Security

Symantec Connect: In recent years, scammers have flocked towards social networking sites as they have grown and made it easier to access a large number of potential eyeballs to convert into dollars. Brands have found value in leveraging social media to know what their customers are talking about, so, naturally, scammers are doing the exact same thing. Free iPads and iPhones Every time Apple unveils a new iPad or iPhone, you can bet there are scammers out there trying to leverage the announcement for financial gain. In the days leading up to and after the announcement of the new third-generation iPad, Twitter users who tweet about the new tablet most likely will receive some targeted Twitter replies from scammers offering the new device for free: ...

The H-Security: On Tuesday, a user who is known as “lawabidingcitizen” posted an unusual request to the Full Disclosure mailing list, a forum that is mainly used by the security community: “Please do not take down the Sality botnet.” The contributor says that he found a way of dramatically reducing the number of infected computers after analysing the botnet. He adds that the required actions are unlawful, however, but proceeds to describe the method in considerable detail and makes special tools for the task available. ...

SophosLabs: Adobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward. Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time. ...

The H-Security: Business appears to be booming for those who trade in unpatched (zero-day) security holes: according to a report by Forbes magazine, a US company that works for the US government recently paid $250,000 for a vulnerability in Apple’s iOS operating system. The report says that the deal was arranged by a hacker who goes by the name of “the Grugq” and who has brokered agreements between those who discover vulnerabilities and government agencies over the last year. If negotiations are successful, the hacker retains a 15 per cent commission; he’s reportedly on track to earn about a million US dollars this year with his brokerage business. ...

The Register: Pro-China hackers have started spoofing security firm AlienVault’s email address in spam messages in an attempt to infect pro-Tibetan recipients with malware. The move follows days after the security tools firm warned that AlienVault about spear phishing attacks against a number of Tibetan organizations. The spear-phishing messages relate to the Kalachakra Initiation, a Tibetan religious festival that took place in early January. The closely targeted messages – sent to organizations such as the Central Tibet Administration and International Campaign for Tibet – carry an infectious Office file attachment with a malware payload, a digitally signed variant of Gh0st RAT (remote access Trojan). ...

The H-Security: Until just a few days ago, web sites belonging to the world’s largest online payment service contained a security vulnerability in a key component that could have been exploited by fraudsters to steal information from customers. PayPal fixed the vulnerability shortly after being notified of its presence by The H’s associates at heise Security. The eBay subsidiary was, however, unable to give any information on how such a serious security problem could have remained undetected. ...

The H-Security: Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as “high severity“. These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe”, as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed. ...

SophosLabs: Jenna-Louise Coleman has been unveiled as the new “Doctor Who” companion, joining the BBC TV time traveller in his TARDIS later this year. “Doctor Who” is one of Britain’s biggest television shows, and is popular elsewhere around the world, so it was no surprise to find 25-year-old actress Jenna Louise-Coleman’s name was a trending topic on Twitter today. Unfortunately, there are frequently mischief-makers, scammers and cybercriminals waiting to exploit a popular search term or hashtag. ...

Exploit found in Russian adware invades process, doesn’t install files The Register: Researchers at Kaspersky Labs have found malware which, unusually, does not install any files on its victims PCs. The researchers aren’t quite sure how unusual it is, describing it as both “unique” and “very rare”, but no matter how scarce this type of malware is it does sound rather nasty as it “… uses its payload to inject an encrypted dll from the web directly into the memory of the javaw.exe process.” That mode of operation means Windows and MacOS are both affected by the exploit, which is hard for many antivirus programs to spot given it runs within a trusted process. ...

SophosLabs: Only hours after the launch of Apple’s newest iPad we are beginning to see spammers trying to use the excitement over its release to ensnare innocent people into their scams. The scammers are sending out emails with the subject “Where do we send your Free iPad 3, just Test & Keep! See details”. The email contains an image with the text “TEST & KEEP an iPad 3 FREE – Click here”. ...