Security

SophosLabs: A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it. Despite the numerous times that cybercriminals have created boobytrapped PDF files that exploit vulnerabilities to infect unsuspecting users, many people still think that PDF files are somehow magically safer to open than conventional programs. The OSX/Revir-B Trojan plays on this by posing as a PDF file. ...

The building housing the Dutch company DigiNotar, which issues digital Web site certificates and was hacked last month. The New York Times: He claims to be 21 years old, a student of software engineering in Tehran who reveres Ayatollah Ali Khamenei and despises dissidents in his country. _“I’m totally independent,” he said in an e-mail exchange with The New York Times. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.” _He Said. ...

MSDN: One of the things we talk quite a bit about with Windows 8 is making sure Windows is a safe, secure, and reliable computing environment. We have always provided a broad range of solutions for achieving these goals and work closely with a broad range of industry partners. We continue to enhance these capabilities with Windows 8 while making sure you always have choice and control over how to protect and manage your PC. With Windows 8 we are extending the protections provided by Defender to address a broader range of potential threats. Jason Garms, the group program manager of our reliability and security team authored this post that represents work across several teams. –Steven ...

The H-Security: The BitTorrent company has confirmed that its uTorrent servers were hacked on Tuesday 13 September and, for almost two hours, anyone downloading the uTorrent client software from the servers received a scareware fake anti-virus package instead. The malware package has been identified as belonging to the “Security Shield” family of scareware; once installed, it falsely informs a user that malware has been detected on their machine and requests payment in order to clean the system. ...

SophosLabs: Pop singer Pink has posted an angry message to hackers, who she claims stole photographs from her Facebook page. But was Pink’s Facebook page really hacked, or was she just one of the many people who have been careless with their privacy settings? The Grammy award-winning singer, famous for hit records such as “Get the party started” and “God is a DJ”, posted on Twitter about the incident, but didn’t clarify the nature of the photos the hackers might have accessed. ...

TheHackerNews.com: The hacker warns the Internet community that he has access to 4 other high-profile CAs, among them being GlobalSign, a certification authority from the U.S. He threatens that he will use his power over the companies to issue false certificates, which will later become the weapon of his revenge against countries who deserve it.In his own words, he said “I won’t talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it…”. Complete Message here. ...

TechSpot: Wikileaks found itself the victim of a cyberattack on Tuesday, shortly after the release of thousands of US State Department communications. News broke of the attack on their Twitter page, which offered another link to the communications, and a message stating “WikiLeaks.org is presently under attack.” It is likely that they were hit with a Distributed Denial of Service (DDoS) attack, the most commonly used method by hackers to cause disruption to websites. It works by flooding the servers with traffic, overloading them, and subsequently causing the servers to crash, or become otherwise unreachable. ...

SophosLabs: Even if it hasn’t been officially announced yet, and certainly isn’t available to the general public (unless an Apple employee loses a test model in a bar), there are plenty of scammers out there trying to trick you into believing you can get a free iPhone 5. Here’s just a sample of the pages on Facebook claiming to be an iPhone 5 giveaway. Typically they are trying to trick you into clicking on links, driving traffic to online surveys which earns them revenue. ...

Web of Trust (WOT), the world’s leading website reputation rating service, and Mail.ru Group, Russia’s largest Internet company, have partnered together to improve online protection for 300 million people using Russia’s leading free e-mail service, Mail.ru. All links contained in emails received by Mail.ru users are checked through WOT’s reputation database to warn users from following untrustworthy links that could lead to scams, identity theft, malware and other online threats. ...

SophosLabs: Imagine the scene. You buy a second-hand laptop using it to, among other things, have secret sexy video chats with your significant other. Unbeknownst to you, naked photos of you are being taken by a company hired to track down the stolen laptop. Ouch. This is what has happened to Ohio-based Susan Clements-Jeffrey and her boyfriend. Absolute Software is in the business of helping people recover their computers. Fair enough. But is taking nude snaps of the person using the stolen laptop a step too far? ...