TechBlog

MasterCard and Visa payment processor compromised, up to 10 million cards stolen

Published: March 31, 2012 Reading Time: 2 min

SophosLabs: Brian Krebs is reporting that MasterCard and Visa are warning member-banks of a payment processor breach that may impact more than 10,000,000 credit cards. It is important to note that MasterCard and Visa’s own networks were not involved in the attack, it appears to be related to payment processor Global Payments. Reuters is reporting that Global Payments stock was suspended for trading after falling more than 9% on the Nasdaq stock exchange. ...

Continue Reading

Google updates OAuth 2.0 Playground

Published: March 31, 2012 Reading Time: 2 min

The H-Security: Google has added new features to its OAuth 2.0 Playground, which it launched last November. Developers can now switch to using client-side flow, and the system has added support for APIs that use OAuth 2.0 drafts 10 to 25. Google has also added a feature that makes it easy to see all available API operations supported by the user’s current access token. To make it easier to use the Playground for an extended amount of time, developers now have the ability to refresh their access tokens automatically, and clicking HTTP response links will now populate the request URI field. ...

Continue Reading

Sex Appeal Meter Scam and Execution Hoax Abound on Facebook

Published: March 29, 2012 Reading Time: 2 min

Cross posted from GFI, Sunbelt Blog: There’s not a day when we don’t see a new scam or hoax—yes, even the old ones—being proliferated on Facebook. I’ve seen both today. Let’s take a quick look at each one, shall we? First off, the scam: The screenshot above is a post generated by the “Sexappeal Meter” app that have spread within the social network. Clicking the “How much Sexappeal you have” link, or sometimes a bit.ly shortened URL, leads users to a page where it requests for permission just like any normal app. Allowing the app access to user profile, however, leads to two succeeding survey scam pages and, eventually, to a page where one can download a browser toolbar. ...

Continue Reading

Free Stuff on Social Networks Not Free

Published: March 29, 2012 Reading Time: 4 min

Symantec Connect: In recent years, scammers have flocked towards social networking sites as they have grown and made it easier to access a large number of potential eyeballs to convert into dollars. Brands have found value in leveraging social media to know what their customers are talking about, so, naturally, scammers are doing the exact same thing. Free iPads and iPhones Every time Apple unveils a new iPad or iPhone, you can bet there are scammers out there trying to leverage the announcement for financial gain. In the days leading up to and after the announcement of the new third-generation iPad, Twitter users who tweet about the new tablet most likely will receive some targeted Twitter replies from scammers offering the new device for free: ...

Continue Reading

"Please do not take down the Sality botnet"

Published: March 29, 2012 Reading Time: 2 min

The H-Security: On Tuesday, a user who is known as “lawabidingcitizen” posted an unusual request to the Full Disclosure mailing list, a forum that is mainly used by the security community: “Please do not take down the Sality botnet.” The contributor says that he found a way of dramatically reducing the number of infected computers after analysing the botnet. He adds that the required actions are unlawful, however, but proceeds to describe the method in considerable detail and makes special tools for the task available. ...

Continue Reading

Adobe Flash enables auto-updating while patching two critical flaws

Published: March 29, 2012 Reading Time: 1 min

SophosLabs: Adobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward. Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time. ...

Continue Reading

Chrome 18 improves graphics performance, closes security holes

Published: March 29, 2012 Reading Time: 2 min

Google has released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser. The new Stable channel release, labeled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware. This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother”. For older systems that can’t make use of of the GPU, Chrome can now display 3D content using the SwiftShader software rasterizer, which Google licensed from TransGaming, Inc. However, the developers note that “a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web”. ...

Continue Reading

Report: iOS vulnerability sold for $250,000

Published: March 26, 2012 Reading Time: 2 min

The H-Security: Business appears to be booming for those who trade in unpatched (zero-day) security holes: according to a report by Forbes magazine, a US company that works for the US government recently paid $250,000 for a vulnerability in Apple’s iOS operating system. The report says that the deal was arranged by a hacker who goes by the name of “the Grugq” and who has brokered agreements between those who discover vulnerabilities and government agencies over the last year. If negotiations are successful, the hacker retains a 15 per cent commission; he’s reportedly on track to earn about a million US dollars this year with his brokerage business. ...

Continue Reading

Instagram Sign-Up Page Now Beckons Android Users

Published: March 25, 2012 Reading Time: 2 min

Mashable: The day when Android users will first lay hands on the red hot photo-sharing app Instagram just got even closer. Late Saturday, a sign-up page appeared on Instagram’s website, inviting all those of the Android persuasion to sign up to be notified when the app is first available for that OS. The company still isn’t saying when the long-awaited Android Instagram app will actually become available. But now, at least those eager to try out the free app can take some sort of action that brings them closer to Instagram. ...

Continue Reading

Pro-China hackers target Tibetan activists with malware

Published: March 25, 2012 Reading Time: 3 min

The Register: Pro-China hackers have started spoofing security firm AlienVault’s email address in spam messages in an attempt to infect pro-Tibetan recipients with malware. The move follows days after the security tools firm warned that AlienVault about spear phishing attacks against a number of Tibetan organizations. The spear-phishing messages relate to the Kalachakra Initiation, a Tibetan religious festival that took place in early January. The closely targeted messages – sent to organizations such as the Central Tibet Administration and International Campaign for Tibet – carry an infectious Office file attachment with a malware payload, a digitally signed variant of Gh0st RAT (remote access Trojan). ...

Continue Reading