SECURITY WARNINGS & Notices - Please post them here

[CharleyO]

***

ID Theft Service Tied to Payday Loan Sites

A Web site that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be obtaining at least some of its records from a network of hacked or complicit payday loan sites.

Usearching.info boasts the “most updated database about USA,” and offers the ability to purchase personal information on countless Americans, including SSN, mother’s maiden name, date of birth, email address, and physical address, as well as and driver license data for approximately 75 million citizens in Florida, Idaho, Iowa, Minnesota, Mississippi, Ohio, Texas and Wisconsin.

Users can search for an individual’s information by name, city and state (for .3 credits per search), and from there it costs 2.7 credits per SSN or DOB record (between $1.61 to $2.24 per record, depending on the volume of credits purchased). This portion of the service is remarkably similar to an underground site I profiled last year which sold the same type of information, even offering a reseller plan.

What sets this service apart is the addition of more than 330,000 records (plus more being added each day) that appear to be connected to a satellite of Web sites that negotiate with a variety of lenders to offer payday loans.

Read much more at :
http://krebsonsecurity.com/2012/09/id-theft-service-tied-to-payday-loan-sites/


***

[CharleyO]

***

Malware attack blasted out in "Important Changes to Microsoft Services agreement" email

If you received an email, apparently from Microsoft, claiming to be about "Important Changes to Microsoft Services Agreement" would you trust it?

From the naked eye, after all, it looks professionally presented, has Microsoft's funky new logo.. what could be wrong with this?

The text of the email *is* apparently genuine, as there was an actual Microsoft message - dated August 27 - that can be viewed here.

The clue which should ring your alarm bells about this latest email, however, comes in the attached file: Microsoft-Services-Agreement.pdf.exe.

To those lacking in caution (or indeed, those Windows users who haven't told their operating system to show filenames in full) the attached file might appear to be an Adobe PDF document rather than an executable file.

But sure enough, it is an EXE file. And it will embed itself as a backdoor Trojan horse in your Registry to automatically run on startup.

Read more at :
http://nakedsecurity.sophos.com/2012/09/17/malware-attack-blasted-out-in-important-changes-to-microsoft-services-agreement-email/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=feed&utm_source=feedburner


***

[CharleyO]

***

Banking malware Tinba infects 60,000 users in Turkey

The threat was named Tinba, or Tinybanker, because of its small size among banking malware, approximately 20 kilobytes ......

Tinba has affected more than 60,000 users in Turkey, primarily stealing login details from sites like Facebook, free German webmail service GMX, Google and Microsoft. The malware has also targeted government portals and Turkish banks to steal login information. Its infrastructure is believed to be located in Russia and Lithuania.

Read more at :
http://www.scmagazine.com/banking-malware-tinba-infects-60000-users-in-turkey/article/259138/


***

[SpeedyPC]

Internet Explorer security hole: Use other browser

NTERNET Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows' native web browser.

According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a "zero day exploit" which allows attackers to gain access to your personal data while you browse.

The forum claimed the exploit would give cyber criminals "the same privileges as the current user".
It claimed that 41 per cent of US and 32 per cent of global Internet Explorer users could be affected.

Microsoft confirmed that it was aware of the targeted attacks "potentially affecting some versions of Internet Explorer".

Director of Microsoft Trustworthy Computer, Yunsun Wee, told Fairfax that Internet Explorer 10 is not affected by the issue.

"We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit 3.0, which provides effective protections without affecting the web browsing experience," he said. "We will continue to investigate this issue and take further actions as appropriate."

http://www.dailytelegraph.com.au/technology/internet-explorer-security-hole-use-other-browser/story-fn5h1vlf-1226476456634


Microsoft urges computer users to install security tool

http://www.theage.com.au/it-pro/security-it/microsoft--urges-computer-users-to-install-security-tool-20120918-263vv.html

[true indian]

WTF! Mr.Flame has brothers that are unknown. 

https://www.securelist.com/en/blog/750/Full_Analysis_of_Flame_s_Command_Control_servers

The C&C code handles four different malware - named SP, SPE, FL and IP by the authors
The most recent malware is called "IP" and it is yet unknown.
Of the four malware, only Flame is known; the other three are currently unknown.
The development of the platform C&C code started as early as December 2006.

[bob3160]

Internet Explorer security hole: Use other browser

NTERNET Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows' native web browser.

