Full Story:
http://www.darkreading.com/authentication/security/attacks/showArticle.jhtml?articleID=227200046&subSection=Attacks/breaches

Delaware contractor mistakenly posts personal data of 22,000 employees
AON Consulting, the state of Delaware’s benefits consultant, mistakenly posted the Social Security numbers, gender, and birth dates of about 22,000 retired state workers on the Web 3 weeks ago, state officials and the company said August 30. According to a news report, the information was part of a request for proposal that AON had supplied to the state’s procurement Web site to solicit bids from insurance companies interested in providing vision benefits to state employees and retirees. The information, which did not include the retirees’ names, remained on the Web from August 16 to August 20, when the breach was discovered, the report said. The director of the Delaware Office of Management and Budget’s statewide benefits office said the identifying information was not included in earlier versions of the proposal that were reviewed by her office. It only appeared in the final version, but no one spotted the change.

Full Story:
http://www.darkreading.com/database_security/security/privacy/showArticle.jhtml?articleID=227200092

Corporate espionage for dummies: HP scanners
Web servers have become commonplace on just about every hardware device from printers to switches. A researcher was recently looking at a newer model of an HP printer/scanner combo and something caught his eye. HP has for some time, embedded remote scanning capabilities into network aware scanners, a functionality referred to as Webscan. Webscan allows one to not only remotely trigger the scanning functionality, but also retrieve the scanned image, all via Web browser. The feature is generally turned on by default with absolutely no security whatsoever. With over $1B in printer sales in Q3 2010 alone, and with many of the devices being all-in-one printers, running across an HP scanner in the enterprise is certainly very common. What many businesses do not realize, is that their scanners may by default allow anyone on the LAN to remotely connect to the scanner and if a document was left behind, scan and retrieve it using nothing more than a browser. As everything is Web based, an enterprising but disgruntled employee could simply write a script to regularly run the scanner in the hopes of capturing an abandoned document.

Full Story:
http://www.net-security.org/article.php?id=1484

Survey scammers serve up supposed shelter from survey scams
Cheeky scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams. Naturally, a user first has to fill in a survey to install the script, which is punted through Userscripts(dot)org. Odds are that even after jumping through these hoops, users will still be exposed to surveys and, possibly, left at a heightened risk of malware infection. “ ‘Only install scripts from sources you trust’ is on the install box for a reason,” a security researcher of GFI Security notes.

 Survey scams are becoming increasing common on social networks. Scammers (affiliates) profit from wasting surfers’ time with the Web 2.0 equivalent of e-mail spam. Often the spammers attempt to hoodwink users into signing up to premium rate SMS services.

Full Story:
http://www.theregister.co.uk/2010/09/01/survey_scam_spam/

Microsoft still mum on programs prone to DLL hijacking attacks
Microsoft August 31 again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread “DLL load hijacking” attacks. Also August 31, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications. The DLL load hijacking vulnerabilities exist in many Windows applications because the programs do not call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full pathname, but instead use only the filename. Criminals can exploit that by tricking the application into loading a malicious file with the same name as the required DLL. The result: Hackers can hijack the PC and plant malware on the machine. Although Microsoft again declined to call out its vulnerable software, outside researchers have identified as potential targets a number of its high-profile apps, including Word 2007, PowerPoint 2007 and 2010, Address Book and Windows Contact, and Windows Live Mail.

Full Story:
http://www.computerworld.com/s/article/9183078/

New zero-day vulnerabilities imminent
An independent group of security researchers has announced that they will be releasing zero-day vulnerabilities, Web application vulnerabilities, and proof-of-concept (POC) exploits for patched vulnerabilities throughout September. Many high-profile vendors such as Adobe, Apple, Microsoft, and Mozilla are among those whose products will apparently have vulnerabilities revealed during the month. According to a Trend Micro researcher, the vulnerabilities to be announced refer to a collection of old and new ones primarily targeting Microsoft. The new vulnerabilities can be considered zero-day flaws and will leave users vulnerable until a vendor patch is offered and applied. However, the process may take some time. Until then, users should use any suggested workarounds. It is also believed that detailed information for recently released advisories will be published. It is possible the data released includes POC code, making exploits more likely.

Full Story:
http://blog.trendmicro.com/new-zero-day-vulnerabilities-imminent/

Alleged ransomware gang investigated by Moscow police
Russian police are reportedly investigating a criminal gang that installed malicious “ransomware” programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs. The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer equipment and detained a Russian “crime family” in connection with the crime, the ITAR-TASS News Agency reported August 31.  The criminals reportedly used news sites to spread their malicious software, known as WinLock, which disables certain Windows components, rendering the PC unusable, and then displays pornographic images. To unlock the code, victims must send SMS messages that cost between 300 rubles (US $9.72) and 1,000 rubles. The scam is “very popular” in countries such as Russia at the moment, antivirus vendor Kaspersky Lab said in an e-mailed statement.

Full Story:
http://www.pcworld.com/businesscenter/article/204577/

Huge spamming botnet injured but still alive
A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security. The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said a product manager for M86 Security. The spam often advertises fake software, so-called designer goods and questionable pharmaceutical products. But security analysts with the computer security company LastLine took action recently, contacting ISPs that were hosting the command-and-control infrastructure for the botnet. About 30 servers at eight hosting providers were found to be supporting Pushdo. LastLine contacted the ISPs, and about 20 of the servers were taken offline, according to its blog. Some ISPs, however, were unresponsive. LastLine appears to have taken down parts of Pushdo and Cutwail, which work together, wrote a researcher of FireEye’s Malware Intelligence Lab, in a blog post. Pushdo is a Trojan. Once it infects a computer, it often downloads Cutwail, a piece of malware capable of spamming as well as downloading other bad programs.

Full Story:
http://www.computerworld.com/s/article/9182879/

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_090210.pdf

Full Story:
 http://www.wired.com/dangerroom/2010/08/hp-holds-navy-network-hostage/)

Air Force officials urge operational security vigilance
Fraudsters continue to hijack accounts on social networking sites and spread malicious software, FBI officials said. One technique entices users to download an application or view a video that appears to be sent from users’ “friends,” giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, her computer becomes infected. With the influx of social media, Web 2.0 platforms and subsequent ease in sharing of sensitive and personally identifying information, Airmen should consider the risks and vulnerabilities in both personal and official activities, Air Force officials said. 

Full Story:
http://www.afmc.af.mil/news/story.asp?id=123219924

Google disputes bug patching report
Google August 30 said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong. IBM’s X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated “critical” or “high” in its online services. According to IBM’s revised tabulations, Google patched every vulnerability revealed in the first 6 months of this year.

Full Story:
http://www.computerworld.com/s/article/9182818/

Badly configured networks main cause of network breaches
Misconfigured networks account for more than three quarters of breaches. A survey found that a badly configured network is the main cause of network breaches because IT professionals “don’t know what to look for.” The survey, conducted by Tufin, also revealed that 18 percent of security experts believe misconfigured networks are the result of insufficient time or money for audits, while 14 percent felt that compliance audits that do not always capture security best practices are a factor.

