SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Security Advisory: Upcoming Revocation of Adobe code signing certificate
http://www.adobe.com/support/security/advisories/apsa12-01.html
http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html

[mchain]

New ExploitShield app says it will protect against unknown zero-day exploits; freeware for consumers and non-profits.  Corporate versions still under development.

Still in beta.

http://download.cnet.com/8301-2007_4-57521983-12/exploitshield-appears-to-live-up-to-its-name/

Possibly new category of antimalware protection.  (Anti-exploit.)

 

[CharleyO]

***

Facebook's Next Privacy Issue & How To Opt Out

In what is likely to become the next privacy controversy for Facebook, the social-media giant is working with a big-data firm to correlate off-line purchases with ad views on Facebook.

And, surprise, opting out is trickier than Facebook’s typically difficult procedures.

The advocacy group Electronic Frontier Foundation report didn't make clear how long Facebook has had access to the data, which will help Facebook understand how ads on the social network impact real-world purchases. Being able to do so would make the social network more popular with advertisers.

Read more, including how to Opt Out, at:
http://www.readwriteweb.com/archives/heres-how-to-opt-out-of-one-of-facebooks-biggest-privacy-intrusions.php


***

[CharleyO]

***

In cyberattacks, hacking humans is highly effective way to access systems

The e-mails arrived like poison darts from cyberspace.

Some went to the Chertoff Group, a national security consulting firm in Washington. Others targeted intelligence contractors, gas pipeline executives and industrial-control security specialists. Each note came with the personal touches of a friend or colleague.

“Attach[ed] is a quote for the Social Media training we discussed,” said one message sent on July 3 to the vice president of EnergySec, a federally funded group in Oregon that focuses on the cybersecurity of the nation’s power grid.

But like much of the digital universe, the e-mails were not what they seemed. They were cyberweapons, part of a devastating kind of attack known as “social engineering.” Emerging details about the e-mails show how social engineering — long favored by con artists, identity thieves and spammers — has become one of the leading threats to government and corporate networks in cyberspace.

Read much more at :
http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html


***

[CharleyO]

***

Real spam email to malware site appears to come from the LinkedIn site.

An example is below.

From:  LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM

LinkedIn
REMINDERS

Invitation reminders:
•   From linkedin.com  (a person's name here)

 

PENDING MESSAGES

• There are a total of 1 messages awaiting your response. Visit your InBox.
 

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.

The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.

All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.


***

[bob3160]

***

Real spam email to malware site appears to come from the LinkedIn site.

An example is below.

From:  LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM

LinkedIn[/b]
REMINDERS

Invitation reminders:
•   From linkedin.com  (a person's name here)

 

PENDING MESSAGES

• There are a total of 1 messages awaiting your response. Visit your InBox.
 

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.

The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.

All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.


***

If you're using Gmail, these messages are automatically placed in the spam folder.

[MikeBCda]

Generally I lump these in with the "warnings" about account problems from banks I've never done business with, or supposed failed-delivery notices from UPS and the like.  Other than the odd forum here and there, I'm not a registered member of any social or business organization on the net (other than my ISP and Yahoo, that is), so I know without doubt such mail is just garbage.

[Omid Farhang]

If you're using Gmail, these messages are automatically placed in the spam folder.

True, and a better idea is no matter email is suspect or not, just don't click links you receive in there, if you got an email from LinkedIn, just head directly to LinkedIn website to see if you really have a message or not rather than clicking links in the email, same for facebook etc.

[bob3160]

Miley Cyrus Fans, be careful, and stay safe.


"A Facebook post made to resemble a breaking news announcement about a Miley Cyrus sex tape brings tagjacking back into the social scam spotlight."

[CharleyO]

***

***

Real spam email to malware site appears to come from the LinkedIn site.

An example is below.

From:  LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM

LinkedIn[/b]
REMINDERS

Invitation reminders:
•   From linkedin.com  (a person's name here)

 

PENDING MESSAGES

• There are a total of 1 messages awaiting your response. Visit your InBox.
 

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.

The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.

All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.


***

If you're using Gmail, these messages are automatically placed in the spam folder.

It does not matter what email spam filter you are using be it what Gmail uses, what any other email program uses, or those who use independent email spam filters. Not everyone uses Gmail, thankfully, because there are better email services, IMHO. And, having a variety of email services is good for the business just as it is good to have more than one OS company, more than one CPU maker, more than one browser producer, more than one AV company, etc.

In my own email service, I have the spam filter set at medium so that it does not block some things I want to receive that would otherwise be blocked by the high setting. I like the ability to decide what email I want or do not want.

