SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Urgent security update for TeamViewer
http://www.h-online.com/security/news/item/Urgent-security-update-for-TeamViewer-1648586.html

[Pondus]

New 'Madi' cyber-espionage campaign targets Iran AND Israel

Attackers 'fluent in Persian', say security sinkholers
http://www.theregister.co.uk/2012/07/17/madi_cyber_espionage_campaign/

more Madi

Iran: If the Madi cyber-strike was us it would've been another Stuxnet
http://www.theregister.co.uk/2012/07/20/madi_cyberspy_analysis/

[Asyn]

Spam attack on Dropbox users
http://www.h-online.com/security/news/item/Spam-attack-on-Dropbox-users-1646660.html

[Asyn]

Oracle Critical Patch Update Pre-Release Announcement - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

No patch for critical Oracle database vulnerability
http://www.h-online.com/security/news/item/No-patch-for-critical-Oracle-database-vulnerability-1649106.html

[CharleyO]

***

8 Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach

Call it a slow leak. Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The half-gigabyte collection of stolen user data was posted to the password-cracking forum Inside Pro earlier this month, where it remained online until late last week.

Read more at :
http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/


***

[CharleyO]

***

Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks

The next time you stay in a hotel room, run your fingers under the keycard lock outside your door. If you find a DC power port there, take note: With a few hacker tricks and a handful of cheap hardware, that tiny round hole might offer access to your room just as completely as your keycard.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

Read more at :
http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/


***

[CharleyO]

***

ATM Skimmers Get Wafer Thin

It’s getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM’s card acceptance slot.

See and read more at :
http://krebsonsecurity.com/2012/07/atm-skimmers-get-wafer-thin/


***

[.: Mac :.]

Hack Reveals Security Flaw with In-App Purchases

http://www.ign.com/articles/2012/07/14/hack-reveals-security-flaw-with-in-app-purchases

A Hack has been found to enable free in app purchases from the App Store for iOS Devices

[CharleyO]

***

Warning: Battery-saver app on Android is malware

A new piece of malware is trying to take advantage of poor battery life on Android smartphones. Cybercriminals have created an app that is supposed to reduce battery use, but in reality steals the user's contacts data stored on the device.

Android.Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location. The Trojan may arrive as a package with the following name: BatteryLong.apk.

See and read more at :
http://www.zdnet.com/warning-battery-saver-app-on-android-is-malware-7000001483/


***

[CharleyO]

***

Mom arrested for hacking school computers, tweaking her kids' grades

A US mother is facing six felony counts for allegedly hacking into her children's school computer, changing their grades, and accessing the school's human resources system to open thousands of personnel files that contained contracts, employee reports and other information.

Venusto is accused of changing her daughter's grade from an F to an M for "medical," of allegedly boosting her son's grade of 98 percent to 99 percent, and of using the superintendent's information to log onto the district email system and to access Northwestern Lehigh's human resources system.

Read more at :
http://nakedsecurity.sophos.com/2012/07/23/mom-hacking-school-grades/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=feed&utm_source=feedburner


***

[MikeBCda]

***

Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks

The next time you stay in a hotel room, run your fingers under the keycard lock outside your door. If you find a DC power port there, take note: With a few hacker tricks and a handful of cheap hardware, that tiny round hole might offer access to your room just as completely as your keycard.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

Sometimes you don't even have to go high-tech.  A few years ago when they were doing major roofing work on our apartment building (we're on the top floor), the management moved us to a nearby hotel for the weekend.  At one point I'd gone downstairs there (breakfast, maybe?), and because for some reason the room numbers didn't correspond with the floor they were on, coming back up I got off the elevator on the wrong floor.

My card opened "our" room just fine, and it was only when I didn't see any of our belongings that I realized my error.  Fortunately the room was unoccupied -- I'm guessing the hotel left unbooked rooms unlocked for the convenience of cleaning and other staff.

[polonus]

Hi friends,

Be aware that this could become a real threat: http://community.websense.com/blogs/securitylabs/archive/2012/07/20/a-malware-very-social-and-ready-for-the-olympic-games.aspx  (link post author = Gianluca Giuliani). Don't say we did not warn you to watch your clicks,

polonus

[polonus]

Keep your java up to date, go here to check: http://www.java.com/en/download/installed.jsp

Gigantic increase in java based malware recently.
See: http://blogs.technet.com/b/mmpc/archive/2012/07/25/how-to-protect-yourself-from-java-based-malware.aspx
(link article author = MS's Jeong Wook, Microsoft Malware Protection Center,

polonus

[Asyn]

Keep your java up to date, go here to check: http://www.java.com/en/download/installed.jsp

Gigantic increase in java based malware recently.
See: http://blogs.technet.com/b/mmpc/archive/2012/07/25/how-to-protect-yourself-from-java-based-malware.aspx
(link article author = MS's Jeong Wook, Microsoft Malware Protection Center,

polonus

No Java here for a long time...!!
Funny thing is that most users don't even know that most of them don't need it at all...

[polonus]

Hi Asyn,

What would help would be the extra click to allow it to run in a browser. I hope that will be brought in. Some browsers will keep it up to date for you, and the cases where you need the java functionality (specific scanners and applications) are becoming rare,

polonus