Full Story:
http://www.scmagazineuk.com/badly-configured-networks-believed-to-be-the-main-cause-of-network-breaches/article/177911/

Update scam targets TweetDeck users
Users of Twitter management app TweetDeck have been warned not to click on links that claim to be an update for the site but actually contain a Trojan program. The application is set for a genuine overhaul starting August 31 as part of an update to Twitter itself, and the scammers have used the situation to launch the malicious links. A member of the TweetDeck team explained in a blog post that users should ignore the updates. “We are seeing a number of updates on Twitter urging users to download a file called ‘tweetdeck-08302010-update.exe’ from a URL beginning with http://alturl.com/. These tweets are from hacked accounts and this file does not come from us,” it read. The firm added that users should download updates to the application only from the TweetDeck Web site. The changes to Twitter August 31 causing apps such as TweetDeck to issue their own site updates center around the move to OAuth, an authentication method which allows users to use third party apps without them storing their passwords.

Full Story:
http://www.v3.co.uk/v3/news/2268936/tweetdeck-users-targeted-update

Service provider of German chemist exposes personal details of 150,000 customers
The details of around 150,000 customers of the German chemist chain Schlecker have been exposed. According to a report by The Local, the mistake was the fault of an external service provider, which has since been fixed and the data is no longer available online. The data included first and second names, addresses, genders, e-mail addresses and customer profiles, with a further 7.1 million e-mail addresses of customers receiving the firm’s newsletter also available. On August, 27 Schlecker offered its online customers a voucher to the value of 5 euros via e-mail, a company spokesman confirmed. It states that it is not a compensation payment but “a general goodwill gesture.” A spokesman for the firm confirmed media reports that the personal data of online customers had for an unspecified time found their way onto the Internet and were available to any Web user.

Full Story:
http://www.scmagazineuk.com/service-provider-of-german-chemist-exposes-personal-details-of-around-150000-customers/article/177912/

Apple QuickTime backdoor creates code-execution peril
A security researcher has unearthed a “bizarre” flaw in Apple’s QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system. Technically, the inclusion of an unused parameter known as “_Marshaled_pUnk” is a backdoor because it is the work of an Apple developer who added it to to the QuickTime code base and then, most likely, forgot to remove it when it was no longer needed. It sat largely undetected for at least 9 years until a researcher of Spain-based security firm Wintercore discovered it and realized it could be exploited to take full control of machines running Windows 7, Microsoft’s most secure operating system to date. “The bug is pretty bizarre,” the CSO of Rapid7 and chief architect of the Metasploit project told The Register August 30. “It’s not a standard vulnerability in the sense that a feature was implemented poorly. It was more kind of a leftover development piece that was left in production. It’s probably an oversight.” The presence of _Marshaled_pUnk creates the equivalent of an object pointer that an attacker can use to funnel malicious code into computer memory.

Full Story:
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

Cisco patches bug that crashed 1 percent of Internet
Cisco has fixed a bug in its Internetwork Operating System (IOS) router software that contributed to a brief Internet blackout last week, thought to have affected about 1 percent of the Internet. The bug was discovered August 27 when the RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and researchers at Duke University started distributing experimental BGP (Border Gateway Protocol) data via RIPE NCC’s systems. A large number of routers became unreachable within minutes and the experiment was quickly stopped. It turned out that routers that were running Cisco’s IOS XR operating system took the experimental data — which was much larger than typical BGP routing information — corrupted it, and then passed that corrupted information on to other routers. Many of the routers simply closed connections with the Cisco routers that sent the buggy data, causing part of the Internet to become inaccessible. 

Full Story:
http://www.reuters.com/article/idUS418825996320100831

Microsoft tool for DLL vulnerability interferes with some applications
Microsoft’s tool to protect against the DLL hijacking vulnerability results in some programs no longer working properly. Users who want to use the tool to prevent attackers from passing infected libraries to trusted applications should set the new registry key DWORD value to 0xFFFFFFFF (“ffffffff”). This removes the working directory, which could be located on a network share, from Windows’ list of locations to search for DLLs. But this causes problems for programs that use this search behavior, but are not vulnerable to DLL hijacking.

Full Story:
http://www.h-online.com/security/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html

Hackers deface Philippine government sites
The Philippine government has asked all of its federal agencies to tighten security of their official Web sites following last week’s hacking of the Philippine Information Agency (PIA) Web site, Xinhua reported. A government official said in a press statement the executive branch is adopting “best practices” to make government Web sites less vulnerable to intrusion. PIA is the official information arm of the Philippine government. The information agency Web site was down for several hours after it was hacked by a user named “7z1.” The defaced Web page displayed a Chinese flag on a black background. The cyber attack was made almost a week after the Manila hostage tragedy in which eight Hong Kong tourists were killed. It is, however, unknown if the hack attack was related to the widespread public anger that followed the hostage situation.

Full Story:
http://www.thenewnewinternet.com/2010/08/30/hackers-deface-philippine-government-sites/

Quantum system hacked in ‘blinding’ attack
Researchers at the Norwegian University of Science and Technology (NTNU) have discovered a way to hack quantum network traffic using currently available technology. Quantum signals are touted as perfectly secure, since the act of observing the signal changes it and alerts the receiver to the interception. However, the researchers discovered a way to use a 1 milliwatt laser to fool the receiver into believing the message has not been tampered with, when in fact it can be harvested using traditional techniques. “Our hack gave 100 percent knowledge of the key, with zero disturbance to the system,” a researcher from NTNU told Nature. “We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing.” “Blinding” the receiving station allowed the team to harvest the data they needed. The attack worked on two commercially available quantum cryptography systems from Swiss firm ID Quantique, and a MagiQ Technologies system built in the United States. The team contacted both companies before publishing its research, and patches have now been issued.

Full Story:
http://www.v3.co.uk/v3/news/2268908/quantum-system-hacked-blinding

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_090110.pdf

Full Story:
http://www.globalsecuritynewswire.org/gsn/nw_20100827_1692.php

Too many disclose sensitive information on social networks
Social networking users should be careful when accepting friend requests, and must be conscious of the data they share. According to a new study by BitDefender, social network users do not appear to be preoccupied with the real identity of the people they meet online or about the details they disclose while chatting with total strangers. The study revealed that 94 percent of those asked to “friend” the test profile, an unknown, attractive young woman, accepted the request without knowing who the requester really was. The study sample group included 2,000 users from all over the world registered on one of the most popular social networks.  After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc –- information usually requested as answers to password recovery questions. Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.

Full Story:
http://www.net-security.org/secworld.php?id=9793

ATM makers patch Black Hat cash-dispensing flaw
Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by a researcher at the 2010 Black Hat conference. Hantle (formerly Tranax) and Triton released separate bulletins to address the issue, which lets a remote hacker overwrite the machine’s internal operating system, take complete control of the ATM and send commands for it to spew cash on demand. At the Black Hat conference, the researcher demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

Full Story:
http://www.zdnet.com/blog/security/atm-makers-patch-black-hat-cash-dispensing-flaw/7210

Crime or espionage?
Zeus is a well known crimeware tool kit that is readily available online. Typically, Zeus has been associated with banking fraud. Recently, there have been a series of attacks using the Zeus malware that appear to be less motivated by bank fraud and more focused on acquiring data from compromised computers. The themes in the e-mails — often sent out to .mil and .gov e-mail addresses — focus on intelligence and government issues. After the user receives such an e-mail, and downloads the file referenced in the e-mail, his or her computer will likely become compromised by the ZeuS malware used by the attackers and will begin communicating with a command and control server. It will then download an additional piece of malware, an “infostealer,” which will begin uploading documents from the compromised computer to a drop zone under the control of the attackers. What appears to be a one-off attack using Zeus, the author believes, is actually another round of a series of Zeus attacks.