According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a "zero day exploit" which allows attackers to gain access to your personal data while you browse.

The forum claimed the exploit would give cyber criminals "the same privileges as the current user".
It claimed that 41 per cent of US and 32 per cent of global Internet Explorer users could be affected.

Microsoft confirmed that it was aware of the targeted attacks "potentially affecting some versions of Internet Explorer".

Director of Microsoft Trustworthy Computer, Yunsun Wee, told Fairfax that Internet Explorer 10 is not affected by the issue.

"We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit 3.0, which provides effective protections without affecting the web browsing experience," he said. "We will continue to investigate this issue and take further actions as appropriate."

http://www.dailytelegraph.com.au/technology/internet-explorer-security-hole-use-other-browser/story-fn5h1vlf-1226476456634


Microsoft urges computer users to install security tool

http://www.theage.com.au/it-pro/security-it/microsoft--urges-computer-users-to-install-security-tool-20120918-263vv.html

IE10 is not affected. (There are advantages to running windows 8.

[DavidR]

Nor is Firefox or Chrome only IE, so win8 not required

[SpeedyPC]

IE10 is not affected. (There are advantages to running windows 8.

Shhhhhh. Bob I'm sure W7 users will be very happy staying where they are, and I'm not sure they wanted to upgrade from W7 to W8. I better grab W7 soon for my desk top computer as I already have a laptop with W7 64bit for my revit structural engineering design used

[CharleyO]

***

Google Adding 'Do Not Track' Into Chrome's Latest Developer Build

The privacy feature won't be available built-in for Chrome users until the release version of the next browser is ready, but the project is being pursued.

Google's Chrome browser project is beginning to add built-in "Do Not Track" capabilities to the latest developer's build of the open-source Web browser.

Do Not Track capabilities mean that users can choose to instruct their Web browsers not to show personal information about their Web searches using the Do Not Track controls that are being integrated into some browsers. By hiding information about their searches, users can block advertisers and Web sites from collecting and using that information to push targeted online ads and gain details about their surfing.

Read more at :
http://www.eweek.com/c/a/Security/Google-Adding-Do-No-Track-Into-Chromes-Latest-Developer-Build-852453/?kc=EWKNLEDP09182012B


***

[essexboy]

Link for the IE security tool with a description .. http://www.geekstogo.com/

[CharleyO]

***

Thanks for the above post, essexboy !


***

[CharleyO]

***

Malwarebytes Takes First Step Toward Enterprise With New Offering

An anti-malware vendor widely known for its consumer appeal has launched business-class edition aimed at a wide variety of vertical markets as well as government and education.

 San Jose-based Malwarebytes has rolled out its new Malwarebytes Enterprise Edition, which offers centrally-managed threat protection and malware remediation that runs on top of existing security infrastructures, including anti-virus. The product is designed to work in both physical and virtualized environments.

 The product leverages the experience gained from the extremely popular Malwarebytes Anti-Malware product, which has been used by over 150 million people worldwide to block or remove over five billion pieces of malware. The enterprise edition is aimed at protecting companies of all sizes from the threats posed by cutting-edge malware such as zero-day, polymorphic and blended malware threats that can evade traditional enterprise anti-virus solutions.

Read more at :
http://www.crn.com/news/security/240007415/malwarebytes-takes-first-step-toward-enterprise-with-new-offering.htm?cid=nl_sec&elqTrack=true


***

[polonus]

An easier way to exploit the new IE zero day is using an additional vulnerable  java.dll.
Therefore again users are more secure without java on their computers.
Until you absolutely need java to run some critical service,
then use the latest updated & patched java software version (for online banking etc.),
Whenever you do not need java,
then here is another valid reason to uninstall java alltogether,

polonus

[essexboy]

The current IE exploit only works on these systems by exploiting another flaw in older versions of Java 6. If you have Vista or Windows 7 the best mitigation is to be sure Java is up-to-date, or uninstall it if not needed.

More details on the IE exploit

[polonus]

A fix for the new 0-day IE exploit is being prepared and will reach us within a couple of days, according to Microsoft Security Response Center: http://blogs.technet.com/b/msrc/archive/2012/09/18/additional-information-about-internet-explorer-and-security-advisory-2757760.aspx
link article author: Yunsun Wee, Director, Trustworthy Computing

polonus