Älypää, a popular Finnish game and quiz site, announced a database breach late last night. Over 127,000 account names and passwords were leaked. The site has currently suspended access and doesn’t maintain any personal details but Älypää users should determine whether or not they recycle their passwords elsewhere. If so, those accounts are at risk of being hacked. CERT-FI guidelines can be found here. Here’s a list of the top 20 domains on the list: ...
We found this interesting and malicious little mechanism. The hosts file on a machine under investigation was modified to redirect the victim’s browser to a well known legitimate site (in this case google.com) whenever he attempted to contact a list of nearly 400 sites. The list was a “Who’s Who” of the anti-malware world – most places where someone with an infected machine would go to get help. The altered hosts file he found contained many lines beginning with ‘#’ followed by gibberish. These would be seen as comments by any browser and ignored. Concealed among the commented lines are lines containing the domain name redirections. When the commented lines are stripped, we find all the listed security related websites being redirected to “209.85.129.99” which is the IP address for google.com. ...
Recently, Opera team submitted its Opera mini app to Apple for inclusion in iTunes app store. It may take quite some time for the opera app to be approved. Till then you can see below the official screenshots of Opera Mini running on iPhone.
For the current vulnerability in Internet Explorer 6 and 7 which already gets actively exploited on the net, Microsoft is already testing a patch. The company is still considering whether to release the patch on the regular Patchday or out-of-band. Meanwhile, a “Fix-it”-solution is available. With some registry changes the affected peers factory in iepeers.dll gets disabled by a mouse click. You can download it from Microsoft’s knowledgebase.
We previously reported a phishing attack on the Indian Income Tax Department. Phishing emails boasting of tax refunds were sent to users in an attempt to entice citizens to enter their credentials on a bogus website. Recently, new attacks have been observed in which the phishing website states that taxes can be paid online. As the fiscal year in India draws to an end, more people are rushing to pay taxes before the deadline. ...
Hi folks, One of our researchers recently discovered that the Liberty exploit kit included a fairly new exploit from November 2009 … http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 . The fact that there was something fairly new in terms of exploits was interesting to start with, but then we looked at the text on the exploit page…. Lehman Brothers?! Coffee Party??!! Holy Activists, Batman!!! It’s politically motivated!!!! Then we looked at the stats page (all these toolkits come with a sophisticated admin page), and saw that the top referrer was ad.yieldmanager.com! Holy Advertisers, Batman! Activists who know how to use exploit kits, _and_ the ad network!!! ...
Yesterday there was a volcanic eruption in Iceland, near the Eyjafjallajoekull glacier, that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off. As you have probably already guessed, any event which commands a high level of public interest will be pounced on quickly by the makers of fake antivirus software in order to make a quick buck. This incident is no exception. ...
Generally speaking, most website defacements I see tend to look the same with political activist Y decrying political activist Z, or leet hax0rs posting up a mile-long shoutout list to their crew. This one is, er, a little different – a defacement of what appears to have been a site involved in fish logistics and / or preservation, fish2see(dot)dk. I can only imagine the horror on the face of the site admin who woke up this morning to be confronted by this: ...
If you have children that play Neopets, you might want to warn them about this website or insert it into a blocklist of your choosing. The site is Neopoints(dot)tk, and promises lots of free Neopoints related items, with the help of a cute mascot called “Tuma the Draik”. I think there was a Norwegian prog rock group from the 70s called that, but I could be wrong. Of particular note here is the fact the site claims to offer “free magic paintbrushes”. These items are incredibly rare in Neopets land, and an excited child could easily wander into this particular trap as a result. ...
BürgerCERT, Germany’s government information security organization, is recommending that Web users NOT use the Firefox browser until Mozilla fixes a vulnerability in it March 30. No malicious use has been found yet, however a researcher posted proof-of concept code for exploiting the previously unknown vulnerability. A malicious operator could use the vulnerability to run arbitrary code. Mozilla is expected to post version Firefox 3.6.2 to fix the problem. In January, the governments of France and Germany urged users to stop using Microsoft’s Internet Explorer browser until the company fixed the vulnerability that was blamed, at least in part, for the attacks from China on Google and more than two dozen other companies. ...