Full Story:
http://www.infowar-monitor.net/2010/08/crime-or-espionage/

American Eagle Outfitters learns a painful service provider lesson
As American Eagle Outfitters learned in July, even if a company does everything right to ensure disaster recovery and business continuity plans are in place, Murphy’s Law sometimes takes over. And problems can be compounded if one rely on an outsourcer for disaster recovery services. The multibillion-dollar clothing retailer suffered an 8-day Web site outage because its Oracle backup utility failed — and then an IBM disaster recovery site was not up and running as it should have been, according to a report from StorefrontBacktalk.com. American Eagle did not dispute the basic account of what happened, though a spokeswoman said a few details were incorrect. According to a reporter from StorefrontBacktalk.com, which monitors retail Web sites, the outage began with a series of server failures. The reporter, who said he spoke with an unnamed IT source at American Eagle, said a storage drive failed at an IBM off-site hosting facility. That failure was followed by a secondary backup disk drive failure. Once the drives were replaced, the company attempted a restore of about 400GB of data from backup, but the Oracle backup utility failed, possibly as a result of data corruption. Finally, American Eagle attempted to restore its data from its disaster recovery site, only to discover the site was not ready and could not get the logs up and running. 

Full Story:
http://www.computerworld.com/s/article/9182159/ 

Once-prolific Pushdo botnet crippled
Security researchers have disrupted the botnet known as Pushdo, a coup that over August 26 and 27 has almost completely choked the torrent of junkmail from the once-prolific spam network. Researchers from the security intelLigence firm LastLine said they identified a total of 30 servers used as Pushdo command and control channels and managed to get the plug pulled on 20 of them. As a result, the torrent of junkmail spewing from it dropped to almost zero August 26, according to figures from M86 Security Labs. Also known as Cutwail, Pushdo has long maintained a strong presence. It is known for spam that attempts to trick recipients into installing malware, and it also excels at hiding itself from intrusion-prevention systems, security researches have said. Its output has varied over the years with estimates as high as 20 percent of the world’s spam at some points. Pushdo was also notable for other technical feats, including its ability to pierce Microsoft Live by defeating its audio captchas.

Full Story:
http://www.theregister.co.uk/2010/08/27/pushdo_botnet_crippled/

Research experiment disrupts Internet, for some
An experiment run by Duke University and a European group responsible for managing Internet resources went wrong August 27, disrupting a small percentage of Internet traffic. The damage could have been far worse however, and the incident shows just how fragile one of the Internet’s core protocols really is, security experts said. The problem started just before 9 a.m. Greenwich Mean Time August 27 and lasted less than half an hour. It was kicked off when RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and Duke ran an experiment that involved the Border Gateway Protocol (BGP) — used by routers to know where to send their traffic on the Internet. RIPE started announcing BGP routes that were configured a little differently from normal because they used an experimental data format. RIPE’s data was soon passed from router to router on the Internet, and within minutes it became clear that this was causing problems. “During this announcement, some Internet service providers reported problems with their networking infrastructure,” wrote RIPE NCC’s in a note posted to the NANOG (North American Network Operators Group) discussion list. “

Full Story:
http://www.computerworld.com/s/article/9182558/

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_083110.pdf

Full Story:
http://www.computerworld.com/s/article/9181958/

25% of new worms are designed to spread through USB devices
In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. These types of threats can copy themselves to any device capable of storing information such as cell phones, external hard drives, DVDs, flash memories and MP3/4 players. The technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that about 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. And 27 percent confirmed the source of the infection was a USB device connected to a computer. There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players and digital cameras. 

Full Story:
http://www.net-security.org/malware_news.php?id=1444

Scareware hits U.K. airport terminals
Security experts are warning users to exercise extreme caution when using publicly available Internet access terminals after malware was discovered on a terminal in a U.K. airport lounge. In a blog post, a Symantec Hosted Services senior software engineer explained that on a recent trip he noticed one of the Internet-connected PCs in a “large airport in England” was infected with fake anti-virus software known as “Defense Center Installer.” Such malware claims a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection, he explained. The engineer argued that far more malicious threats than scareware could be present at such Internet-connected terminals including keyloggers, which could harvest sensitive user account information such as Web mail or online banking log-ins.

Full Story:
http://www.v3.co.uk/v3/news/2268766/scareware-hits-uk-airport

Apple kills Jailbreakme Mac bug
Apple has purged Mac OS X of a browse-and-get-hacked vulnerability that first came to light 3 weeks ago, when the popular Jailbreakme service used it to root fully patched versions of the iPhone. The buffer overflow flaw in an OS component that parses fonts was one of 13 vulnerabilities Apple fixed in an update released August 24. It allowed attackers to remotely execute malicious code on vulnerable machines simply by getting the user to view a booby-trapped PDF document. A related bug was patched 2 weeks ago in iOS, which powers the iPhone, the iPad and the iPod Touch. The vulnerability in the latter devices was being actively exploited by Jailbreakme, allowing users to jailbreak their device by doing nothing more than visiting the site and flicking a slider. 

Full Story:
http://www.theregister.co.uk/2010/08/26/jailbreakme_bug_patch/

Corporate ID theft used to jack code signing certificate
Security researchers with F-Secure have found a new set of spammed malware that uses corporate identity theft to steal Authenticode code-signing certificates. The attack vector is new because of the use of legitimate contact information. “This is something we’ve seen before,” the researchers write. ”But this case seemed odd because the contact information appeared very genuine. Usually a valid but malicious certificate uses clearly bogus or dubious details.” The use of legitimate contact information is particularly worrisome because it makes it difficult for certification authorities to discern legitimate requests. “When scammers have access to a company’s e-mail, it is very difficult for a CA to verify whether the request coming from the company is genuine,” the researchers write. ”Mistakes will also happen in the future. It is very likely that we’ll see more of these cases in which an innocent company with a good reputation is used as a proxy for malware authors to get their hands on valid certificates.”

Full Story:
http://www.thenewnewinternet.com/2010/08/26/corporate-id-theft-used-to-jack-code-signing-certificate/

Careful with that third-party Web widget
Small- and mid-sized businesses use a lot of third-party Web applications: It saves them money and allows them to embed expertise that they might not otherwise have. But it can also open up their business and their customers to attack. The recent Network Solutions incident shows how this practice can go very wrong: Ten days ago, the Internet domain provider learned that a Web-services widget that it had placed on at least 120,000 parked Web pages was infecting visitors with malware. The firm reportedly downloaded the widget, known as the Small Business Success Index, on third-party online directory WidgetBox. As more businesses continue to use third-party code in their Web sites and import content from other sites, the security of their visitors increasingly relies on others. “Over the past five years, Web 2.0 has taken the world by storm,” says the chief technology officer of Web scanning firm Dasient. “As a Web site administrator, your security is actually dependent on a bunch of third parties, so you should make sure to monitor all your code and widgets.”

