O Cyber Newsletter um documento com notcias seleccionadas pela Equipa Multidisciplinar de Garantia da Informao (EqMd GI) do Gabinete Nacional

l de Segurana (GNS) sobre Cibersegurana em que se optou por manter a lngua original dos artigos. A grande fonte de obteno de informao o NATO Information Assurance Technical Center (NIATC), em Mons, Blgica e muita da informao publicada tambm poder ser obtida directamente da World Wide Web atravs dos links a azul.

CYBER Newsletter
Nmero: 32/2013 09-08-2013

FBI uses malware to spy on suspects via their phones

from net-security.org ()The FBI has been known to use malware to spy on suspects via their computers but mobile phones make even better sources.

Snowden : Seven Private Telecom Companies giving unlimited access to British spy agency
from thehackernews.com the latest release from Edward Snowden shows that the Vodafone, BT, Verizon and some other total seven Private Telecom Companies have been secretly collaborating with the British spy agency.

Latvia resists US call to extradite 'virus maker'

from bbc.co.uk Latvia is resisting calls to extradite a man the US alleges wrote a computer virus used to steal millions.

Chinese Hacking Team Caught Taking Over Decoy Water Plant

from technologyreview.com A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality.

Wi-Fi routers: More security risks than ever

from news.cnet.com More major brand-name Wi-Fi router vulnerabilities continue to be discovered, and continue to go unpatched, a security researcher has revealed at Defcon 21. Jake Holcomb, a security researcher at the Baltimore, Md.-based firm Independent Security Evaluators and the lead researcher into Wi-Fi router vulnerabilities, said that problem is worse than when ISE released its original findings in April.

Google Apps for Business security boosted with email alerts

from www.v3.co.uk Google has announced a new function for its Google Apps for Business suite of products, designed to offer improved security awareness for IT managers. The update brings the ability for administrators to set email alerts for any notable activity on their networks. The tool offers two types of alerts: user alerts and settings alerts.

Researchers warn of attacks from unprotected IPv6 traffic

from www.v3.co.uk Security firm NeoHapsis is warning that the protocol, which has been undergoing a rollout over the last several years, could be subject to a unique attack that redirects users to unwanted potentially malicious pages. Dubbed a SLAAC attack, the operation takes advantage of the client-side rollout of IPv6 and the built-in preference such systems have for the new protocol.

BREACH decodes HTTPS encrypted data in 30 seconds

from thehackernews.com A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas (Presentation PDF & Paper) by Gluck along with researchers Neal Harris and Angelo Prado, which allows hackers to decodes encrypted data that online banks and e-commerce sites from an HTTPS channel.

Russian Cyber Criminals selling hacked websites access in Underground stores

from thehackernews.com Underground sites more commonly offer access to networks of compromised machines or stolen credit card information. Webroot has uncovered a criminal underground store dedicated to selling access to more than tens of thousands of hacked legitimate websites.

The dying art of computer viruses

from grahamcluley.com 2

I think the first time I ever heard someone talk seriously about computer viruses was in 1988. I was studying computing in the leafy home counties of England, when I played a joke on a friend. I showed him that everytime I typed the letter s on my keyboard it would come up on the screen as ssh, slurring his words, and every now and then a loud -HIC!- would be injected into the text. You must have a virus!

NSA: Anonymous Could Cause Power Outages Through Cyberattacks

from gizmodo.com Anonymous already has a diverse set of tactics, including showing up to awards ceremonies. But the NSA is worried that its cyberattacks could bring about power outages across the US. The Wall Street Journal reports that Gen. Keith Alexander, director of the NSA, has described in private meetings how "Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack". These concerns haven't been aired publicly, but rather reported by people familiar with the gatherings.

Russians responsible for 30% of mobile malware

from .net.security.org Lookout investigated 10 Russian-based organizations, uncovering that the mobile malware industry in Russia has become organized and profitable. These malware businesses develop more than 60 percent of all Russian malware and have thousands of individual affiliate marketers and web properties advertising their malware.

Hundreds of Websites Using DNS from Webstekker Serve Malware

from news.softpedia.com A few hours ago, PC Web Plus reported that the website of the popular Dutch online electronics shop Conrad.nl was serving malware. Experts say that Conrad.nl is not the only site that exhibits this behavior. Yonathan Klijnsma, a security specialist at Dutch IT-Security company Fox-IT, says that hundreds of websites that use DNS from Netherlands-based hosting provider Webstekker also redirect visitors to malware.

