Saturday, December 22, 2012

'Change Facebook color theme' Just another Scam

The picture message posted on Facebook timeline tags the users and claims to change your Facebook profile color to Red. Is it a fact? Absolutely NOT - the message is simply a misleading scam that directs people to other promotional sites with adult content. The Facebook scam comes with a catchy picture of Facebook Red color profile along with the logo, and has a message that asks to click a special link. As mentioned, the scammer tries to convince the user with a comment followed by Tumblr link claiming to change your Facebook profile color to Red. But users who clicked on the link were redirected to other promotional websites. Facebook does NOT allow any profile color change officially.

Wednesday, December 19, 2012

Linux servers targeted by iFrame attack

ESET warned Zeus trojan is attempting to infect Linux machines through iFrame attacks. The malware can automatically hijack websites hosted on compromised servers to attack web surfers with drive-by-downloads. It targets machines running 64-bit GNU/Linux and a web server, and acts like a rootkit by hiding itself from admins. When a user visits a site hosted on a compromised system will be directed via HTML iFrame to malicious site thus infecting user's machine. Details of the attack first surfaced in a post to the Full Disclosure mailing list.

Monday, December 17, 2012

Exynos 4 processor flaw puts Samsung Galaxy users at risk

Samsung Galaxy S3 and Samsung Galaxy Note 2, along with various other devices, can leave your Android devices vulnerable to potential security threats. According to a latest report by alephzain, a member of XDA developers forum, a serious security hole has been recorded in Samsung's Exynos 4-powered devices, including Samsung Galaxy S3, Galaxy S2, and Galaxy Note 2. The vulnerability can allow malicious apps to access your device's physical memory, helping the malicious apps to read user's data, brick some of the device's hardware, and perform various other malicious activities.

Thursday, December 13, 2012

Oracle rolls out new database security package

Oracle is planning to merge its security products into a single one so that it will be useful to tackle Oracle and non-Oracle database traffic. Oracle Audit Vault and Oracle Database Firewall are the products which are going to be bundled to extend protection beyond Oracle and third-party databases to audit operating systems, directories and custom sources. Furthermore, the new solution supports auditing and event logging from third-party sources such as Microsoft Windows, Microsoft Active Directory, and XML-based Audit Collection Plugins. Primary tasks for the Audit Vault and Database Firewall consist of being able to detect and block unauthorized database activity as well as consolidate audit data and logs into a secure, centralized repository. more info

Wednesday, December 12, 2012

First Fake Installer Trojan for Mac OS X

Fake installers are no more new to security arena. So antivirus companies are fully aware about these trojans which mostly target Windows machine uptil now. But now, researchers from security firm Doctor Web have identified a variant that's designed for Mac OS X. Dubbed Trojan.SMSSend.3666, the malicious element disguises itself as an installer for a popular application called VKMusic 4 - an app that allows users to listen to music on a Russian social media site. Experts advise users to beware of pieces of software that request them to provide their mobile phone numbers or ones that ask them to send SMS messages. It can be avoided by downloading apps only from trusted locations.

Tuesday, December 11, 2012

Malware Exploiting WordPress & Joomla

According to SANS Institute, reports of multiple attacks on websites by exploiting the WordPress and Joomla publishing platforms. The compromised sites are then injected with code which redirects to a third-party site. John Bambenek, Sans blogger and president of security firm Bambenek Consulting, said that the attacks were particularly interesting for their method of attempting to exploit pages en masse by targeting servers. "The interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," he explained. Webmasters and administrators are being advised to update their software to avoid any mishap.

Monday, December 10, 2012

Skynet botnet uses Tor network for anonymity

Recently, researchers have figured out a botnet which is controlled by its creators over the Tor anonymity network. Tor - a system enabling its users to communicate anonymously on the Internet. Pentesting firm Rapid7 believes that other botnet might follow this approach. The botnet is called Skynet and can be used to launch DDoS attacks, generate Bitcoins -- a type of virtual currency -- using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones.

Saturday, December 8, 2012

Metasploit Pro 4.5 released by Rapid7

Rapid7 released a new version of Metasploit Pro, which introduces advanced capabilities to simulate social engineering attacks. With Metasploit 4.5, security professionals can now gain visibility into their organization's exposure to phishing attacks through user-based and technical threat vectors, and introduce the necessary controls to manage the risk. Metasploit Pro’s social engineering reports go above and beyond alternative penetration testing solutions by providing conversion rates, such as how many people clicked through a phishing email, how many entered username and password on a fake website, and how many systems were compromised.

Wednesday, December 5, 2012

Twitter fixes SMS-based account hijacking vulnerability

Security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service). So, in response to this, Twitter has fixed the account hijacking flaw by restricting the attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts. Most Twitter SMS users are protected from spoofing attacks by default, but others need to set PIN in order to protect themselves for being a victim. The issue occurred in the origin of text messages that can be spoofed via services that allow users to do this with ease.

Tuesday, December 4, 2012

MariaDB fixes 0-day bug in MySQL

MariaDB - a community-developed branch of MySQL database has come up with a 0-day bug fix for MySQL. The updates fix the buffer overflow issue under CVE-2012-5579. This could allow attackers to crash DB server or execute arbitrary shell code with the same privileges as the database process. Another issue that covers in CVE 2012-5611 is just a duplicate of CVE 2012-5579. They also suggest that a third problem (CVE 2012-5613) is not actually a bug in the database's code, but it is documented server behaviour that can only be exploited in the case of misconfiguration. Although Oracle hasn't confirmed the vulnerabilities. Let see how much time they will going to take to release patches.

Monday, December 3, 2012

Windows AutoRun malware spreading

A bug in the Windows AutoRun software that allows auto-launching of programs on a DVD or USB device and can infect your machine. The surge in infection is bit alarming for antivirus vendors as Windows 7 and Windows 8 PCs will not launch autorun.inf files and Microsoft already released patches for older versions. Experts believe infections occurs through unpatched system whereas shared folders, files and social media could also play a vital role in spreading the malware.

Saturday, December 1, 2012

Yahoo Mail Exploit goes on sale for $700

Yahoo! mail is suspectible to XSS flaw and exploit is available in the market but with a price tag of $700. According to security blogger Brian Krebs, an exploit being sold by an Egyptian hacker targets an XSS vulnerability in a Yahoo service. The hacker is able to sell the exploit several times but does say that he expects the hole it targets to be closed soon. The vulnerability in question has been exploited to allow attackers to steal cookies from Yahoo webmail users. Cookies can then be used to help attackers see the emails of victims or send emails from the hijacked account.The hacker points out that this is a "stored XSS" which "works with all browsers". Stored XSS means that the injected code is being permanantly stored on the targeted server. Yahoo said it quickly repaired the vulnerability after learning about the video.

Samsung printers provides backdoor for attackers

Admin account in Samsung printers allows an attacker to take full control of the devices. The account seems to be a hard-coded community string with full SNMP read and write access. This account remains active, even when SNMP is disabled in the printer's administration interface. "As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," US-CERT advises. Besides Samsung-branded printers, some devices that the company produced for Dell also seem to be affected. However, the flaw seems to only affect models produced before 31 October 2012.

eBay patches two critical security flaws

eBay recently patched two potentially critical vulnerabilities, a cross-site scripting bug and a SQL injection vulnerability. For SQL issue the vulnerable script is '' that attackers unauthorized read/write/edit access to a SQL database. Whereas XSS flaw could allow a hacker to access a seller's account and the ability to insert a XSS exploit into the code on a product's page.