Category: Geek News (Page 2 of 3)

Intego, a Mac security company, was the first to report seeing a new Mac Trojan that attempts to create a backdoor on its victim’s system. The article indicates this attack appears to be a targeted attack by an unknown delivery mechanism. Intego reported that the command and control (C&C) server appeared to be down at the time of the article. During their testing, the Trojan attempted to download an image that implied links to the Syrian Electronic Army. We advise our Mac users to review the article closely for more details. In some cases, Gatekeeper may issue an alert should a user attempt to download the Trojan. We highly advise that all operating system and application patches as well as anti-virus definition files are at their latest versions. Readers should also be wary of unsolicited emails with attachments. Applications should only be downloaded from trusted, known sources.
http://www.intego.com/mac-security-blog/new-mac-trojan-discovered-related-to-syria/

Microsoft has issued a Security Advisory (2887505) detailing a zero day vulnerability that affects all versions of Microsoft Internet Explorer. While it appears that this attack is currently only exploiting Windows XP and Windows 7 in a limited geographical region, hackers will be able to examine the patch and may produce a more wide spread attack.

Strongly recommend that you begin installing the Microsoft “Fix it” described in the Advisory.
http://technet.microsoft.com/en-us/security/advisory/2887505
http://www.trusteer.com/blog/trusteer%E2%80%99s-exploit-prevention-stops-attacks-targeting-new-ie-zero-day-cve-2013-3893
https://community.qualys.com/blogs/laws-of-vulnerabilities/2013/09/17/september-2013–new-ie-0-day
http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-found-targeted-attacks

F-Secure’s Timo Hirvonen has spotted a Java 6 Zero-Day in the wild that is exploiting the vulnerability, CVE-2013-2463, a few days after proof-of-concept code was published. He also indicated that the exploit has been integrated into the Neutrino exploit kit. Successful exploitation could allow an attacker to execute arbitrary code after tricking the victim into visiting a malicious web page. Readers are advised to update to Java 7 Update 25 if Java 6 is still deployed. Users that don’t require Java in their daily duties may consider uninstalling Java.
http://news.softpedia.com/news/Java-6-Zero-Day-Spotted-in-the-Wild-Users-Advised-to-Update-to-Java-7-378432.shtml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://www.f-secure.com/weblog/archives/00002589.html

Multiple Vulnerabilities in PuTTY
An updated version of PuTTY, a very popular free SSH, Telnet and Serial client, addresses a number of vulnerabilities. The vulnerabilities could lead to heap corruption, memory overwriting, buffer overflow and data left in memory. Potential impacts are reported to be limited to denial of service conditions and leakage of sensitive information. We recommend updating to the lastest fixed version, 0.63, promptly.
http://www.chiark.greenend.org.uk/~sgtatham/putty/

Firefox Updates Address Remote Code Execution Vulnerabilities
The Mozilla Foundation has released new versions of Firefox that address thirteen vulnerabilities in the Firefox web browser. Of the thirteen vulnerabilities, four are rated by Mozilla as critical, seven as high, one as moderate and one as low. The most serious potential impact of the vulnerabilities is the remote execution of arbitrary code. Links to the details of each of the individual vulnerabilities can be found in the Mozilla security advisory. We recommend updating to the latest fixed versions as soon as possible.
http://www.mozilla.org/security/announce/

The next time you get a “tumblr/facebook questionnaire” asking you to work out your porn star name or something, remember this…

Your Mother’s maiden name, the name of your first pet, your birthday and the first street you grew up on are usually the same fields used for password security reset questions.

I’m just going to put another article here so you can read it:

Just days after reports that Google and Facebook were interested in partnering with, and possibly buying VoIP company Skype, Microsoft announced that it was buying the company for $8.56 billion in cash.

Continue reading

Earlier this week we issued a warning about Search Engine Optimization (SEO) attacks and malware attacks related to news about Osama Bin Laden. This has escalated with the controversy on releasing post-mortum photos of Osama Bin Laden. The FBI has issued a warning about malware being spread through links claiming to show these pictures. The White House has stated that these photos will not be released, so users should be aware that these claims are false and could lead to malware infection.
http://www.fbi.gov/news/pressrel/press-releases/malicious-software-features-usama-bin-laden-links-to-ensnare-unsuspecting-computer-users
http://blogs.reuters.com/prism-money/2011/05/04/bin-laden-gets-new-life-as-a-scam-fbi-issues-warning/
http://www.npr.org/blogs/thetwo-way/2011/05/05/135989768/obama-says-bin-laden-photos-will-not-be-released-cbs-reports

So basically – DON’T FALL FOR THOSE LINKS!!!  Be smart and stop being so damn curious about some dead terrorist – wait and watch it on TV or the newspaper all old school like.  If you get infected from one of these links just remember this: NO I WON’T FIX YOUR DAMN COMPUTER! hahaha

A serious remote access vulnerability in Cisco’s Linksys WAP610N wireless access points has been disclosed on the Full Disclosure mailing list and a well known exploits database web site. By using telnet to connect to a specific port on the access point, an attacker can gain unauthenticated root access. The disclosure also reveals the default root password of the router having been cracked from the shadow password file and being far too short and simple. This password is not the same as the default admin password used for the administrative web page. This inexpensive access point is commonly used in small office home office, SOHO, environments but may also be present in some larger enterprises. The discloser claims to have notified the vendor in June of 2010 and goes on to state there is no patch for this currently available. At the time of disclosure, the latest firmware available from the Cisco site was version 1.0.01 (build 94) released on 02/22/2010. Owners of these routers are strongly urged to block all traffic to this router on TCP port 1111, block access to management web pages from remote locations, make sure all passwords are changed to strong, secure passwords and to update to the latest firmware as soon as it becomes available from the vendor.
http://seclists.org/fulldisclosure/2011/Feb/228
http://www.exploit-db.com/exploits/16149/
http://www.securenetwork.it/ricerca/advisory/download/SN-2010-08.txt
http://www.linksysbycisco.com