Ethical hackers from SpiderLabs use natural language processing to help impersonate individuals in phishing attacks
from www.information-age.com Ethical hackers from SpiderLabs use natural language processing to help impersonate individuals in phishing attacks Phishing emails are an increasingly popular attack vector for hackers targeting businesses. Happily, many of them are so unrealistic they can be spotted by a reasonably savvy employee. The more sophisticated hackers use techniques such as spoofing the email address of one of the target's colleagues or friends.

Cybercriminals are doing a better job than the companies they target
from www.net-security.org What can you learn from reading the exploits of the most successful hacking ring ever brought to justice? Recently, the US Attorneys Office in NJ unsealed their indictment against a mostly Russianone American co-conspirator was also namedgang of cybercriminals who are alleged to have snatched over 160 million credit card numbers resulting in more than $300 million in losses over seven years.

LMGs researchers have created the worlds first proofof-concept cellular intrusion detection system (CIDS),
from www.lmgsecurity.co LMGs researchers have created the worlds first proof-of-concept cellular intrusion detection system (CIDS), which will enable enterprise security professionals to detect hacked smartphones cheaply and effectively, even in BYOD environments. Click here to download the full whitepaper with details. hacked smartphones pose extreme risks to national security. Infected smartphones can record surrounding audio, intercept text messages, capture location and usage data, and send all that stolen data back to an attacker.

Collaborative threat ThreatConnect

intelligence

platform

from

from www.net-security.org ThreatConnect launched the ThreatConnect Platform, a combination of analytical tools that assist in finding and analyzing threat indicators and community-based sharing features that enable communication and collaboration on emerging threats. Core to the platform are ThreatConnect Communities which allow organizations to participate in social networkingtype exchanges within broad customer, industry specific, and privately created communities. This core feature allows organizations to control who sees their information and the flexibility to participate in communities on topics of interest.

McAfee finds Windows worm in KFC Android app

from www. theinquirer.net ried chicken fans infected due to 'careless attitudes' of developers SECURITY FIRM McAfee has warned of a Windows worm that infects Android smartphones and tablets via a Kentucky Fried Chicken (KFC) app promoting discounted fried chicken at the fast food restaurant. Although the worm doesn't cause any harm to the Android devices that downloaded it, the finger lickin' Windows worm can spread among computers running Microsoft's PC operating systems.

Top destinations for cyber security pros

from www.net-security.org Semper Secure announced the results of its Cyber Security Census. Based on a survey of 500 cyber security professionals from 40 different industries across 43 states, the District of Columbia, and Puerto Rico, and underwritten by Northrop Grumman, NetApp, and 4

MeriTalks Cyber Security Exchange, the census reveals what motivates todays cyber security professionals as well as how to train and recruit the next generation.

Decoy water plant attracts hackers, Chinese APT1 crew

from www.net-security.org A Trend Micro researcher that has lately concentrated on finding out just how often industrial control systems are attacked and from where has shared the latest findings of his research involving decoy systems as honeytraps, and says that one of them has been targeted by the infamous APT1 Chinese hacking crew.

Attackers are taking advantage of old vulnerabilities

from www.net-security.org FortiGuard Labs observed a 30 percent increase in mobile malware in the labs over the last six months. The team is now seeing more than 1,300 new samples per day, is currently tracking over 300 unique Android malware families and over 250,000 unique malicious Android samples.

FBI's new iGuardian portal aims to ease cyber crime reporting

from www.computerworld.com.my An online portal launched by the FBI to gather information about cyber threats from companies could be an important step in fighting cyber crime, but information sharing between government and private industry remains a challenge, according to security pros. The FBI's iGuardian portal, launched last week, is a pilot program designed to give companies a designated location to report cyber threats they've encountered.

Parental control software booms to $1 billion industry

from www.computerworld.com.my The market for parental control software will be worth over $1 billion this year, driven by various cultural, educational, moral, and personal factors. Protecting children and teenagers in cyber space is a growing concern for parents, educators, and public administrators. ABI Research estimates that the global parental control software market to be worth $1.044 billion in 2013.

