, a cross-site scripting bug and a SQL injection vulnerability. For SQL issue the vulnerable script is '' that attackers unauthorized read/write/edit access to a SQL database. Whereas XSS flaw could allow a hacker to access a seller's account and the ability to insert a XSS exploit into the code on a product's page.

Tuesday, July 17, 2012

Yahoo admits 40K passwords breached

In a recent security breach Yahoo! has been the victim of losing around 40,000 user credentials. The company on Thursday issued a statement confirming that on 11 July, an attacker had breached company systems and lifted the data from archived information related to the Yahoo Contributor Network. The information included account information from Yahoo and other services. Yahoo has responded swiftly to address the breach. "We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls and are in the process of notifying affected users," the company said.

Saturday, May 19, 2012

Apple issues security update for QuickTime

A security update is available for Apple's popular media player - QuickTime. The company said that the QuickTime 7.7.2 update would address 17 security vulnerabilities in QuickTime for Windows 7, Vista and Windows XP SP2 or later. Among the issues addressed in the update are flaws which could allow an attacker to remotely execute code on a target system. The vulnerable QuickTime components are tools which handle movie files, MP4 content, and web pages. Users can obtain the security update through Apple's Software Update tool or by downloading the latest version of QuickTime.

Saturday, May 12, 2012

55,000 Twitter Accounts Leaked

Anonymous has posted the usernames and passwords of over 55,000 Twitter accounts online in apparent retaliation at the micro-blogging site shutting down some accounts. However, Twitter after having a close look at the mishap and said that most of the hacked accounts were duplicates and the rest were those accounts which had been suspended by Twitter in the past. A Twitter spokeswoman, said in an e-mail to The New York Times, "We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected. For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center."

Saturday, May 5, 2012

Adobe Patches Critical Flaw in Flash Player

Once again Adobe come up with an emergency update to patch 0-day flaw in Flash Player. According to the company, exploitation of this vulnerability is already going on so users are advised to install the patch on the earliest basis. Although all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft's Internet Explorer (IE). The "object confusion vulnerability" bug can cause the application "to crash and potentially allow an attacker to take control of the affected system," Adobe said. The company did not provide any information about the exploit itself beyond saying it was part of a "targeted" attack.

Saturday, April 14, 2012

Apple's Java update with Flashback removal tool

Mac malware that has infected approx. 600,000 computers since last year - finally got the solution, when Apple released security update for Java implementation for its OS. Flashback removal tool detects and removes the most common variants of the malware on the system. Recently survey reveals that almost 50 percent of Mac users still running the previous versions which are the main cause of it. The updated software disables Java browser plug-in and Java Web Start tools. It will prevent the auto loading of Java applets within browsers. However, users can reactivate the components through Java preferences control. All users are advised to install the updates on earliest basis.

Saturday, March 10, 2012

Symantec Norton Antivirus 2006 Code Leaked by Anonymous

The on-going battle between security solutions provider Symantec and the hacktivists group Anonymous becomes the HOT news once again when the hackers claiming from the Anonymous group published the alleged source code of Norton Antivirus 2006. According to hackers, they obtained the code during a breach that took place in 2006. Recently the alleged groups reveal the source code of Symantec's pcAnywhere and due to this customers were advised not to use the application. Now hackers come up with the source code of about 1.4 GB on The Pirate Bay followed by a message against the recent arrests made by law enforcement agencies.

Tuesday, February 28, 2012

0-Day Risk Analyzer from Qualys

Vulnerability & compliance management company Qualys comes up with a new service - Zero-Day Risk Analyzer that integrates with the QualysGuard 7.0 to help customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan results. It also includes Verisign’s iDefense zero-day vulnerabilities and global threats.

Monday, February 20, 2012

Google bypass Safari privacy settings

Google using code in their ads to bypass the privacy settings of safari users to know about their searching behavior. Safari - famous for worry-free web that means to prevent companies from tracking the cookies generated by the websites you visit, Safari blocks third-party cookies by default. The privacy breach was uncovered by Jonathan Mayer, a graduate student in computer Relevant Products/Services science at Stanford University with an interest in Cyber Security. Google has immediately issued a statement saying that the Journal mis-characterized what happened and why, and claiming that they used a known Safari functionality to provide features that signed-in Google users had enabled.

Saturday, January 28, 2012

Zscalar ThreatLabz Free Web Risk Analysis Service

Zulu - a free service from Zscalar that scans websites for potential threats. This service uses mix of proprietary-based and open-source tools to scan sites and provide security ratings. Threat rating is done through the use of heuristics, reputation and host domain analysis for a particular URL. It supports direct URLs as well as addresses masked with URL shortening services. These days web-based threats are so dynamic and this service ensures that continually updated content, fed from proprietary Zscaler and public sources, is combined to identify even newly deployed web-based threats.