Security

The Hacker News: Alexander Fuchs, A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House. “The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system.” He said. Read full story in German: http://www.1337core.de/2011/die-whitehouse-gov-lol-petition/ The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: http://vulnerability-lab.com/get_content.php?id=308 What is XSS? http://en.wikipedia.org/wiki/Cross-site_scripting

The H-Online Security: Microsoft has confirmed a report from Budapest-based Laboratory of Cryptography and System Security (CrySyS), which claimed that the Duqu bot spreads by exploiting a zero day vulnerability in the Windows kernel. How it spreads had previously been unknown. CrySyS discovered the Windows vulnerability whilst analysing the installer. The bot, which anti-virus software firm Symantec believes is related to Stuxnet, infects target systems using a specially crafted Word file which injects the malware into the system using a kernel exploit. Microsoft is already working on a patch. ...

SophosLabs: Scammers have put a new spin on an old Facebook scam, claiming that a girl killed herself on Halloween after her father posted a message on her wall. Facebook users are sharing messages with their friends, claiming to link to the salacious content. Girl-Killed-Herself-on-Halloween-After-Dad-Posted-This-on-Her-Wall [LINK] This is unbelievable.. shocking.. The messages are currently spreading very quickly on Facebook, as – at the moment at least – Facebook’s built-in security systems are not blocking them. ...

The H-Security: In a blog posting, the MyBB development team has confirmed that the download package for version 1.6.4 of MyBB had been modified to include malicious code. Unknown attackers were able to exploit a vulnerability in the MyBB web site’s CMS (content management system) to inject and execute PHP code. The attackers placed a contaminated version of MyBB, containing a backdoor, on the server. It is unclear exactly when the hack took place, meaning that all downloads of 1.6.4 prior to 6 October could be affected. Users with MyBB systems are advised to check their installations and apply a patch. For rapid disinfection, the developers are advising users to replace the /index.php file with a clean version and to delete the /install/ directory. ...

SophosLabs: Have you noticed the profile pics of some of your Facebook friends have acquired a pink tinge? Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries “keylogger malware” that can spy on your keypresses, and steal your passwords – not just from Facebook, but from online banks you may log into as well. One warning reads as follows: ...

GFI Labs Blog: We’ve noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn’t the most widely used search engine, but remember that Yahoo plays a part here as well. In this case, we’re talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the ‘net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting). ...

Schneier on Security: A newly discovered piece of malware, Duqu, seems to be a precursor to the next Stuxnet-like worm and uses some of the same techniques as the original. Link to Source Symantec: W32.Duqu: The Precursor to the Next Stuxnet Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Read Full Article ...

Mashable: As reports of former Libyan leader Muammar Gaddafi’s death circulate on the Internet, so is a gruesome cellphone photo of what appears to be his severely wounded body and another that appears to be his dead body. Both are likely opportunities for spammers with bad intentions. The first photo was distributed by the news agency AFP after commanders for Libya’s transitional military, the National Transitional Council (NTC), said they had captured Gaddafi after invading his hometown of Sirte. On Thursday, an NTC spokesperson told the New York Times Gaddafi had been killed, but the U.S. State Department had still not confirmed his death as of 10:00 a.m. ET. ...

Symantec: The sad news making the rounds these days is the death of Steve Jobs, Apple Co-founder and former CEO. His death has been a terrible loss to both Apple and Apple fans everywhere. Spammers are capitalizing on this incident by sending malicious links related to the news of Steve Jobs’ death. Below is a screenshot of one such spam email containing a malicious link: More malicious links found relating to death spam are: ...

“In memory of Steve, a company is giving out 50 ipads tonight…” is another Facebook scam you want to avoid. More similar scam links is expected, so take care what you click on, These kind of free offers will end up in phishing or malware attacks. Don’t forget you should join the Omid’s Blog Facebook page, where I not only debunk hoaxes and chain letters or scams, but I also keep you up-to-date on the latest rogue applications, scams and malware attacks threatening Facebook users. Credit to Norman Security.