TechBlog

MSUpdate Trojan attacked companies in the defense sector

Published: February 3, 2012 Reading Time: 2 min

The H-Security: Unknown attackers have tried to use an invitation to a prestigious conference to inject a Trojan into companies in the defense sector. The security firms Seculert and Zscaler report that opening an attached PDF flyer caused recipients’ computers to be infected with spyware via a previously undisclosed hole in Acrobat Reader. According to the report, the attack mainly targeted government-related organizations, including military and aerospace contractors, in Europe and in the US. The security firms said that the attacks started back in 2009 and peaked in autumn 2010. Talking to The H’s associates at heise Security, Seculert CTO Aviv Raff added that compromised computers, some of which had been infected for two years, were only discovered a few weeks ago. ...

Continue Reading

Critical PHP vulnerability being fixed

Published: February 2, 2012 Reading Time: 2 min

The H-Security: The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web. ...

Continue Reading

Yet another Facebook Hoax: ‘New Way Gangs Steal, Rape and Kidnap Girls'

Published: February 2, 2012 Reading Time: 2 min

SophosLabs: Facebook users are innocently sharing advice with their online friends about how women can avoid being kidnapped and raped, not realizing that they are perpetuating a hoax. Here’s a typical message that is being shared, which comes attached to an image of a young woman gagged and tied up in the trunk of a car. PLEASE READ CAREFULLY This message is for every Girl Who Goes to college or office alone.If u find any child carrying on road showing his/her address n asking u to take him/her to that address,take that child to police station n plz don’t take it to that address . IT IS A NEW WAY GANGS TO STEAL,RAPE and KIDNAP GIRLS .plz circulate to all .don’t feel shy to copy This as ur status . OUR ONE MESSAGE MAY SAVE A GIRL ...

Continue Reading

Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey

Published: February 2, 2012 Reading Time: 2 min

The H-Security: Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project’s Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as “Critical” by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. ...

Continue Reading

Facebook IPO comes with a health warning

Published: February 2, 2012 Reading Time: 3 min

SophosLabs: Facebook’s IPO is the most hyped initial public offering in years, with much speculation about just how many billions of dollars the social networking phenomenon will be valued at. There’s no doubt that 27-year-old Mark Zuckerberg, the founder of Facebook, is going to become a very rich man – and will be able to buy an even larger wardrobe of hoodies. So, congratulations to Zuck and his management team. Although we have often had our concerns about Facebook when it comes to their stand on privacy and security, there’s no doubt that they’ve done something extraordinary in commercial terms. ...

Continue Reading

Apple releases Mac OS X 10.7.3

Published: February 2, 2012 Reading Time: 2 min

The H-Security: Apple has released Mac OS X 10.7.3 and, for Mac OS X 10.6.8 Snow Leopard users who have yet to upgrade to Lion, Security Update 2012-001; these maintenance and security updates addresses a number of vulnerabilities in the company’s desktop and server operating systems. According to Apple, the updates close more than 50 holes, many of which could be exploited by an attacker to, for example, remotely execute arbitrary code on a victim’s system, gain access to private information or cause a denial-of-service (DoS). ...

Continue Reading

Facebook Spam: Police officer does good deed before he dies moments later

Published: February 1, 2012 Reading Time: 1 min

Have you seen this in your or your friends wall? or maybe in a page you “Like”? That’s another spam link spreading over Facebook, as I already showed you many more in older posts. Usually these links end up either in a phishing attack that theft your private information or infecting your computer. If your friend or even a stranger is posting these, don’t click on that and also report the post, here is how to do: ...

Continue Reading

Megaupload, up again? no

Published: January 24, 2012 Reading Time: 2 min

GFI: You’re probably aware that Megaupload has wandered into what can only be described as a bit of a pickle, assuming said pickle is roughly the size of a Vogon Constructor Fleet. Given that lots of people probably want to take a peek at the FBI Anti-Warning currently pasted across the front of Megaupload.com (or maybe even just see if the site is back online), it’s a fair bet that Ye Olde Typo Fairy will be called into action and some of them will end up going to Megaupload(dot)cm. ...

Continue Reading

Facebook Scam: Free Amazon.com gift card promotion

Published: January 24, 2012 Reading Time: 2 min

SophosLabs: Gift card scams are a common sight on Facebook, and this weekend it has been the turn of Amazon.com to be the brand used by cybercriminals as a way of making them cash. One Free Amazon.com Gift Card (limited time only) [LINK] Amazon is currently giving away gift cards to all facebook users. Click here to get one! When you see one of your friends share a link like this with you, the truth is that they have been duped into a scam. Be careful not to make the same mistake as them, or you’ll just be helping put cash into the pockets of the bad guys. ...

Continue Reading

More Facebook scam links/videos you want to avoid

Published: January 24, 2012 Reading Time: 1 min

Recently I’m seeing more facebook scams which claim to be very hot videos, but they are nothing but scam, here is 2 samples: When you see any of them, hover your mouse over the post, and click on the x button in top right which says “Report/Mark Spam”.

Continue Reading