Malware fighter FireEye files for $175M IPO

from www.computerworld.com.sg FireEye could soon be known on the stock market as FEYE if its plans to go public in a $175 million bid made official with the SEC today come to fruition. As Network World wrote about earlier this year, FireEye was seen as a strong candidate to go public thanks to advanced anti-malware sandboxing technology that is the envy of more established IT security companies. Vendors such as McAfee and Palo Alto Networks have acknowledged some of their latest offerings are FireEye-like. FireEye also counts among its competitors Sourcefire, recently bought by Cisco.

Malware-as-a-service research finds

blossoms

in

Russia,

vendor

from www.computerworld.com.sg Highly organized Russian groups have transformed mobile hacking into an industrial scale business, a kind of "malware-as-a-service," complete with marketing affiliates, distributors and customer support. Ten such criminal enterprises are responsible for more than 60% of all Russian malware, and millions of dollars in fraudulent SMS toll charges against end users' phone bills.

Trojan Jumps on Android Master Key Bug

from www.isssource.com A Trojan exploiting a master key vulnerability in Android is infecting smartphones and tablets. The Android.Nimefas.1.origin Trojan brings attackers options for powers over the infected Android device, according to Russian security firm Dr Web, which found the malware. Android.Nimefas.1.origin can send text messages, transmit confidential information to criminals and allows intruders to remotely execute certain commands on the infected mobile device, Dr Web officials said.

Five scary hacks that could be exploited by criminals

from wtvr.com (CNN) If something can connect to a network, it can be hacked. Computers and phones are still popular targets, but increasingly so are cars, home security systems, TVs and even oil refineries. That was the message at this years Black Hat and DefCon computer security conferences, which took place last week in Las Vegas. The annual conferences draw a mix of computer researchers and hackers who present the latest bugs and vulnerabilities theyve discovered. Its a combination of public service, business and sport.

Espionage Program Still in Full Swing

from www.isssource.com The Comfoo remote access Trojan (RAT), a cyber espionage campaign that targeted RSA in 2010, is alive and well going after networks across the globe. The Advanced Persistent Threat (APT) attack gets into corporate and governmental networks across the globe, said Dell SecureWorks researchers Joe Stewart and Don Jackson in their new threat intelligence report.

Upgraded Botnet Advertised

from www.isssource.com How far does truth in advertising go when you are talking about cyber crime? That idea may come into play as the authors of the Andromeda botnet are advertising the release of a more dangerous version, researchers said. There an advertisement unveiling the upgrade on an unnamed cyber black market, warning businesses to remain vigilant, according to a report from security provider Trend Micro. The Andromeda botnet is still active in the wild and not yet dead. In fact, its about to undergo a major update real soon, the blog post said.

Cross-platform backdoor created with RAT available online

from www.net-security.org For malware authors and attackers, the ideal malware is that which works on as many platforms as possible. As Java is used in a wide variety of computing platforms, it stands to reason that applications written in Java make the perfect malware delivery method. McAfee Labs researchers have recently shared details about a seemingly ordinary piece of malware whose analysis reveals some interesting things.

Phishing attacks show sudden drop as criminals use servers for DDoS
from www.computerworlduk.com Phishing attacks appear to be falling back to their pre-2012 levels after the Anti-Phishing Working Group (APWG) recorded a sudden 20 percent fall in activity for the first quarter of 2013. The APWG records phishing crime in a number of ways, primarily through the number of unique phishing websites detected by its members, which dropped around 20 percent between the Q4 2012 and Q1 2013. Significantly, these fell to just over 35,000 in February, the lowest total recorded since late 2011, the APWG said.

What's Getting Hacked Now? Your Phone, Your TV and Your Toilet
from www.dailyfinance.com Think you're immune from hackers just because you've got an updated antivirus program on your computer? Well, think again. Hackers are regularly finding new and innovative ways to break into the various connected devices in your life. And security researchers are always publishing research demonstrating strange new methods that a determined hacker could use to invade your life. Here are a few of the terrifying threats we've come across lately.

The Curious Case of Encoded VB Scripts : APT.NineBlog

from www.fireeye.com We came across a rather peculiar TTP (Tools, Techniques, and Procedures) in a targeted attack we found recently. This targeted attack uses simpler techniques but still remains effective in infiltrating the target. The weaponized document that was part of this attack was intended for a victim in India as evident from the contents of the decoy document presented post exploitation. The main modules of this attack are implemented in encoded VB scripts as also recently seen with Janicab, however we do not see any connections between the two. It also employs encrypted callback communications over HTTPS.