Full Story:
http://www.darkreading.com/smb-security/security/app-security/showArticle.jhtml?articleID=227001110

Malicious spammers launch major fake anti-virus attack
SophosLabs’s worldwide network of email-monitoring stations has seen a tidal wave of malicious messages being spammed out with an attachment that redirects users’ Web browsers to a fake anti-virus attack. The e-mails have subject names such as: Parking Permit and/or Benefit Card Order Receipt; You’re invited to view my photos!; Appointment Confirmation; Your Bell e-bill is ready; Your Vistaprint Order Is Confirmed; and Vistaprint Canadian Tax Invoice. Opening the attached HTML file, however, redirects your Web browser to a hacked Web site containing a malicious iFrame (which Sophos detects as Troj/Iframe-FK). This, in turn, loads scripts from other Web sites that load a fake anti-virus attack that Sophos detects as Mal/FakeAV-EI. Mal/FakeAV-EI often disguises itself as a bogus version of McAfee VirusScan.

Full Story:
http://www.sophos.com/blogs/gc/g/2010/08/25/malicious-spammers-launch-major-fake-antivirus-attack/

Cisco issues security advisory for UC products
Cisco has released a security advisory to address vulnerabilities in a pair of its products. The company said that the update will plug security flaws in its Unified Communications Manager and Unified Presence lines. The US Computer Emergency Response Team (US-CERT) is advising administrators to review and install both updates. For the Unified Communications Manager, the update will patch a pair of security flaws that could allow denial-of-service attacks. Cisco said that an attacker could use a specially-crafted Session Initiation Protocol (SIP) message to trigger a processing error and bring down voice services on a targeted system. The Unified Presence patch also addresses the SIP-handling denial-of-service vulnerabilities within
the messaging platform. Cisco said that it has yet to receive any reports of exploitation in the wild. The company said that there are no known workarounds for the vulnerabilities, though a free update has been posted. Administrators can obtain the updates through their IT service providers or through the company’s technical assistance center.

Full Story:
http://www.v3.co.uk/v3/news/2268746/cisco-issues-security-advisory

Read The Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_082710.pdf

Full Story:
http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406495.html

IT security incidents prompt Nashville, Tenn., to strengthen policy
When more than 320,000 Nashville voters’ personal information was breached in late 2007, it was a turning point that propelled the incorporated Metropolitan Government (Metro) of Nashville and Davidson County to assess and define IT security policy, among other internal changes. A laptop was stolen from the Davidson County Elections Commission office, along with other electronic equipment, after someone threw a brick through a window, said the Metro technology chief. While there was no evidence voters’ Social Security numbers or other personal information was accessed, the laptop wasn’t encrypted, so the government had to assume the worst, he said. “We got a lot of [media] attention, as you might imagine,” said the technology chief, noting that along with the mayor and city council members, his voter registration information was on the stolen laptop. That was nearly three years ago. It was a wake-up call for the combined government, which has roughly 60 departments and agencies. The mayor, on the job just months before the security breach, set into motion a series of executive orders that established oversight boards and training programs, in hopes of preventing future security issues. A comprehensive security policy is set to go into effect this fall, and the Metro technology chief is in the process of hiring a chief information security officer to lead the effort.

Full Story:
http://www.govtech.com/gt/articles/768757

Increasing security on mobile applications will extend adoption
Many of today’s mobile applications have limited functionality from a lack of overall security, according to an Entrust study. And for mobile applications that feature transaction-based capabilities, the requirement for security is greater, highlighting a key concern for deploying organizations. Regardless of industry, organizations, retailers and financial institutions are using dedicated mobile applications. Entrust’s survey suggests that more organizations are developing or considering use of mobile applications if security, cost and ease-of-use requirements can be balanced. Application security remains a top concern, regardless of whether or not the organization had deployed transactional mobile applications in the past. Specifically, more than 50 percent of organizations that had not deployed such applications ranked it as one of their top three concerns, and more than 40 percent of those that had deployed the applications continued to rank it as a key concern. From an adoption standpoint, the survey discovered that about 80 percent of organizations offer online transactions via Web sites. Many of these organizations, however, do not yet offer this capability to mobile users. Of those that do, only 31 percent of the online services and capabilities are available via the mobile platform.

Full Story:
http://www.net-security.org/secworld.php?id=9785

Three million bogus YouTube pages discovered
Security firm Zscaler has discovered nearly 3 million phony YouTube pages, pushing unsuspecting users towards fake anti-virus (AV) downloads. The firm’s network security engineer explained in a blog post that the pages, which have all been indexed by Google, can be found by searching for ‘Hot Video.’ ‘‘The fake YouTube video page is covered by an invisible Flash layer and the Flash object automatically redirects the user to a fake AV page,’’ he explained. The HTML code on the pages includes links to legitimate sites such as Flickr.com, in order to make sure the content is indexed by search engines. The fake AV software is hosted on several domains, and are undetected by most security tools. Google Safe Browsing does not block 90 percent of these pages in Firefox, while the detection rate among AV vendors is only 11 percent.

Full Story:
http://www.v3.co.uk/v3/news/2268699/three-million-fake-youtube

The dramatic increase of vulnerability disclosures
Vulnerability disclosures are increasing dramatically, having reached record levels for the first half of 2010, according to the IBM X-Force 2010 Mid-Year Trend and Risk Report released August 25. Overall, 4,396 new vulnerabilities were documented by the X-Force Research and Development team in the first half of 2010, a 36 percent increase over the same time period last year. Over half, 55 percent, of all disclosed vulnerabilities had no vendor-supplied patch at the end of the period.

Full Story:
http://www.net-security.org/secworld.php?id=9784

Adobe fixes 20 vulnerabilities in Shockwave Player
Adobe Systems patched 20 security vulnerabilities in its Shockwave Player August 24. Most of the flaws could allow an attacker to run their own code on an affected computer. The vulnerabilities are in versions of Shockwave Player up to version 11.5.7.609, on both Apple’s Mac OS X and Microsoft Windows. The patched version is 11.5.8.612, according to an Adobe advisory. Eighteen of the problems could lead to code execution, while the remaining two are denial of service issues, one of which could possibly lead to remote code execution. Shockwave Player is used to display content created by Adobe’s Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content, and offers greater control over how those elements are displayed.

Full Story:
http://www.computerworld.com/s/article/9181759/

Apple releases Security Update for Mac OS X
Apple has released Security Update 2010-005 for its Leopard (Mac OS X 10.5.8 client and server) and Snow Leopard (Mac OS X 10.6.4 client and server) operating systems, resolving a total of 13 vulnerabilities – eight rated critical. Additionally, the update includes the 0.96.1 release of the open source ClamAV anti-virus toolkit used only by Mac OS X Server systems, closing several DoS vulnerabilities. The included version of PHP has also been upgraded from 5.3.1 to 5.3.2.