This one slipped through and I'm glad it did. This way, I could investigate it, warn LinkedIn about it as it could have come from a compromised LinkedIn account, and finally, warn others who are LinkedIn members who are either on this forum as members or as visitors. Not eveyone who visits this forum, Bob, are Avast users ... nor are all of them Gmail users and probably do not want to be.

By the way, what I sent to LinkedIn was the complete email without the obvious changes I made in my post here and I have already gotten a thank you from LinkedIn for notifying them about the problem account.


***

[CharleyO]

***

Team GhostShell Exposes 120,000 Records From Universities - Dark Reading

Calculated attacks turn up hundreds of thousands of vulnerable records at 100 universities across the globe, hacker group says

The hacktivist group TeamGhostShell says it has embarked on a new campaign to expose data and vulnerabilities at 100 of the top universities around the world.

 In a posting on Pastebin Monday, TeamGhostShell released some 120,000 records from universities such as Oxford and Harvard. The campaign, which the group has dubbed "Project WestWind," has revealed vulnerabilities in university systems that could put hundreds of thousands more records at risk, the group says.

Read more at :
http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240008262/team-ghostshell-exposes-120-000-records-from-universities.html


***

[CharleyO]

***

DSL modem hack used to infect millions with banking fraud malware


Even when PCs are locked down, modems and routers can still be compromised.

Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.

The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

See & read more at :
http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/


***

[CharleyO]

***

New Android Malware Is A Burglar's Best Friend

PlaceRaider, an experimental smartphone trojan designed by Indiana University and the U.S. Navy, hijacks a user's phone to make detailed 3D models of their bedrooms and offices.

Newly released malware PlaceRaider sounds like science fiction: It's Android malware designed to build 3-D models of users' apartments for burglars and assassins. But PlaceRaider--developed by a team at Indiana University--is very real. The new malware was built as an academic exercise, and it exposes security flaws that government agencies would love to use. More importantly, it also exposes unintended mobile functionality that large companies like Google could easily monetize.

PlaceRaider, which was summarized in a recent arXiv paper, is a piece of “visual malware” which  smartphone cameras, accelerometers, and gyroscopes, to reconstruct victims' rooms and offices. The trojan runs in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone. PlaceRaider also, of course, mutes the phone's shutter sound.

Read more at :
http://www.fastcompany.com/3001699/new-android-malware-burglars-best-friend


***

[CharleyO]

***

Spam Email With Malware Attached

This one was blocked for me but be aware if you receive one

From:  EarthLink Support <support@earthlink.net>
To: charleyo3@cccccccccc
Subject: EarthLink Virus Blocker Alert: Message from "American Airlines" <sign-ids793@aa.com> Quarantined
Date: Oct 4, 2012 10:49 PM**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************

MESSAGE QUARANTINED

Virus Detected: CMU-201209-1348558767

Message Details:
From: "American Airlines" <sign-ids793@aa.com>
Subject: Your ticket
Date: Thu,  4 Oct 2012 23:41:37 -0300 (BRT)

For your protection, EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus.

Note: We do not recommend that you view a message that has a virus attached, even if you have up-to-date antivirus software. However, if you choose to view it anyway, you can: Sign in to Web Mail (https://webmail.earthlink.net), then click the Virus Blocker folder on the left.

Sincerely,

EarthLink Support

By the way, I have never flown on AA.


***

[CharleyO]

***

Government Agencies Get Creative In APT Battle

Strapped for cash and feeling pinched by the increase in targeted attacks, some federal agencies are coming up with their own solutions for better protecting their information

SANS National Cybersecurity Conference -- BALTIMORE, MD. -- A handful of security professionals at the U.S. Department of Energy's laboratories were getting weary of trying to repel advanced persistent threat (APT)-type attacks and keep up with the latest threats. So they decided to roll their own tool to automate intelligence-sharing among the agency's national labs and scores of smaller labs.

 "A couple of us were basically tired of losing [the race to keep up with new threat intelligence], so we decided we were going to do something about it. We were tired of getting together in little rooms" to share information, said Matt Myrick, senior cybersecurity engineer at DOE's Lawrence Livermore Laboratory, in a presentation here today. So Myrick and a handful of colleagues from Sandia Labs, Los Alamos Labs, and DOE's Pantex plant wrote a Python-based tool to block malicious websites, hashes, spear-phishing attacks. The so-called Master Block List (MBL) runs on an Apache server and can be integrated with any application to share real-time threat data.

Read more at :
http://www.darkreading.com/threat-intelligence/167901121/security/news/240008438/government-agencies-get-creative-in-apt-battle.html


***