NSA Linked to Spyware Hack on Privacy-Protecting Network

from www.slate.com 7

Was the U.S. government behind a new hacking spree aimed at unmasking people hiding their identity on the Web? Security experts think so. Users of the Tor browser reported Sunday that various websites hosted by the company Freedom Hosting had gone suddenly offline and had in some cases been infected with malware. Freedom Hosting provides socalled Tor hidden service servers that allow users to access websites available only through the Tor network. These sites are commonly referred to as being part of the dark Web and are used by activists and journalists who are attempting to evade surveillance. But hidden services also attract criminal elementsand are known to be used to share images of child abuse or to arrange drug deals.

Surtr: Malware Community

Family

Targeting

the

Tibetan

from citizenlab.org As part of our ongoing study into targeted attacks on human rights groups and civil society organizations, the Citizen Lab analyzed a malicious email sent to Tibetan organizations in June 2013. The email in question purported to be from a prominent member of the Tibetan community and repurposed content from a community mailing list. Attached to the email were what appeared to be three Microsoft Word documents (.doc), but which were trojaned with a malware family we call Surtr.1 All three attachments drop the exact same malware. We have seen the Surtr malware family used in attacks on Tibetan groups dating back to November 2012.

Google launches Android Device Manager for tracking lost and stolen smartphones
from www.theinquirer.net SOFTWARE DEVELOPER Google has launched a remote management tool for its mobile operating system called Android Device Manager. The feature, which is similar to Apple's Find My iPhone app, lets users of Android smartphones and tablets locate and remotely wipe the device if it is lost or stolen, a feature long called for by Android users. While firms like HTC, Sony and Samsung all have proprietary security tools on their Android smartphones, this is the first time Google has released such a feature.

12 tips on how to prepare your organisation for a cyber attack

from www.theguardian.com Be proactive: Cyber crime is here to stay and will become more complicated, the key element is how we defend against current and future threats. We must be more proactive in our approach to developing counter measures of the future.

Businesses battling cyber attacks

from www.irishexaminer.com The survey focused on high turnover companies, with 65% of those surveyed having a turnover in excess of 250m. The most common security breach was hacking, with 19% citing this as the main cause. Other common methods of attack include denial of service/distributed denial of service (14%) and malware (12%). 8

US agencies explore cybersecurity incentives for the private sector

from www.computerworld.com.sg U.S. government agencies are exploring new ways to provide incentives for private companies to invest more money in cybersecurity, President Barack Obama's administration has announced. The Departments of Homeland Security, the Treasury and Commerce have identified several potential incentives, including cybersecurity insurance, federal grants and legal protections for companies that invest additional money in cybersecurity efforts, Michael Daniel, Obama's cybersecurity coordinator, wrote in a blog post Tuesday.

ESET Mobile Security for Android gets an update

from www.net-security.org ESET rebuilt and redesigned ESET Mobile Security for Android. The next generation mobile product offers improved scanning, Anti-Phishing module and a completely redesigned user interface. The software enables Android smartphone and tablet users to enjoy safer mobile technology adventures with protection from both real world and digital threats.

German Companies View China, US as Top Cyber Threats

from www.voanews.com German companies consider the United States the second most threatening country for industrial espionage and data theft just behind China. Thats the conclusion of a survey of German company executives and information security managers at 400 companies conducted by the consulting firm, Ernst and Young, now known as EY.

Sentinel Labs kills cyber attacks right on your device with $2M
from venturebeat.com More money goes out to the security community today. Attack protection service Sentinel Labs got $2 million to stop malware right there on your device.

Pepco to Exelon Seek Rate Hikes to Deter Power Grid Hacks

from www.bloomberg.com Pepco Holdings Inc. (POM) and Exelon Corp. (EXC) are among the electric utilities seeking authority to raise customer rates or take other steps to recoup costs of meeting U.S. demands to protect the nations power grid from hackers. Utilities face increased expenses to comply with cybersecurity regulations being developed by President Barack Obamas administration, and representatives of several power companies said they want regulators to clarify how they can recover those costs. 9

Researchers release tool to pickup the SLAAC in Man-InThe-Middle attacks using IPv6
from www.computerworld.com.sg A group of researchers from Neohapsis Labs released a tool last weekend during DEF CON that drops the time needed for a Man-in-the-Middle attack using IPv6 (SLAAC Attack), from hours down to minutes or less. SLAAC, or Stateless Address Auto Configuration, is required on all IPv6 stack implementations. It's a mechanism, which allows a host to generate their own IPv6 addresses, even if routable addresses are assigned or pre-configured.