Full Story:
http://www.h-online.com/security/news/item/Apple-releases-Security-Update-for-Mac-OS-X-1065741.html

Symantec: Rustock botnet pumps most spam despite shrinking
A new report from Symantec put the Rustock botnet at the top of the heap for spamming in spite of the fact the number of infected computers under its control was slashed nearly in half. Rustock retained the top spot as the busiest spam-sending botnet on the Web this month despite the fact the number of bots under its control shrank. According to Symantec’s August 2010 MessageLabs Intelligence Report, Rustock increased its output from 32 percent of botnet spam in April to 41 percent in August. Ironically, this happened even though the number of Rustock bots dropping from 2.5 million to 1.3 million during that same period, researchers found. “Rustock has shrunk in size perhaps as a result of infected computers being cleaned or replaced,” speculated a MessageLabs Intelligence senior analyst for Symantec Hosted Services. “It is likely that a new variant of the Rustock botnet has been created to replace the bots that it has lost. This usually involves a new version of the Trojan code
being deployed, which at first appears as a new, unknown botnet. I would expect the botnet to grow again over the coming weeks and months.” In the meantime, Rustock has turned off its use of TLS encryption because of the large amount of computing resources it consumes. By turning off TLS encryption, the botnet can send great volumes of spam –- in this case, 192 spam e-mails per minute instead of 96.

Full Story:
http://www.eweek.com/c/a/Security/Symantec-Rustock-Botnet-Pumps-Most-Spam-Despite-Shrinking-799724/

Firefox, uTorrent, and PowerPoint hit by Windows DLL bug
A day after Microsoft confirmed a vulnerability in Windows applications that executes malicious code on end-user PCs, the first exploits have been released targeting programs including the Firefox browser, uTorrent BitTorrent client, and Microsoft PowerPoint. The attack code was posted August 24 to the Exploit Database. It included exploits for the Wireshark packet sniffer, Windows Live e-mail and Microsoft MovieMaker, in addition to those for the most recent versions of Firefox, uTorrent and PowerPoint. As many as 200 applications may be vulnerable to the so-called binary planting or DLL preloading attacks, according to the CEO of Acros Security, the Slovenia-based company that warned Microsoft of the issue 4 months ago. Microsoft said August 23 that the flaw stems from applications that do not explicitly state the full path name of DLL files and other binaries associated with the program. As a result, each application will have to be patched separately, rather than through a single Windows update. In addition to the four exploits, the CSO and chief architect of the Metasploit project has released an auditing tool to identify vulnerable applications. When combined with a module added to the Metasploit framework for penetration testers and hackers, it provides most of what is needed to exploit vulnerable programs.

Full Story:
http://www.theregister.co.uk/2010/08/24/windows_dll_casualties/

DDoS botnet family discovered targeting scores of sites
A new family of bots is responsible for nearly 200 distributed denial-of-service attacks targeting Web sites in China, the United States, South Korea and Germany, according to researchers at security firm Arbor Networks. The bot family, which has been dubbed “YoyoDDoS” after the hostname of one of its initial command-and-control (C&C) servers, was first detected in March. To date, Arbor Networks has processed more than 70 variants from the family and identified at least 34 C&C servers, all but three located in China. DDoS attacks use large numbers of compromised PCs to flood a targeted Web site with traffic with the goal of knocking it offline. Out of the 180 YoyoDDoS attacks that have been identified, 126 of them targeted IP addresses in China, while 32 targeted victims in the United States, 9 in South Korea, and 5 in Germany. Many online merchants have been targeted, including sites selling auto parts and cosmetics, a researcher said. Several gaming and gambling sites also were attacked, along with a Web site-hosting provider, a music forum and a personal blog. The attacks typically last from a few hours to 2 days, he added. Several sites have been attacked continuously for 24 to 48 hours.

Full Story:
http://www.scmagazineus.com/ddos-botnet-family-discovered-targeting-scores-of-sites/article/177429/

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_082610.pdf

Full Story:
http://www.net-security.org/secworld.php?id=9773

United Nations website contains SQL injection flaws three years after hack.
Three years after the United Nations’ Web site was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities. A security researcher who is CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities. A computer security expert, who develops the popular NoScript add-on for Firefox and a software developer working for InformAction, said the SQL injection-ridden UN website case is an example of how some organizations rely too heavily on setting rules to virtually “patch” their sites with Web application firewalls (WAFs) rather than actually fixing them. He said the bug used in the defacement was left unfixed for several months or more.

Full Story:
http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=226900111

Malware peddlers engaged in celebrity mass killings
Plane crashes and car accidents are the preferred methods of killing off celebrities in order to lure e-mail recipients into opening a malicious attachment, Symantec reports. Many names are rotated in the template e-mails sent in this recent malicious spam run, professing either that the celebrity in question was killed when a plane crashed into a mountainside or in an automobile accident. To find out more about the accident, potential victims are urged to download the attached file (Hot News.zip), which actually contains the ZeuS Trojan, waiting to be run. Even if the discrepancy between the name in the subject line and the actual content of the e-mail escaped a person’s notice, they can be sure it is never a good idea to open attachments or links contained in unsolicited e-mails. Perhaps the sender name or e-mail looks like it belongs to a reputable news agency, but that information can be faked.

Full Story:
http://www.net-security.org/malware_news.php?id=1440

Mobile devices threaten enterprises from within
Today, most office workers carry mobile phones into work. Much of the time, the devices are more advanced smartphones, such as Android-based phones, Blackberry devices, or Apple iPhones. The employees almost never consider the security implications of bringing connected devices behind a company’s firewall. Yet the trend has not escaped the notice of chief security officers and information-technology administrators. Smartphones are becoming prolific within enterprises, but the security teams do not really have a handle on how to secure the devices, said the CEO of Lookout, a mobile security firm.  In other words, insider attacks may come not from a malicious employee, but from an ignorant employee bringing a compromised device into the workplace. 

Full Story:
http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=226900118

Microsoft releases tool to block DLL load hijacking attacks
Microsoft August 23 responded to reports of potential zero-day attacks against a large number of Windows programs by publishing a tool it said would block known exploits. However, the company declined to confirm whether any of its own applications are vulnerable, saying it is currently investigating Microsoft made software.The advisory was its first public reaction to a wave of reports from researchers that developers have left a large number of Windows programs open to attack. Many Windows applications do not call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full pathname, but instead use only the filename, giving hackers wiggle room. Criminals can exploit that by tricking the application into loading a malicious file with the same name as the required DLL. The result: Hackers can hijack the PC and plant malware on the machine.

Full Story:
http://www.computerworld.com/s/article/9181518/

Hacking toolkit publishes DLL hijacking exploit
The appearance August 23 of exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications means hackers will probably start hammering on PCs shortly, security experts argued. “Once it makes it into Metasploit, it doesn’t take much more to execute an attack,” said the director of security operations for nCircle Security. “The hard part has already been done for [hackers].” The director was referring to the release earlier August 23 of exploit code by the founder of the Metasploit open-source hacking toolkit. The founder of Metasploit also issued an auditing tool that records vulnerable applications, information which can then be used to launch the exploit code that he crafted and added to Metasploit. Together, the tool and exploit create an effective “point-and-shoot” attack, said the founder.

