SECURITY WARNINGS & Notices - Please post them here

[CharleyO]

***

Microsoft Patch Tuesday Likely To Target XML Bug, IE9 Vulnerabilities

This month, the advisory specifies a total of nine bulletins, three of which are listed as critical with the remaining six listed as important.

“I expect them to fix an XML problem that they identified last month," said Wolfgang Kandek, CTO of Qualys. “This is in response to a zero-day attack that is already being used in the wild. Last Patch Tuesday, they provided a workaround. And while we recommend that people use the workaround, I'm expecting a very real patch coming out on Tuesday.”

Read more at :
http://www.crn.com/news/security/240003246/microsoft-patch-tuesday-likely-to-target-xml-bug-ie9-vulnerabilities.htm?cid=nl_sec


***

[AdrianH]

First ever malware app found in Apple Store

http://www.dailymail.co.uk/news/article-2170169/First-malware-app-Apple-Store.html

[Asyn]

Ransomware threatens to frame user and inform police
http://www.h-online.com/security/news/item/Ransomware-threatens-to-frame-user-and-inform-police-1632338.html

[REDACTED]

ZeroAccess: code injection chronicles

http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles

All Carberp botnet organizers arrested

http://www.eset.com/about/blog/blog/article/all-carberp-botnet-organizers-arrested/

Win32/Gataka: a banking Trojan ready to take off?

http://www.eset.com/about/blog/blog/article/win32gataka-a-banking-trojan-ready-to-take-off/

[polonus]

Hi Dim@rik,

On the same threat as you alert to: http://letsbytecode.com/security/zeus-is-not-visible-to-most-anti-viruses/  link article posted by synt4x in lestbytecode - Security

polonus

[Asyn]

Report: Android malware doubled in just one month
http://www.h-online.com/security/news/item/Report-Android-malware-doubled-in-just-one-month-1632587.html

[bob3160]

Report: Android malware doubled in just one month
http://www.h-online.com/security/news/item/Report-Android-malware-doubled-in-just-one-month-1632587.html

Fame, Fortune and, Infection. 

[!Donovan]

Google Play Fails to Remove All Super Mario Malware
https://www.f-secure.com/weblog/archives/00002398.html

[bob3160]

"A new #Android #Trojan that buys applications on behalf of users has been discovered on the China Mobile Martketplace.
[/size]Dubbed MMarketPay.A, the Trojan affects Chinese users subscribed to China Mobile, one of the world’s largest mobile phone carriers."
http://www.hotforsecurity.com/blog/100000-android-users-infected-with-application-buying-trojan-2706.html?goback=%2Egde_1003727_member_132561617


Has Avast's protection for the android OS addressed this issue

[Dch48]

I just read this article. I never use gadgets or the sidebar but I know the functionality is enabled.  It looks like it's time to get rid of them.

http://www.zdnet.com/security-flaws-signal-early-death-of-windows-gadgets-7000000724/

[Asyn]

Malware sniffs for Windows, Mac OS X or Linux
http://www.h-online.com/security/news/item/Malware-sniffs-for-Windows-Mac-OS-X-or-Linux-1636577.html

[Pondus]

Week 26 – Facebook’s week of evil
http://blogs.norman.com/2012/for-consumption/week-26-facebooks-week-of-evil

[CharleyO]

***

Windows, Linux, Mac OS X Hit by Cross-Platform Malware Attack

An attack has been discovered that serves up malware for all three platforms and opens up a backdoor on victimized systems.

Windows, Linux and Mac OS X are being targeted in a cross-platform malware attack, according to security experts.

Researchers at F-Secure spotted the attack on a Colombian transport site. The attack begins with a signed Java applet and a social engineering ploy in the form of a dialog box prompting the user to run an application despite its digital certificate not being verified.

Read more at :

http://www.eweek.com/c/a/Security/Windows-Linux-Mac-OS-X-Hit-by-CrossPlatform-Malware-Attack-566009/?kc=EWKNLEDP07132012B


***

[Asyn]

Over 1 million user credentials compromised in Android Forums hack
http://www.h-online.com/security/news/item/Over-1-million-user-credentials-compromised-in-Android-Forums-hack-1640164.html

[Lisandro]

Over 1 million user credentials compromised in Android Forums hack
http://www.h-online.com/security/news/item/Over-1-million-user-credentials-compromised-in-Android-Forums-hack-1640164.html

Because of this, we always recommend do NOT use the SAME password in all sites you login... Steal from one, steal from all others...