Cybersecurity report identifies banks, VOIP as top targets in Kenya

from www.computerworld.com.sg File sharing applications were listed second in terms of targeted enterprise applications, followed by email, Cacti, Cpanel, Adobe PDF, Software activation applications and Joomla and Wordpress. Interestingly, Makatiani says that Serianu is now seeing threats that are coming from the country and seem targeted at certain applications or firms. An unidentified server in the country has been sending baited PDF documents, which exploit out of date PDF software to install backdoors on users' computers when opened.

Digital stakeout of Chinese hacker gang reveals 100+ victims

from www.computerworld.com.sg A Chinese hacker gang whose malware targeted RSA in 2011 infiltrated more than 100 companies and organizations, and was so eager to steal data that it probed a major teleconference developer to find new ways to spy on corporations, according to researchers. The remote-access Trojan, or RAT, tagged as "Comfoo" is largely inactive, said a pair of veteran researchers from Dell SecureWorks, who presented their findings at last week's Black Hat security conference.

CIAs John Mullen Declares People Biggest Threat and Risk Management Best Defense
from www.infosecurity-us.com People present the greatest cyber vulnerability and educating them is key to protecting your valuable information, John K. Mullen, senior operations officer at the CIA told the audience at 2013 SINET Innovation Summit in New York, August 6th 2013.

Researchers create DIY IDS for identifying hacked smartphones

from www.net-security.org A group of researchers from LMG Security has leveraged a Verizon Samsung femtocell - a small cellular station for extending cell phone coverage range indoors or at the cell edge - to 10

create a relatively cheap cellular intrusion detection system that enables enterprises and private individuals to test their or their employees' smartphones for malware.

The Frightening Reality About How Easily Hackers Could Shut Down The US
from www.businessinsider.com Hacking into and shutting down industrial systems on which the U.S. relies is staggeringly easy, according to recent presentations from the Black Hat hacker conference. Picture this: A few pump station operators along New York City's water tunnels fire up their computers to check the status of various water pressure readings.

Cyberscare: Ex-NSA chief calls transparency groups, hackers next terrorists

from www.salon.com The cyberscare, like the redscare or the greenscare of the 90s, is already under way. Weve seen it take root with the fierce federal persecution of Aaron Swartz, the hefty charges and prison sentence facing LulzSec hacktivist Jeremy Hammond and the three-year jail sentence handed down to Andrew Weev Auernheimer for pointing out and sharing a vulnerability in AT&Ts user information network. On Tuesday, former NSA chief Michael Hayden put it into words.

Hand of Thief Banking Trojan Takes Aim at 'Secure' Linux OS

from www.infosecurity-us.com Hard on the heels of the discovery of the Russia-originated KINS banking Trojan, a different Cyrillic cybercrime team has developed a financial Trojan targeting the Linux operating system.

DHS building actionable response plans for cyber attacks on critical infrastructure
from www.federalnewsradio.com Even as they analyse and respond to operational cyber threats on a day-to-day basis, officials at the Homeland Security Department's National Cybersecurity and Communications Integration Center (NCCIC) say they're working to build concrete plans that public and private sector responders can act on in the event of a major attack in the future.

Picture password system promising to strengthen online security

from www.asunews.asu.edu An Arizona State University computer scientist is working to strengthen the line of defence in online security with a password-protection system that potentially helps enhance security features of the Microsoft Windows 8 computer operating system. 11

Twitter Improves its Authentication Offering

Security

with

Two-factor

from www.infosecurity-us.com When Twitter introduced SMS-based 2FA in May, it was both welcomed and criticized. Now that Twitter has launched a new, improved, more secure and app-based 2FA system, it is both welcomed and criticized yet again.

Windows worm accidentally bundled with KFC Android app

from www.computerworlduk.com McAfee has discovered malware targeting Windows users inside an Android app promoting Kentucky Fried Chicken (KFC) on Google Play, most probably embedded by accident by a careless developer unaware of its existence.

IBM Creates Programming Model For Brain-Like Computing

from www.techweekeurope.co.uk IBM has unveiled a whole new programming paradigm as it bids to become the leader in cognitive computing. Big Blue researchers believe for brain-like computing to become a reality, new programming languages and architectures are required.