Full Story:
http://www.computerworld.com/s/article/9181513/

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_082510.pdf

Full Story:
http://www.net-security.org/secworld.php?id=9739

U.S. military personnel targeted by malware
U.S. military personnel is again targeted by malware-peddling cybercriminals. Fake email purportedly coming from Bank of America is asking holders of Military Bank accounts to update them by following the given link. According to Trend Micro, the link takes them to a very faithfully recreated bank login page, where they must enter their account username and password. So far, there is no indication that this is an actual phishing page, but the possibility exists. In any case, whatever information the victims enter, clicking on the “Sign In” button will take them to a page where an “Update Tool” is offered: The provided executable file is actually a ZeuS variant. But even if the victims choose not to download and install it because they became suspicious at the last moment, it may be already too late. The attack doesn’t rely on manual download — it runs a multitude of browser exploits on the target systems as soon as the user lands on the page.

Full Story:
 http://www.net-security.org/malware_news.php?id=1439

Laptop with patient info stolen
Authorities said a laptop computer with personal information on 7,000 Cook County, Illinois health system patients has been stolen. A Cook County Health and Hospital System spokesman said the computer was stolen June 1, but its theft was not disclosed until August 20, after the completion of an internal investigation. He said the investigation determined the computer was password-protected and the information may have been deleted from the computer. However, because of the uncertainty, officials are notifying patients their information may have been compromised. He said officials have not seen evidence any of the information has been accessed or distributed. Officials said the laptop was used to transmit data for Medicaid and Medicare reimbursements.

Full Story:
http://www.kwqc.com/Global/story.asp?S=13021306

National Guard Bureau tells what not to write on Facebook
The National Guard Bureau is giving guard members specific guidance on how to control their privacy settings on Facebook, and what to avoid publishing on social media sites. The guidance advises guard members to use “friends only” privacy settings on social networking sites. It also warns that members’ social network “friends” and “followers” could be factors in background investigations when the members apply for security clearances. “Remember, what happens online is available to everyone, everywhere,” wrote the bureau’s public affairs director, in an August 16 news release about the policy. “There should be no assumption of privacy when guard members begin to interact with others online.” The guidance prohibits members from publishing any content distributed internally by the guard that has not been officially approved for release to the public. The policy bans publishing internal “memos, e-mails, meeting notes, message traffic, white papers, public affairs guidance, pre-decisional materials, investigatory information and proprietary information” if those materials are not specifically authorized for release, according to the news release.

Full Story:
http://fcw.com/articles/2010/08/20/national-guard-bureau-gives-advice-on-what-not-to-write-on-facebook.aspx

Researcher told Microsoft of Windows apps zero-day bugs 6 months ago
Microsoft has known since at least February that dozens of Windows applications, including many of its own, harbor bugs that hackers can exploit to seize control of computers, an academic researcher said August 22. At least 19 of the bugs can be exploited remotely, a Ph.D. candidate at the University of California Davis said in a paper he published in February and presented last month at an international conference. The candidate added his voice to a growing chorus of researchers who claim that a large number of Windows programs are vulnerable to attack because of the way they load components. Recently, a U.S. researcher said he had found at least 40 vulnerable applications, including the Windows shell. Shortly thereafter, Slovenian security firm Acros announced its homegrown tool had uncovered more than 200 flawed Windows programs in an investigation that began 4 months ago.

Full Story:
http://www.computerworld.com/s/article/9181358/ 

Anti-virus products struggle against exploits
Most anti-virus products designed for use in businesses do a poor job of detecting exploits that hacked and malicious Web use to foist malware, a new report concludes. Independent testing firm NSS Labs looked at the performance of 10 commercial anti-virus products to see how well they detected 123 client-side exploits, those typically used to attack vulnerabilities in Web browsers including Internet Explorer and Firefox, as well as common desktop applications, such as Adobe Flash, Reader, and Apple QuickTime. Roughly half of the exploits tested were exact copies of the first exploit code to be made public against the vulnerability. NSS also tested detection for an equal number of exploit variants, those which exploit the same vulnerability but use slightly different entry points in the targeted system’s memory. None of the exploits used evasion techniques commonly employed by real-life exploits to disguise themselves or hide from intrusion detection systems. Among all 10 products, NSS found that the average detection rate against original exploits was 76 percent, and that only 3 out of 10 products stopped all of the original exploits. The average detection against exploits variants was even lower, at 58 percent, NSS found.

Full Story:
http://krebsonsecurity.com/2010/08/anti-virus-products-struggle-against-exploits/

Intel’s purchase of McAfee not a game changer for security
Intel Corp.’s acquisition of antivirus software company McAfee Inc. will provide the computer chip manufacturer with real-time data about cyber threats that could influence how security is managed at the processor level, but it will have little direct impact on product development, according to security experts. Intel announced August 20 that it had agreed to pay $7.68 billion in cash for McAfee, which will function as a wholly owned subsidiary of the leading chip producer. McAfee’s existing software portfolio, which focuses on intrusion detection, antivirus, and firewall technology, offers little opportunity to enhance security features of the microprocessor, said the chairman and chief executive officer of security software company NetWitness and former director of the Homeland Security Department’s National Cybersecurity Division.

Full Story:
http://www.nextgov.com/nextgov/ng_20100820_2804.php?oref=topnews

Blogger identifies privacy flaw in Facebook Places
The Facebook Places application has been accused of falling short when it comes to protecting its user’s locational privacy. A information security blogger and assistant professor at the school of information studies at the University of Wisconsin claimed Facebook Places falls short on privacy as non-authorized check-ins by friends are visible. He said Facebook has tried to do a better job addressing privacy with Places compared to some previous launches of new “features.” However, he noted that as he has played around with the service, he claimed to have uncovered a problem with Facebook’s assertion that “no one can be checked in to a location without their explicit permission.” He said: “While Places is largely an opt-in service — one needs to install and use it on a mobile device — anyone can be ‘checked-in’ to any place by a friend. This can happen regardless of whether you use the service yourself. If you get checked into a place by someone, and you haven’t already authorized the service or these kinds of check-ins, you’ll receive an e-mail asking if you want to allow check-ins by friends.” He said that his wife had been “checked in” despite not authorizing use of the feature. If any of his friends looks at his Facebook feed, they will see the status update of his check-in at the store, with his wife’s name there. Her name also appears with his check-in on the location’s page, which is automatically generated by the places service.

Full Story:
http://www.scmagazineuk.com/blogger-identifies-privacy-flaw-in-facebook-places-as-foursquare-co-founder-calls-the-tool-boring/article/177307/

Trojan simulates MS Security Essentials Alert, peddles fake AV
A Trojan imitating a Microsoft Security Essentials Alert has been spotted trying to convince users their computer is infected and that the only thing to do is to pay for one of the five fake antivirus solutions offered. Whether a user clicks on the “Clean computer” or the “Apply actions” button, she is told that the program cannot clean the computer and is prompted to use an online scanner, reports a researcher of Bleeping Computer. The computer is purportedly scanned by 35 antivirus solutions — 30 legitimate and 5 fake — but only the fake ones (Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit, AntiSpySafeguard) “detect” the Trojan. In fact, all of these fake solutions are one and the same, but with different names and graphical user interfaces. Whichever one choose to install, it will reboot one’s computer, run automatically and begin a fake scan. The result is always the same: the computer is full of malware. The fake AV has managed to clean some of it, but there are still numerous infected files that only the full (paid) version can remove. The program also terminates some of the other programs a user may attempt to start, saying that they are also infected.

