SECURITY WARNINGS & Notices - Please post them here

[CharleyO]

***

Of course, that is true for you, me, and many others on this forum. But, we often get new computer users on this forum everyday.

The truth is, though, that not everyone uses MS auto-updates and also have no idea about such critical updates that they seriously need to do. And, those not using auto-updates rarely check for updates often enough.

Hence, my making the post to hopefully inform the unaware and the hope they will heed the serious need for this update.


***

[CharleyO]

***

17 Heavy Hitters On Apple's Security Team

Little is known about Apple's security team, and that's just the way Apple wants it. The company allows some of its security people to attend industry conferences and events, but they tend to keep a very low profile. Scanning LinkedIn provides a glimpse of the staff members and their roles, and following are 17 examples, many of whom you've probably never heard of before, and some of which appear to be pseudonyms.

Read much more at :
http://www.crn.com/news/security/240007794/17-heavy-hitters-on-apples-security-team.htm?cid=nl_vi&elqTrack=true


***

[polonus]

Elevated risk of Joomla and WordPress attacks, patch, update and upgrade: http://www.us-cert.gov/current/#increase_exploitation_in_web_content
Owners of CMS are being warned! Watch those logs and dorks....

polonus

[polonus]

Yet another Java zero day and 50 additional bugs found up. Yes a complete other  one than last patched.
The question could be: "Is Oracle running Java into the ground?"
One Billion Users Affected!
Read here: http://news.softpedia.com/news/One-Billion-Users-Affected-by-Java-Security-Sandbox-Bypass-Vulnerability-Experts-Say-294629.shtml
The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.
If you do not need Java on your comp, then uninstall....

polonus

[Pondus]

PIN analysis

“All credit card PIN numbers in the World leaked”   
http://www.datagenetics.com/blog/september32012/index.html

[MikeBCda]

PIN analysis

“All credit card PIN numbers in the World leaked”   
http://www.datagenetics.com/blog/september32012/index.html

Fascinating article, thanks.  I emailed them asking if there was any way I could look up the ranking of a specific PIN ... I simply memorized the one my bank originally assigned me, and because it's (apparently) non-obvious, I've come to use the same PIN for other similar purposes, e.g., my Bell calling card.  Naturally I'm curious to see where it ranks on their list.

[CharleyO]

***

Iran Denies Claims Of DoS Attack Against U.S. Banks

The head of the Iran's Civil Defense Organization has denied reports that his country has launched a series of denial-of-service attacks against U.S.-based banks. Gholam Reza Jalali told Fars News Agency (FNA), an Iranian news service, that the reports are part of a Western plot to establish justification for their own actions against Iran in cyberspace.

 According to reports from a number of Western media, including NBC News, Reuters and the Chicago Tribune, a sporadic series of attacks against Bank of America, JPMorgan Chase and Citigroup have been underway since late 2011 and have occasionally caused minor interruptions of service. NBC News claims it has spoken with national security sources who tie these attacks to the Iranian government as a reaction to economic sanctions against Iran.

Read more at :
http://www.crn.com/news/security/240007869/iran-denies-claims-of-dos-attack-against-u-s-banks.htm?cid=nl_sec&elqTrack=true


***

[CharleyO]

***

Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

The attack comes as U.S. policymakers remain gridlocked over legislation designed to beef up the cybersecurity posture of energy companies and other industries that maintain some of the world’s most vital information networks.

Read much more at :
http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/


***

[CharleyO]

***

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

We consider this vulnerability to be critical.

Read more at :
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php


***

[CharleyO]

***

Data breach at IEEE.org: 100k plaintext passwords.

Using the data to gain insights into the engineering and scientific community

IEEE suffered a data breach which I discovered on September 18 (UPDATE: the breach is now confirmed). For a few days I was uncertain what to do with the information and the data. On September 24, I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100,000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else

See & read more at :
http://ieeelog.com/


***

[CharleyO]

***

Vandals break into congressman's office, install Linux on PCs

A US congressmen has been left incensed after miscreants installed Linux on computers at his campaign office, possibly thrashing some data in the process. Michael Grimm, a Republican who represents a district in New York covering Staten Island and parts of Brooklyn, has slammed the weekend break-in to his offices on as a "politically motivated" crime against the democratic process.

"Whoever did this, the people responsible are very ignorant [sic], and they don't understand that this is not just an attack against me or my campaign," Grimm told the Staten Island Advance. "This is an attack against a federal campaign office, which is an attack on our democracy as a whole. It's an attack against what we stand for, for free elections."

Read more at :
http://www.theregister.co.uk/2012/09/26/vandals_install_linux_on_congressman_office_computers/


***

[CharleyO]

***

FBI Warns Of Scams Targeting Financial Industry

Criminals are using phishing e-mails, keystroke loggers, and Remote Access Trojans to steal financial employee login credentials

The financial industry is being hit by a spate of cyberattacks designed to steal employee login credentials, government and industry officials warned last week.

 A joint alert (PDF) issued by the FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (IC3) states that criminals are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials.

Read more at :
http://www.darkreading.com/insider-threat/167801100/security/news/240007804/fbi-warns-of-scams-targeting-financial-industry.html


***

[CharleyO]

***

Another Critical Security Flaw In Java Appears Before Oracle Has Even Resolved The Last One

On Tuesday, security researchers at the Polish firm Security Explorations revealed another critical security flaw in Java that affects users of every browser that runs the plugin, including Chrome, Firefox, Safari and Internet Explorer, allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. And unlike the bug in Java 7 that was actively exploited by hackers to install malware on users’ machines until it was patched at the end of last month–also first spotted by Security Explorations four months earlier–this security flaw also affects older versions of Java including Java 5 and Java 6. That means more than a billion users are affected, according to Oracle’s count of desktop computers running the software.

Read more at :
http://www.forbes.com/sites/andygreenberg/2012/09/25/another-critical-security-flaw-in-java-appears-before-oracle-has-even-resolved-the-last-one/


***

[CharleyO]

***

Espionage Hackers Target ‘Watering Hole’ Sites

Security experts are accustomed to direct attacks, but some of today’s more insidious incursions succeed in a roundabout way — by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called “watering hole” tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities sectors.

Some of the earliest details of this trend came in late July 2012 from RSA FirstWatch, which warned of an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attacker believes will be visited by end users who belong to the organization they wish to penetrate.

Read more at :
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-sites/

And related to the above, please read :
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240007959/vast-cyberespionage-campaign-brazen-in-its-approach.html?nomobile=1


***

[CharleyO]

***

Security Firm Identifies Top Words Used in Spear-Phishing Attacks

Time and time again, social engineering has shown itself to be one of the most effective tactics attackers use to defeat enterprise security.

In a new research paper, security firm FireEye has identified the most common social engineering techniques used in spear-phishing attacks targeting enterprises. In an analysis of the threat landscape last month, Symantec reported the global phishing rate in August increased slightly to roughly one in 312.9 emails that contained some sort of phishing attack.

Read more at :
http://www.eweek.com/security/security-firm-identifies-top-words-used-in-spear-phishing-attacks/?kc=EWKNLEDP09272012B


***