PayPal Tests Payments Authorised By A Photo

from www.techweekeurope.co.uk PayPal looks to make the wallet-less high street a reality. PayPal has launched a trial in Richmond, London where people can use just an app and their face to authorise a payment. Customers can check in to an outlet by clicking on its name within the app. Their name and photo appear on the shops payment system.

Timing Attacks On Browsers Leak Sensitive Information

from www.darkreading.com Two attacks discovered by a security consultant exploit the way modern browsers render text and graphics to allow a malicious site to read sensitive information from other websites and expose a user's browsing history to an attacker.

Fixmo, BlackBerry Partner In Device Integrity, Tamper Detection For BlackBerry 10

from www.darkreading.com Fixmo, a leading provider of mobile security and risk management solutions, and BlackBerry; (NASDAQ: BBRY; TSX: BB) today announced plans to bring the Fixmo Sentinel device integrity verification and tamper detection solution to the BlackBerry; 10 platform. Fixmo Sentinel is used today throughout the U.S. Federal Government to meet the Security Technical Implementation Guidelines (STIGs) for mobile device deployments.

12

Chrome not the only browser that stores plain-text passwords

from www.net-security.org When choosing to import his Safari bookmarks and settings into Google's Chrome browser, software developer Elliot Kember discovered that although it seemed like he could opt out of importing his saved passwords.

Free tool for auditing Google Apps

from www.net-security.org BeyondTrust released PowerBroker Auditor for Google Apps, available for free, to the BeyondTrust user community. The tool was developed to ease the burdens associated with auditing these commonly used web applications for proper usage and compliance.

Hackers target Google Code developer website to spread malware

from www.theinquirer.net THE GOOGLE CODE developer website is being used by hackers to spread malware, security firm Z-Scaler has warned. According to Z-Scaler security researcher Chris Mannon who reported uncovering the ploy, cyber crooks are using the Google Code website as a fresh twist on their usual attack strategies.

Hackers Steal Identity Info of 72,000 at U of Delaware

from www.securitymagazine.com A cyberattack on a University of Delaware computer system exposed more than 72,000 people to identity theft and could cost the school millions of dollars. Hackers exploited a security flaw in Web-based software the university used and stole names, addresses, Social Security numbers and university identification numbers of current and past employees, including student workers, school officials said.

Website Servers Hacked To Host Images

from www.bbc.co.uk Dozens of businesses have been hacked and their computer servers used to host images of child sexual abuse, the Internet Watch Foundation has said. The charity said legal pornographic sites had also been attacked to redirect users to the illegal material. The offending material was sometimes accompanied by malware, it said.

DNS servers hijacked in the Netherlands

from isc.sans.edu Earlier this week reports started to appear that the DNS of several webhosting companies in the Netherlands had been hijacked and those using the services were being redirected to malware sites, notably blackhole. According to the notification by the provider (http://noc.digitalus.nl/dashboard/136/Storing-DNS-servers) requests were being forwarded to external name servers. The issue was picked up relatively quickly. According to Digitalus and other reports SIDN, the Foundation for Internet Domain Registration in the Netherlands suffered a breach which affected the domain name registration systems. The change was made at 0330 and the zone fully recovered by 0800, but that did mean that those who had 13

already erroneously resolved the malicious domains would retain those records for a typical 24 hours.

Flaw in E-mailing System Exposes Millions of Mexicans

from ww.hotforsecurity.com A massive numbers of Prodigy subscribers in Mexico have had their email conversations exposed overnight because of a security flaw in the companys mobile e-mail and web-based mail systems.

Banking Scam Targets Middle Georgia

from www.warnerrobinspatriot.com A scam crossing the state of Georgia could help criminals get their hands in your bank account. The scam starts with a text message, asking the recipient to call a number with the words "EXPRESS DIRECT". Upon dialing, this is the message at the other end of the line.

Barclays Clients Targeted by Phishers with 200 Fake Websites a Week

from ww.hotforsecurity.com More than 200 new phishing web sites have been created by cyber-criminals in the last week to mimic the authentic Barclays web page, according to Bitdefender data. The fake URLs spread via a new spam campaign targeting customers of the UK bank. Since the beginning of the year, Barclays has been one of the British banks the most abused by spammers.

US Airways customers lose miles in data breach

from www.bizjournals.com US Airways Group Inc. is notifying some customers that their Dividend Miles accounts may have been compromised in a recent data breach, the second one disclosed by the airline in a month.