Full Story:
http://www.net-security.org/malware_news.php?id=1438

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_082410.pdf

Zeus Trojan spreading through zip files
The Zeus Trojan is back again, looking to spread through zip files. Zeus, which is one of the most commonly found pieces of malware, is believed to be one of the most prevalent on the Internet, infected millions of users. Researchers with F-Secure have found a new spam set working to disseminate the Zeus malware through infected zip files. “Just now we’ve been watching a spam run with malicious ZIP files attached to them,” a researcher writes. “Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies.” The malware appears to also download other components from two sites hosting malware in Russia.

Full Story:
http://www.thenewnewinternet.com/2010/08/18/zeus-trojan-spreading-through-zip-files/

Panel drafts privacy recommendations for health data exchanges
A “tiger team” that advises the federally chartered Health IT Policy Committee will submit a list of recommendations on August 19 for ensuring the privacy and security of personally identifiable health information in Health Data Exchanges. The recommendations were developed in response to a specific set of privacy-related questions raised by the Office of the National Coordinator for Health Information Technology. They touch upon and clarify topics such as patient consent and the use of third-party service providers in the exchange of personally identifiable health information. One of the bigger recommendations relates to patient consent. The direct exchange of electronic patient data between health providers for treatment purposes does not require any additional patient consent, the panel noted. The same rules that apply to paper or faxed exchanges of health information should apply in the electronic realm as well.

Full Story:
http://www.computerworld.com/s/article/9180895/

Hospitals worried about breaches, survey shows
As the majority of hospitals prepare for the transition to electronic medical records (EMRs), most consider data breaches and unauthorized access to their clinical applications their biggest worry, a new survey shows. About 80 percent of IT professionals at hospitals in the survey, conducted by Imprivata, said locking down patient information from breaches and unauthorized access is a top priority, up from 62 percent last year. And 76 percent cited confidential data breaches or abuse of their clinical applications as their biggest security concerns.

Full Story:
http://www.darkreading.com/authentication/security/government/showArticle.jhtml?articleID=226700498 

40 Windows apps contain critical bug, says researcher
About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said August 18. The bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs, said the chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit. He did not reveal the names of the vulnerable applications or their makers. Each affected program will have to be patched separately. The security officer first hinted at the widespread bug in a message on Twitter August 18. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm. That advisory detailed a vulnerability in iTunes for Windows that hackers could exploit by persuading users to download and open a malformed media file, or by duping them into visiting a malicious Web site, where they would fall prey to a drive-by attack. Apple patched the iTunes for Windows bug last March when it updated the music player to Version 9.1. According to Apple, the bug does not affect Mac machines.

Full Story:
http://www.computerworld.com/s/article/9180901/

Facebook recommends spam profiles to users
A feature on Facebook designed to suggest new friends to users is also pushing spam profiles, according to security researchers. Researchers with F-Secure said the “People You May Know” section of Facebook appears to utilize search history in providing options for possible new connections. “I frequently search for spam related keywords, and today, two spam accounts were recommended to me,” a researcher writes. By searching deeper, the researcher was able to find a series of spam accounts created on the same date.

Full Story:
http://www.thenewnewinternet.com/2010/08/18/facebook-recommends-spam-profiles-to-users/

Researcher cracks ReCAPTCHA
A researcher earlier this month demonstrated how he solved Google’s reCAPTCHA program even after recent improvements made to the anti-bot and anti-spam tool by the search engine giant. An independent researcher also released the algorithms he wrote to crack reCAPTCHA. He had published a white paper on the hack prior to presenting his research at Defcon in Las Vegas, and said that Google made several fixes to reCAPTCHA that defeated several of his algorithms before he was scheduled to give his presentation. He then quickly came up with a few additional approaches with his algorithms, and said he was able to beat the updated reCAPTCHA 30 percent of the time. Google, however, thus far has not seen any signs of this being actively used in the wild.

Full Story:
http://www.darkreading.com/authentication/security/vulnerabilities/showArticle.jhtml?articleID=226700514

Facebook login page still leaks sensitive info
Facebook’s log-in system continues to spill information that can be helpful to phishers, social engineers and other miscreants attempting to scam the more than 500 million active users of the social networking site. When a legitimate e-mail address is entered along with an incorrect password, the authentication system returns an error that reads: “Please re-enter your password. The password you entered is incorrect. Please try again (make sure your caps lock is off).” When an e-mail address that doesn’t belong to a Facebook user is entered, the response is: “Incorrect Email. The email you entered does not belong to any account.” The difference in the wording makes it possible for anyone to discern whether a given e-mail address is registered on Facebook, even when the corresponding password is unknown. The flaw was flagged by a Register reader who is a security analyst for EMC Corporation’s Critical Incident Response Center who calls it “one of the oldest security malpractices in the book.” The configuration makes it possible to verify the validity of huge numbers of e-mail addresses. It has been in place since last week, when Facebook developers fixed a much more serious bug that allowed attackers to match unknown e-mail addresses with users’ pictures and full names. It worked even for accounts that were configured to be private. It came to light after a researcher published a simple script that could quickly scrape large numbers of names and pictures that corresponded to e-mail addresses.

Full Story:
http://www.theregister.co.uk/2010/08/18/facebook_login_info_leak/

Twitter app demonstrates spammers have nothing to worry about
A fun, seemingly innocuous Twitter application created by a Scottish teenager became a good example of how easy is to trick even technologically savvy users into participating in a spam operation. The application — named Twifficiency — ostensibly calculates a user’s Twitter efficiency score using an algorithm that takes into account the number of people who follow the user, of people who the user follows, tweet frequency, and other variables. According to Softpedia, the resulting score doesn’t actually tell you anything significant about your Twitter habit, but seemed to be enough of an incentive to make people curious and willing to try it. But then, their Twitter account started sending out messages: “My Twifficiency score is #%. What’s yours? http://twifficiency.com/,” and they were not amused anymore. It turns out that to use the application, one must agree to let it tweet the score from one’s own account. And this condition was not hidden — it is stated clearly on the application page: “Twifficiency will tweet your score on your behalf. Do not use this app if you do not consent to this.”

Full Story:
http://www.net-security.org/secworld.php?id=9756

New ICQ worm infects thousands of users
According to hundreds of reports posted in the past 48 hours on Russian forums and blogs, there’s a new computer worm currently spreading and infecting users on ICQ. It seems that the outbreak started sometime yesterday and manifests itself as a message received from a friend followed by a file transfer request for an 916.5 KB executable called snatch.exe. The rogue messages seem to vary, with “Look ))”, “No, look )))”, “well, a mini game-type )” or “ hello!” being just a few examples. The threat seems to be of Russian origin, which is not unusual since ICQ is the most popular instant messaging (IM) application in the country. According to a report on the VirusInfo forum (in Russian), the new worm is detected as IM-Worm.Win32.QiMiral.ax by Russian antivirus vendor Kaspersky Lab. Once executed, the malware takes control over the IM application and sends copies of itself to everyone in the account’s contact list.

