SECURITY WARNINGS & Notices - Please post them here

[Pondus]

How to Keep Your Facebook Data Private from Apps
http://blogs.norman.com/2012/for-consumption/how-to-keep-your-facebook-data-private-from-apps

[Asyn]

Text message provider to pay out for Android malware
http://www.h-online.com/security/news/item/Text-message-provider-to-pay-out-for-Android-malware-1585215.html

[bob3160]

Text message provider to pay out for Android malware
http://www.h-online.com/security/news/item/Text-message-provider-to-pay-out-for-Android-malware-1585215.html

The text message provider was actually fined for distributing malware.

[SpeedyPC]

No country is safe from 'Flame Super-virus'

http://www.news.com.au/technology/no-country-is-safe-from-flame-super-virus-attack-kaspersky-labs/story-e6frfro0-1226370960217

http://www.techweekeurope.co.uk/news/flamer-cyber-attack-iran-80049

[SpeedyPC]

Microsoft Warns Of Ongoing Conficker Infections

http://www.techweekeurope.co.uk/news/microsoft-ongoing-conficker-75066

[CharleyO]

***

Romanian Police Arrest Anonymous Hackers

Romanian Police on Monday announced that they had wiped out the local branch of the Anonymous hacker group after detaining 12 of its members.
On Monday police raided the homes of the members in ten towns and cities across the country, searching for evidence, including files and personal computers.
“The head of the group was 24-year-old Gabriel Balaneasa who, together with other two people, created the Anonymous group in Romania. This group accessed and compromised 29 websites in Romania and abroad,” police said in a press release.

http://www.balkaninsight.com/en/article/romanian-police-arrests-local-hackers


***

[CharleyO]

***

DOJ Hack Emphasizes the Need for Smart Cybersecurity Action

Last week, the U.S. Justice Department acknowledged that its Bureau of Justice Statistics website had been hacked. The hacker group Anonymous claimed credit for the hack and published 1.7 gigabytes of data. Included in the data were internal e-mails, which possibly contained personal or sensitive information related to crimes, criminals, and crime victims.

http://blog.heritage.org/2012/05/29/doj-hack-emphasizes-the-need-for-smart-cybersecurity-action/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+FoundryConservativePolicyNews+%28The+Foundry%3A+Conservative+Policy+News.%29


***

[Asyn]

Critical vulnerability derails Ruby on Rails
http://www.h-online.com/security/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html

[Left123]

Obama,Cyber attacks againast Iran and Stuxnet
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&hp

[polonus]

Big ongoing malware campaign - Detected BlackHole exploit kit HTTP GET request -- Detected malicious injected iframe -
flagged by urlQuery.net scan alerts,

Google for instance for this search query for the iFrame source url: htxp%3A%2F%2Fmazdaforumi.ru%3A8080%2Fforum%2Fshowthread.php%3Fpage%3D5fa58bce769e5c2c
and you will find a lot of sites that were infected recently...
also see: htxp://blog.dynamoo.com/2012/06/linkedin-spam-immerialtvru.html (link source article from The LinkedIn Team)

Reported to virus AT avast dot com,

polonus

[Pondus]

Meet the little box that could stop Flame and Stuxnet
http://news.cnet.com/8301-1009_3-57443738-83/meet-the-little-box-that-could-stop-flame-and-stuxnet/

[polonus]

Lots of Dutch users targeted by LicenseValidator.ex- , see: http://www.threatexpert.com/report.aspx?md5=5ae919b80bbec754f2e98c2d28ae5628
See: http://www.symantec.com/security_response/writeup.jsp?docid=2012-051102-1813-99&tabid=2
This trojan is a HTTPS-proxy infostealer, especially Firefox, Opera, maxton and IE browsers are infected via a Blackhole Exploit kit or an infected attachment,

polonus

[Asyn]

Why antivirus companies like mine failed to catch Flame and Stuxnet
http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/

[AdrianH]

http://www.pcadvisor.co.uk/news/software/3361791/microsoft-throws-kill-switch-on-own-certificates-after-flame-hijack/

Microsoft throws 'kill switch' on own certificates after Flame hijack.



(wondered why I got a Microsoft Update today)

[CharleyO]

***

Attackers Hit Weak Spots in 2-Factor Authentication

An attack late last week that compromised the personal and business Gmail accounts of Matthew Prince, chief executive of Web content delivery system CloudFlare, revealed a subtle but dangerous security flaw in the 2-factor authentication process used in Google Apps for business customers. Google has since fixed the glitch, but the incident offers a timely reminder that two-factor authentication schemes are only as secure as their weakest component.

http://krebsonsecurity.com/2012/06/attackers-target-weak-spots-in-2-factor-authentication/


***