The curious case of a CVE-2012-0158 exploit

from www.securelist.com CVE-2012-0158 is a buffer overflow vulnerability in the ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010. Although this vulnerability was patched by Microsoft more than a year ago, it seems that not everyone cared to install the updates. And those who didn't may be at risk of getting all their documents, pictures and databases encrypted by a new version of the Gimemo ransomware (detected by our products as Trojan-Ransom.Win32.Gimemo.beic).

14

Reveton Malware Replaces Locked Desktops with Fake AV

from www.threattracksecurity.com Reveton is a nasty and well known piece of Ransomware, typically hijacking the desktop with a locked screen and asking victims to pay up or else. The or else usually involves fictitious threats of law enforcement related justice being brought down upon their heads unless they pay up $200 via the scammers chosen payment method.

Bugtraq: [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
from securityfocus.com [security bulletin] HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)

Bugtraq: [security bulletin] HPSBUX02908 rev.1 - HPUX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
from securityfocus.com [security bulletin] HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

Bugtraq: [security bulletin] HPSBUX02907 rev.1 - HPUX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
from securityfocus.com [security bulletin] HPSBUX02907 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

Samsung Smart TV: Like A Web App Riddled With Vulnerabilities

from securityledger.com Smart television sets arent short on cool features. Users can connect to Facebook and Twitter from the same screen that theyre using to watch a TV show, or log into Skype and use a built in- or external webcam to have a video chat.

Georgia Tech finds another iOS vulnerability

from www.itwire.com Georgia Institute of Technology researchers are preparing to publicly reveal details of a technique they developed to hide malicious functionality within iOS apps from Apple's vetting process. The Trojan USB charger isn't the only way around iOS's security found recently by researchers at Georgia Institute of Technology. 15

Bugtraq: Huawei B153 3G/UMTS router WPS weakness

from www.securityfocus.com We confirm the presence of the security vulnerability on the following products/firmware versions: Huawei B153 3G/UMTS router, software version 1096.11.405.03.111sp02 Other device models and firmware versions are probably also vulnerable, but they were not checked. As required by the ISP that distributes this device to end-users, we do not disclose the full commercial name of the product, but only the manufacturer device model (i.e., Huawei B153).

Cross-platform backdoor created with RAT available online

from www.net-security.org For malware authors and attackers, the ideal malware is that which works on as many platforms as possible. As Java is used in a wide variety of computing platforms, it stands to reason that applications written in Java make the perfect malware delivery method.

Wireless carriers quick to patch SIM card vulnerability

from www.net-security.org (UPI Science News Via Acquire Media NewsEdge) Wireless carriers have fixed a bug that could have let criminals hack into hundreds of millions of cellphones, the security expert who exposed the flaw says. Cryptographer Karsten Nohl of Security Research Labs in Germany discovered the flaw that would allow the hacking of SIM cards found in cellphones and other mobile devices.

Oracle Java SE CVE-2013-2383 Remote Code Execution Vulnerability

from www.securityfocus.com Oracle Java SE CVE-2013-2383 Remote Code Execution Vulnerability.

Researcher builds botnet-powered distributed file storage system using JavaScript

from www.pcadvisor.co.uk The latest Web technologies can be used to build a secure and distributed file storage system by loading a piece of JavaScript code into users' Web browsers without them knowing, a researcher demonstrated Sunday at the Defcon security conference in Las Vegas. The botnet-type system is called HiveMind and was built by Sean T. Malone, a principal security consultant at penetration testing firm FusionX. HiveMind uses technologies like HTML5 WebSockets and Web Storage that are also used by legitimate Web applications. 16

VMware ESX and ESXi updates to third party libraries

from www.vmware.com ESX userworld update for OpenSSL library. The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-20130166 to these issues.

Multiple Cisco Products OSPF LSA Manipulation Vulnerability

from tools.cisco.com Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.

Two Vulnerabilities in NetworkMiner

from www.netresec.com NetworkMiner version 1.4.1 and older is vulnerable to DLL hijacking and contains a directory traversal vulnerability.

HP plugs password-leaking printer flaw

from www.theregister.co.uk HP has released patches for the affected LaserJet Pro printers to defend against the vulnerability (CVE-2013-4807), which was discovered by Micha Sajdak of Securitum.pl. Sajdak discovered it was possible to extract plaintext versions of users' passwords via hidden URLs hardcoded into the printers firmware.

17