Full Story:
http://news.softpedia.com/news/New-ICQ-Worm-Infects-Thousands-of-Users-152599.shtml

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_082010.pdf

Full Story:
http://www.networkworld.com/news/2010/072910-black-hat-android-hack.html?hpg1=bn

Cheat an ATM? Spy on secure web traffic? Hackers show how at BlackHat
Researchers have uncovered new ways that criminals can spy on Internet users even if they are using secure connections to banks, online retailers or other sensitive Web sites, as determined hackers can sniff around the edges of encrypted Internet traffic to pick up clues about what their targets are up to. The problem lies in the way Web browsers handle Secure Sockets Layer, or SSL, encryption technology, according to the researchers. SSL is widely used on sites trafficking in sensitive information, such as credit card numbers, and its presence is shown as a padlock in the browser’s address bar. The approach by the researches was not to break it. They wanted to see instead what they could learn from what are essentially the breadcrumbs from people’s secure Internet surfing that browsers leave behind and that skilled hackers can follow. Their attacks would yield all sorts of information. It could be relatively minor, such as browser settings or the number of Web pages visited. It could be quite substantial, including whether someone is vulnerable to having the “cookies” that store usernames and passwords misappropriated by hackers to log into secure sites.

Full Story:
http://www.foxnews.com/scitech/2010/07/30/web-security-fears-black-hat/?test=latestnews

Bugs allowed access to Black Hat streams for free
A Web application security researcher has uncovered several security issues in the Black Hat Uplink portal. The bugs allowed users to view the real-time video streams from the security conference without paying the access fee. Black Hat and its sister conference DEF CON, are widely viewed as the top security events and hacker gatherings in the world. At this Black Hat USA edition, the organizers are providing a portal, where non-participants can view the presentations and keynotes in real time over the Internet. Dubbed the Black Hat Uplink, the system gives paying users access to two separate video streams, as well as post-conference material.

Full Story:
http://news.softpedia.com/news/Bugs-Allowed-Access-to-Black-Hat-Streams-for-Free-149817.shtml

Panda Security, Defence Intelligence help bring down butterfly botnet author
Spain’s Panda Security and Canada’s Defense Intelligence provided key information to the FBI and international authorities that led to catching 23 year-old, “Iserdo,” the confirmed author of the Butterfly botnet kit. With their partners in the Mariposa Working Group, the two security firms identified Iserdo by analyzing the software behind the Mariposa botnet that compromised millions of systems worldwide. Iserdo was arrested last week in Maribor, Slovenia, and is currently free on bail.

Full Story:
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=226300214

Microsoft, Adobe collaborate to protect against online threats
On July 28, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems Inc. Microsoft also discussed the new policy of coordinated vulnerability disclosure and introduced new tools and guidance that will improve online security for its customers.

Full Story:
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=226300159&subSection=Vulnerabilities+and+threats

FBI details worst social networking cyber crime problems
The FBI has in the past two years seen a major uptick in the use social networking accounts such as Facebook and MySpace for cyber crime, and July 28 it detailed that problem to the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. “Regardless of the social networking site, users continue to be fooled online by persons claiming to be somebody else,” an assistant director of the FBI’s Cyber Division told the subcommittee. “The surge in the use of social networking sites over the past two years, has given cyber thieves and child predators new, highly effective avenues to take advantage of unsuspecting users.”

Full Story:
http://www.networkworld.com/community/node/64266

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_080210.pdf

Full Story:
http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841

Zeus bot latches onto Windows shortcut security hole
Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems. Zeus-contaminated emails pose as security messages from Microsoft, containing contaminated ZIP file attachments laced with a malicious payload that utilises the lnk flaw to infect targeted systems.

Full Story:
http://www.theregister.co.uk/2010/07/27/zeus_exploit_shortcut_hole/

Attacks on Windows XP continue to grow, security experts say
Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft’s “Security Intelligence Report Volume 8.” The report covers July 2009 through December 2009. Once again, the United States is the top destination for malware, with China and Brazil running second and third. The infamous Conficker worm continues to be among the top five in terms of malware growth. Other familiar mainstays in the top five are the Taterf worm (tops the list for total infections) and Alureon in the Trojan virus category. In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample. Windows XP SP3 will continue to get security updates until April 2014. However, Microsoft stopped supporting the XP Service Pack 2 July 13. That operating system, along with Windows 2000, no longer gets security updates from Microsoft.

Full Story:
http://gcn.com/articles/2010/07/26/windows-xp-widely-used-widely-attacked.aspx

Foxconn suspends operation at a facility in India
Foxconn International, one of Hon Hai Precision’s subsidiaries and maker of Apple’s iPhone among other products, suspended operations at a mobile phone parts manufacturing facility in India after about 250 workers at its facility in the Kancheepuram District of the Tamil Nadu near Chennai “experienced sensations of giddiness and nausea” July 23. The company said the employees were treated at a nearby hospital, most of them being released after treatment, and that the incident would not affect its business. 

Full Story:
http://www.reuters.com/article/idUSTOE66Q00G20100727

Third-party content could threaten websites, study says
A report by Dasient, a security start-up company, found that third-party content can be compromised to gain access to a corporate website, but most companies do not do much to secure it. Many websites today are running outdated, vulnerable third-party applications. Across all verticals, Dasient found up to 91 percent of businesses had outdated software applications, such as a content management, blogging, or shopping cart systems. Attackers are using ad networks and widgets to help give scale to their malware attacks.

Full Story:
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=226200300

WPA2 vulnerability found
Wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named “Hole 196” by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight. The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.

Full Story:
http://www.pcworld.com/article/201822/wpa2_vulnerability_found.html

Citi, Apple disclose iPhone app security flaw
Banking giant Citigroup and iPhone maker Apple are encouraging users who downloaded Citi’s banking application for the smartphone to upgrade to a new version after a security flaw was discovered in the application. The flaw accidentally saves personal information, including access codes, bill payment information and even bank account numbers, onto the iPhone or any computer it has been synchronized with. The Wall Street Journal reported approximately 117,600 customers has been affected by the flaw since the app was launched in Apple’s App Store in March 2009, although the paper’s unnamed source said no personal data was exposed. 

Full Story:
http://www.eweek.com/c/a/Midmarket/Citi-Apple-Disclose-iPhone-App-Security-Flaw-440879/

Australian hacker pleads guilty
A young Australian computer hacker admitted in court July 26 that he infected more than 3,000 computers worldwide in a scheme to grab personal financial information. He pleaded guilty to seven counts in District Court in Adelaide, the Australian Broadcasting Corp. reported. Police alleged his software virus had the potential to infect up to 74,000 computers and was designed to capture banking details and credit card information.

Full Story:
http://www.upi.com/Top_News/International/2010/07/26/Australian-hacker-pleads-guilty/UPI-89971280127020/

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresourcescdr_072810.pdf